Jump to content

kmengarelli

Members
  • Posts

    17
  • Joined

  • Last visited

Everything posted by kmengarelli

  1. maybe it is okay, here is the log from a malwarebytes scan. Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 6/12/2014Scan Time: 12:11:53 PMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.06.12.08Rootkit Database: v2014.06.02.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: kmengarelli Scan Type: Threat ScanResult: CompletedObjects Scanned: 395209Time Elapsed: 16 min, 44 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)
  2. I don't think we got it all cleaned up because when I open a new tab I get the following "google" page https://www.dropbox.com/s/rjr84juwlej490u/Screenshot%202014-06-12%2012.09.43.png There is nothing in the address bar and it doesn't match the actual google page if I type in the actual google page in the address bar. Kris
  3. Results of screen317's Security Check version 0.99.84 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Sophos Anti-Virus WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 6 Update 35 Java 7 Update 25 Java version out of Date! Adobe Flash Player 13.0.0.214 Adobe Reader XI Mozilla Firefox (28.0) Google Chrome 34.0.1847.137 Google Chrome 35.0.1916.114 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Sophos Sophos Anti-Virus SavService.exe Sophos Sophos Anti-Virus SAVAdminService.exe Sophos Sophos Anti-Virus Web Intelligence swi_service.exe Malwarebytes Anti-Malware mbamscheduler.exe kmengarelli Desktop malwarebytes help SecurityCheck.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  4. I didn't really notice much in the way of issues before, just Malwarebytes finding mysearchdial. I would say that the browser is working better and it isn't opening mysearchdial as the search page. What else should I look for to know that I got it cleaned up? Thank You! for your help.
  5. Getting user folders. Stopping running processes. Emptying Temp folders. User: Administrator ->Temp folder emptied: 129346349 bytes ->Temporary Internet Files folder emptied: 185874205 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 52034878 bytes ->Google Chrome cache emptied: 39919864 bytes ->Flash cache emptied: 57969 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 57311 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: kmengarelli ->Temp folder emptied: 3861793662 bytes ->Temporary Internet Files folder emptied: 494086001 bytes ->Java cache emptied: 10826835 bytes ->FireFox cache emptied: 52426869 bytes ->Google Chrome cache emptied: 245962278 bytes ->Flash cache emptied: 74572 bytes User: phslib ->Temp folder emptied: 1637479 bytes ->Temporary Internet Files folder emptied: 5552418 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 7677177 bytes ->Flash cache emptied: 56504 bytes User: Public User: USD No. 250 ->Temp folder emptied: 107924 bytes ->Temporary Internet Files folder emptied: 87455 bytes ->Google Chrome cache emptied: 819568 bytes ->Flash cache emptied: 56475 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 3229552 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1977375817 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 761 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67758 bytes Emptying RecycleBin. Do not interrupt. RecycleBin emptied: 10891199 bytes Process complete! Total Files Cleaned = 6,752.00 mb
  6. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-06-2014 01 Ran by kmengarelli at 2014-06-11 20:58:38 Run:1 Running from C:\Users\kmengarelli\Desktop\malwarebytes help Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearc...r=531881053&ir= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearc...r=531881053&ir= SearchScopes: HKLM-x32 - DefaultScope value is missing. ***************** HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. 'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully. 'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found. 'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}' => Key deleted successfully. 'HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}'=> Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. ==== End of Fixlog ====
  7. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 01 Ran by kmengarelli at 2014-06-11 20:40:38 Running from C:\Users\kmengarelli\Desktop\malwarebytes help Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Sophos Anti-Virus (Enabled - Out of date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Sophos Anti-Virus (Enabled - Out of date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337} ==================== Installed Programs ====================== Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Creative Suite 4 Design Premium (HKLM-x32\...\Adobe_55230b0b70661df0f212e88f0b655f7) (Version: 4.0 - Adobe Systems Incorporated) Adobe Creative Suite 4 Design Premium (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Fireworks CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Media Encoder CS4 Importer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden AppInventor Setup (HKLM-x32\...\AppInventor Setup) (Version: 1.1 - Google Inc.) Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) BirdBrain Technologies Snap (HKLM-x32\...\{45A8FCE4-4553-4FE9-9EBA-99F3286E01E4}) (Version: 0.2.0 - BirdBrain Technologies LLC) BisonCam Twain Pro (HKLM-x32\...\{F2672232-FF17-4DC9-8F24-A1E1829FE086}) (Version: 1.5.4.7 - Bison WebCam Ap) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2200 - Broadcom Corporation) Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.48.0 - Conexant) Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.) Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited) CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft) Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - ) Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Extreme Collaboration AddOn (beta) 1.1.27 (HKLM-x32\...\{F92CDDDC-99F7-4CF2-829B-D4C98617F254}_is1) (Version: 1.1.27 - Freiland Netzlösungen GmbH) Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0981 - Ezvid, inc.) File Extractor Packages (HKCU\...\File Extractor Packages) (Version: - ) <==== ATTENTION Fingerprint Reader (HKLM\...\{7DD99174-299B-4450-A179-7F27F4C2D042}) (Version: 6.0.200.105 - AuthenTec, Inc.) GeoGebra 4 (HKCU\...\GeoGebra 4) (Version: - International GeoGebra Institute) GeoGebra 4.4 (HKLM-x32\...\GeoGebra 4.4) (Version: 4.4.11.0 - International GeoGebra Institute) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.) Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.) Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden GoToMeeting 5.5.0.1132 (HKCU\...\GoToMeeting) (Version: 5.5.0.1132 - CitrixOnline) HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{7D220A57-969F-4D09-9297-D48195A8ABDD}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard) iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH) Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation) Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation) Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3190 - Intel Corporation) Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.6.1.0536 - Intel Corporation) Hidden Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{A10B1524-63B5-40F2-B272-D841CF671C16}) (Version: 2.2.0.0266 - Intel Corporation) Intel® PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0167 - Intel Corporation) Hidden Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation) Intel® WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation) Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.) Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle) Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle) Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden Java 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.350 - Oracle) Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.10 - ) Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.9.0 - Lenovo) Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited) Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - ) Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.) Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited) Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - ) Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo) Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo) Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo) Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Mathematics (64-bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation) Microsoft Mathematics Add-in (32-bit) (HKLM-x32\...\{E2C98732-F973-4985-A9C5-DC06178E16EE}) (Version: 2.0.040811.01 - Microsoft Corporation) Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Standard 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.3.0215.0 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2006.0314 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility) Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC) MouseServer version 1.5.0.0 (HKLM-x32\...\{E13018F5-FFC7-4729-9C1B-1A85807D03E6}_is1) (Version: 1.5.0.0 - Necta Co.) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) NBC Learn Offline Player (HKLM-x32\...\com.nbcuni.aodplayer.38154C9B00B8386E5872F08BE16716F44323C112.1) (Version: 3.03 - NBC Universal) NBC Learn Offline Player (x32 Version: 3.03 - NBC Universal) Hidden On Screen Display (HKLM\...\OnScreenDisplay) (Version: 7.12.27 - ) OneClickRoot (HKLM-x32\...\OneClickRoot) (Version: 1.0 - OneClickRoot) OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.) Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden Planbook (HKLM-x32\...\{87EA1B44-0FB0-4EE9-A153-0D3BD026337E}) (Version: 4.00.051 - Hellmansoft) Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.64.4 - Lenovo Group Limited) Presto 1.0.319.0 (HKLM\...\{D65F74D9-5FD6-42E5-BE65-474AF84A5591}_is1) (Version: 1.0.319.0 - Collobos Software) PrintKit (HKLM\...\{41CCC6A9-EB5F-482C-AAB5-38849B7143EE}) (Version: 1.0.319.0 - Collobos Software) Publishly (HKLM-x32\...\Publishly) (Version: 1.0 - The Pretendery) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.) Reflection (HKLM-x32\...\{63D5463D-0FED-4E4E-846A-CCB3245A2F28}) (Version: 1.2.1 - Squirrels) Reflector (HKLM\...\{F9C41F10-A70A-4717-8E86-19A4179FE689}) (Version: 1.2.3 - Squirrels) Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - ) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH) SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.) SAMSUNG USB Driver for Mobile Phones V5.16.0.0 (HKLM-x32\...\{C0C1D2BC-72FE-4F77-A2F9-CD10D5AA8F93}) (Version: 1.2.2200.0 - SAMSUNG Electronics CO., LTD.) SamsungSimpleDownloaderTool for SPH-D710 (HKLM-x32\...\InstallShield_{8C9EBE06-8BA2-4AEB-BFD8-6614072FE75F}) (Version: 1.0.047 - Samsung Electronics) SamsungSimpleDownloaderTool for SPH-D710 (x32 Version: 1.0.047 - Samsung Electronics) Hidden Scratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden SMART Common Files (HKLM-x32\...\{26A95DBF-A866-4838-A8C9-FA219FCBD22E}) (Version: 11.5.159.0 - SMART Technologies ULC) SMART Ink (HKLM-x32\...\{5ABC49B5-D0DC-428D-A082-4AEFF6490F04}) (Version: 2.0.723.0 - SMART Technologies ULC) SMART Notebook (HKLM-x32\...\{79660EE7-9C0B-4962-B566-2693FE34719D}) (Version: 11.4.564.0 - SMART Technologies ULC) SMART Notebook Gallery 2.0 Beta (HKLM-x32\...\{8FA9260A-062C-4F52-B2B2-08F4CE73CBB3}) (Version: 2.0.141.0 - SMART Technologies) SMART Product Drivers (HKLM-x32\...\{53330A17-78DE-458E-9997-292A2D6D3ADD}) (Version: 11.4.872.1 - SMART Technologies ULC) Songsmith (HKLM-x32\...\{30906093-42C6-4968-AEDD-B915972CF0DB}) (Version: 12.08.2700 - Microsoft Research) Sophos Anti-Virus (HKLM-x32\...\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}) (Version: 10.2.7 - Sophos Limited) Sophos AutoUpdate (HKLM-x32\...\{15C418EB-7675-42be-B2B3-281952DA014D}) (Version: 2.9.0.344 - Sophos Limited) Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.) Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.5.8.4 - Splashtop Inc.) Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2200 - Broadcom Corporation) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.0.0 - ) ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo) ThinkVantage Access Connections (HKLM-x32\...\{9C551D9B-5D36-46A2-9414-F658D934B129}) (Version: 5.93 - Lenovo) ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo) ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo) ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARD_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARD_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARD_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.3.64 - VeriSign) VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN) Windows Driver Package - Intel (iaStor) hdc (11/06/2010 10.1.0.1008) (HKLM\...\73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12) (Version: 11/06/2010 10.1.0.1008 - Intel) Windows Driver Package - Lenovo 1.64.00.00 (07/28/2011 1.64.00.00) (HKLM\...\01E3B64834B04ABAC85D8E1D3EBDC567D83AD29B) (Version: 07/28/2011 1.64.00.00 - Lenovo) Windows Driver Package - Realtek (RTL8167) Net (12/29/2010 7.037.1229.2010) (HKLM\...\828B05D2B647CDAEA22493F7BFB96847265EE596) (Version: 12/29/2010 7.037.1229.2010 - Realtek) Windows Driver Package - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics) Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 07-05-2014 01:26:50 Device Driver Package Install: Google, Inc. SAMSUNG Android Phone 07-05-2014 01:36:35 Installed SamsungSimpleDownloaderTool for SPH-D710 04-06-2014 02:20:12 Installed Motorola Device Manager 06-06-2014 18:31:18 Windows Update 12-06-2014 00:38:16 before malware fix ==================== Hosts content: ========================== 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {083E6C5A-B97C-489B-B795-CDB992B40380} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {0866F271-C42F-4F66-A4FA-DF3E7BCE6C2F} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft) Task: {0FEE389C-4C8A-49E5-AA4A-42ADD803E018} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-03-07] (Lenovo Group Limited) Task: {215C8BB4-AA95-4F94-9B38-406CC720DF09} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)" Task: {5649AA3C-6C74-498F-9F1D-734D1F02499C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26] (Google Inc.) Task: {670D78CD-D01B-45E8-907B-C0285B9F9704} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510Core => C:\Users\kmengarelli\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-01] (Google Inc.) Task: {6B6CF214-BC27-44F1-AA76-F7AF5F9FB33F} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] () Task: {72B3D271-C6EF-4FA8-98EA-5726D7722F51} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] () Task: {77F50C04-4ADA-4B56-9DB1-E02FE55336AD} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] () Task: {89C573F3-FA78-41B5-832A-FB1EA3BF1A99} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {95A44E88-C9C9-40ED-BFF7-4C462D4D43C1} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe Task: {96C46302-7E7E-4D03-909B-DB1A1616C97C} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo) Task: {99AD77A1-2C53-47DE-8105-B19F4CAE2905} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510UA => C:\Users\kmengarelli\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-01] (Google Inc.) Task: {B9A7D700-5323-41CD-9C74-CB3BE1FBA6E0} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] () Task: {BCFC2974-7AA2-4228-80FA-DF6B7E60BB6E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {BF442980-691B-43B6-A6CB-E7570B446A50} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] () Task: {C2DF1B3B-04BC-4C98-AAD3-D62626C80130} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-05-06] () Task: {CD6D1CB7-93C7-402C-A840-5D9ACCA85817} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo) Task: {D6996255-6DBA-4AB8-9B25-7C77B90C32D4} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] () Task: {D94C961F-4FD7-48F0-B8A4-15D7B9D7B8FD} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo) Task: {E99A7816-C486-490D-89F6-77C66CE08C8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26] (Google Inc.) Task: {FA1B8EB2-6669-4048-942B-3D312BE0F3AE} - System32\Tasks\New scan => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2012-09-21] (Sophos Limited) Task: {FB769969-7E67-460B-AE82-6A18DECF40ED} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {FBCBD813-DE95-4C98-8C3B-45175E8FF94C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated) Task: {FD6C5330-3F9B-4C89-B98A-F3DB33D0D478} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510Core.job => C:\Users\kmengarelli\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510UA.job => C:\Users\kmengarelli\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\New scan.job => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-07 20:34 - 2012-10-04 19:49 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll 2013-09-10 11:15 - 2013-09-10 11:15 - 01575936 _____ () C:\Program Files\PrintKit\libcups2.dll 2013-08-07 03:03 - 2013-08-07 03:03 - 01130792 _____ () C:\Program Files\Lenovo Fingerprint Reader\DataManager.dll 2013-08-07 03:04 - 2013-08-07 03:04 - 00087848 _____ () C:\Program Files\Lenovo Fingerprint Reader\ssutil.dll 2013-04-03 09:59 - 2010-10-26 12:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe 2012-02-26 20:06 - 2011-08-19 00:20 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-02-26 20:08 - 2014-03-07 06:04 - 00104448 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL 2014-03-14 17:47 - 2014-03-14 17:47 - 00092504 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-09-05 15:12 - 2011-08-02 20:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll 2013-09-05 15:12 - 2011-08-02 20:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll 2012-02-06 03:50 - 2012-02-06 03:50 - 02402304 _____ () C:\Program Files (x86)\SAMSUNG\Intelli-studio\Filters\HTH264VD.dll 2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll 2012-02-26 20:09 - 2010-04-06 12:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll 2012-02-26 20:09 - 2010-04-06 12:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll 2014-06-11 20:11 - 2014-06-11 20:11 - 00043008 _____ () C:\Users\kmengarelli\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpasvdvd.dll 2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\kmengarelli\AppData\Roaming\Dropbox\bin\libcef.dll 2013-08-22 19:43 - 2013-08-22 19:43 - 00272688 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK.node 2013-08-22 19:44 - 2013-08-22 19:44 - 00039216 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\HWR.node 2013-08-22 19:44 - 2013-08-22 19:44 - 00053040 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SWR.node 2013-08-22 19:44 - 2013-08-22 19:44 - 00057648 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\MWR.node 2013-08-22 19:44 - 2013-08-22 19:44 - 00014848 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SessionNotification.node 2014-06-11 20:09 - 2014-06-11 20:09 - 00098816 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32api.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00110080 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\PyWinTypes27.dll 2014-06-11 20:09 - 2014-06-11 20:09 - 00364544 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\pythoncom27.dll 2014-06-11 20:09 - 2014-06-11 20:09 - 00045568 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\_socket.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 01159680 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\_ssl.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00320512 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32com.shell.shell.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00713216 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\_hashlib.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 01175040 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\wx._core_.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00805888 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\wx._gdi_.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00811008 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\wx._windows_.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 01062400 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\wx._controls_.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00735232 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\wx._misc_.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00128512 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\_elementtree.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00127488 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\pyexpat.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00557056 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\pysqlite2._sqlite.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00087552 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\_ctypes.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00119808 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32file.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00108544 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32security.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00018432 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32event.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00038912 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32inet.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00070656 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\wx._html2.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00167936 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32gui.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00011264 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32crypt.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00027136 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\_multiprocessing.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00122368 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\wx._wizard.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00010240 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\select.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00024064 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32pipe.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00686080 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\unicodedata.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00025600 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32pdh.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00525640 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\windows._lib_cacheinvalidation.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00035840 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32process.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00017408 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32profile.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00022528 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32ts.pyd 2014-06-11 20:09 - 2014-06-11 20:09 - 00078336 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\wx._animate.pyd 2014-03-31 16:26 - 2013-05-14 06:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll 2014-05-21 23:02 - 2014-05-13 18:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll 2014-05-21 23:02 - 2014-05-13 18:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll 2014-05-21 23:02 - 2014-05-13 18:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll 2014-05-21 23:02 - 2014-05-13 18:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll 2014-05-21 23:02 - 2014-05-13 18:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BLEServicesCtrl => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Lenovo Registration => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot MSCONFIG\startupreg: PWMTRV => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor MSCONFIG\startupreg: Response Desktop Menu => "C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe" MSCONFIG\startupreg: sbsdk-server => "C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe" MSCONFIG\startupreg: SkyDrive => "C:\Users\kmengarelli\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background MSCONFIG\startupreg: SMART Board Service => "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe" -d MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==================== Faulty Device Manager Devices ============= Name: SMART Virtual TabletPC Description: SMART Virtual TabletPC Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: SMART Technologies ULC Service: SMARTVTabletPCx64 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: SMART Virtual TabletPC Description: SMART Virtual TabletPC Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: SMART Technologies ULC Service: SMARTVTabletPCx64 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft Virtual WiFi Miniport Adapter #3 Description: Microsoft Virtual WiFi Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft Virtual WiFi Miniport Adapter #4 Description: Microsoft Virtual WiFi Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (06/11/2014 08:28:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: devmonsrv.exe, version: 2.2.0.212, time stamp: 0x4fcc6a90 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xbc4 Faulting application start time: 0xdevmonsrv.exe0 Faulting application path: devmonsrv.exe1 Faulting module path: devmonsrv.exe2 Report Id: devmonsrv.exe3 System errors: ============= Error: (06/11/2014 08:28:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Bluetooth Device Monitor service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions: ========================= Error: (06/11/2014 08:28:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: devmonsrv.exe2.2.0.2124fcc6a90unknown0.0.0.000000000c000000500000000bc401cf85db64342105C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exeunknownd39df8cf-f1d0-11e3-83f4-b888e3350297 ==================== Memory info =========================== Percentage of memory in use: 68% Total physical RAM: 3688.15 MB Available physical RAM: 1172.77 MB Total Pagefile: 7374.48 MB Available Pagefile: 4148.73 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:448.67 GB) (Free:222.57 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (1991_PITT_ST_FOOTBALL_CHAMPIONSH) (CDROM) (Total:3.1 GB) (Free:0 GB) UDF Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.61 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 478F2F74) Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=449 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  8. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 01 Ran by kmengarelli (administrator) on PHS-KMENGARELLI on 11-06-2014 20:39:43 Running from C:\Users\kmengarelli\Desktop\malwarebytes help Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Collobos Software) C:\Program Files\PrintKit\printkitd.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Collobos Software) C:\Program Files\Presto\PrestoHelper.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe (Dropbox, Inc.) C:\Users\kmengarelli\AppData\Roaming\Dropbox\bin\Dropbox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Joyent, Inc) C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google) C:\Users\kmengarelli\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [297008 2014-01-28] (Lenovo Group Limited) HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited) HKLM\...\Run: [MSC] => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey HKLM\...\Run: [ResetACGauge] => C:\Program Files (x86)\Lenovo\Access Connections\smbhlpr.exe [147456 2014-03-14] (Lenovo) HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [bTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11586944 2012-06-18] (Motorola Solutions, Inc.) HKLM\...\Run: [] => [X] HKLM\...\Run: [bLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-05-31] (Intel Corporation) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3029744 2013-04-26] (Synaptics Incorporated) HKLM\...\Run: [PrestoHelper] => C:\Program Files\Presto\PrestoHelper.exe [3468800 2013-09-10] (Collobos Software) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-14] (Intel Corporation) HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-31] (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation) HKLM-x32\...\Run: [sMART Ink] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [147248 2014-02-11] (SMART Technologies) HKLM-x32\...\Run: [sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-01-11] (Sophos Limited) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [sMART Floating Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe [9024304 2013-11-20] (SMART Technologies ULC) HKLM-x32\...\Run: [sMARTNotification] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe [204592 2014-02-12] (SMART Technologies) HKLM-x32\...\Run: [sMART Tray Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe [744752 2014-02-12] (SMART Technologies) HKLM-x32\...\Run: [sMART Board Service] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [1933616 2014-02-12] (SMART Technologies) HKLM-x32\...\Run: [sbsdk-server] => C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62768 2013-08-22] (SMART Technologies) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) HKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google) HKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\Run: [Google Update] => C:\Users\kmengarelli\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-03-01] (Google Inc.) HKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\RunOnce: [uninstall C:\Users\kmengarelli\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\kmengarelli\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" HKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\RunOnce: [uninstall C:\Users\kmengarelli\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\kmengarelli\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" HKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\MountPoints2: {4680a533-d21c-11e3-af28-b888e3350297} - E:\setup.exe -a HKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\MountPoints2: {b75e3514-f0ca-11e2-ad3b-b888e3350297} - E:\iStudio.exe HKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\MountPoints2: {c068f0c6-60dc-11e1-ac10-806e6f6e6963} - Q:\LenovoQDrive.exe AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [218256 2012-09-21] (Sophos Limited) AppInit_DLLs-x32: c:\progra~2\sophos\sophos~1\sophos~1.dll => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [221840 2012-09-21] (Sophos Limited) Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) Startup: C:\Users\kmengarelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\kmengarelli\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\kmengarelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Presto.lnk ShortcutTarget: Presto.lnk -> C:\Program Files\Presto\Presto.exe (Collobos Software) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtAyDtDtBzyyBzyzztD0BtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0Ezz0BtCtDtGtDyDtB0AtGyE0EyD0EtGtB0DtA0CtGtB0DyE0EzztD0C0E0ByC0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByB0AtB0EtAzytG0F0CtCtDtGtC0CtC0BtG0F0B0BtAtGtC0EtDtBtByB0EyByCtA0B0C2Q&cr=531881053&ir= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtAyDtDtBzyyBzyzztD0BtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0Ezz0BtCtDtGtDyDtB0AtGyE0EyD0EtGtB0DtA0CtGtB0DyE0EzztD0C0E0ByC0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByB0AtB0EtAzytG0F0CtCtDtGtC0CtC0BtG0F0B0BtAtGtC0EtDtBtByB0EyByCtA0B0C2Q&cr=531881053&ir= SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Android\adt-bundle-windows-x86_64-20130729\adt-bundle-windows-x86_64-20130729\eclipse\jre\bin\ssv.dll (Oracle Corporation) BHO: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Android\adt-bundle-windows-x86_64-20130729\adt-bundle-windows-x86_64-20130729\eclipse\jre\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll (SMART Technologies ULC.) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited) Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited) Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited) Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited) Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited) Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited) Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited) Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited) Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited) Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited) Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited) Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited) Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited) Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited) Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited) Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited) Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited) Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited) Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 FireFox: ======== FF ProfilePath: C:\Users\kmengarelli\AppData\Roaming\Mozilla\Firefox\Profiles\9b71g888.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Android\adt-bundle-windows-x86_64-20130729\adt-bundle-windows-x86_64-20130729\eclipse\jre\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @emusic.com/eMusicPlugin DLM6 - C:\Program Files (x86)\eMusic Download Manager 6\npEMusic604.dll No File FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\kmengarelli\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\kmengarelli\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\kmengarelli\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\kmengarelli\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\kmengarelli\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\kmengarelli\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-23] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-12] FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\ FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ [] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-03] Chrome: ======= CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP CHR StartupUrls: "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll () CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (TrueSuite) - C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc) CHR Plugin: (Google Update) - C:\Users\kmengarelli\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File CHR Plugin: (Google Talk Plugin) - C:\Users\kmengarelli\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\kmengarelli\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\kmengarelli\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22] CHR Extension: (YouTube) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-23] CHR Extension: (GeoGebra) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2014-02-10] CHR Extension: (Google Search) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-23] CHR Extension: (Wolfram|Alpha (Official)) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2012-11-15] CHR Extension: (Save to Pocket) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-06-01] CHR Extension: (Google Wallet) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (Readability) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2013-05-15] CHR Extension: (Gmail) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-23] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\KMENGA~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-04-30] CHR HKLM-x32\...\Chrome\Extension: [clglhglbidpdbjffpfcldkifhdegdfle] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2013-04-01] ==================== Services (Whitelisted) ================= R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139944 2013-08-07] (AuthenTec, Inc) R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-05-31] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-05-31] (Intel Corporation) R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [198704 2014-01-28] (Lenovo Group Limited) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] () R2 PrintKit Service; C:\Program Files\PrintKit\printkitd.exe [4307224 2013-09-10] (Collobos Software) R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed] R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-01-11] (Sophos Limited) R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2012-09-21] (Sophos Limited) R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [538416 2014-02-12] (SMART Technologies) R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-01-11] (Sophos Limited) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] () R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-02-04] (Sophos Limited) S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2012-11-12] (Sophos Limited) R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401704 2013-07-22] (AuthenTec, Inc.) R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2011-12-05] (Symantec Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation) S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [X] S3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [X] ==================== Drivers (Whitelisted) ==================== S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [111104 2012-05-21] (Motorola Solutions, Inc.) S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [849408 2012-06-09] (Motorola Solutions, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-11] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation) S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.) R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2012-09-21] (Sophos Limited) R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2013-08-12] (SMART Technologies) R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2013-08-12] (SMART Technologies) S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2013-03-07] (SMART Technologies ULC) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-26] (Synaptics Incorporated) R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.) S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2011-08-25] (Sophos Plc) R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility) S3 5U877; system32\DRIVERS\5U877.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-11 19:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-06-11 19:43 - 2014-06-11 20:06 - 00000000 ____D () C:\AdwCleaner 2014-06-11 19:42 - 2014-06-11 20:17 - 00000000 ____D () C:\Windows\ERUNT 2014-06-11 19:42 - 2014-06-11 19:42 - 00000273 _____ () C:\DelFix.txt 2014-06-11 13:04 - 2014-06-11 13:04 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-06-11 13:03 - 2014-06-11 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fingerprint Reader 2014-06-10 16:35 - 2014-06-11 20:39 - 00000000 ____D () C:\FRST 2014-06-10 16:34 - 2014-06-11 20:39 - 00000000 ____D () C:\Users\kmengarelli\Desktop\malwarebytes help 2014-06-09 13:52 - 2014-06-09 13:52 - 00001676 _____ () C:\Users\kmengarelli\Desktop\1234.txt 2014-06-07 19:57 - 2014-06-07 19:57 - 00001675 _____ () C:\1234.txt 2014-06-06 13:58 - 2014-05-08 02:14 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-06 13:58 - 2014-05-08 01:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-06 13:58 - 2014-05-08 00:52 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-06 13:58 - 2014-05-08 00:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-06 13:58 - 2014-05-07 23:57 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-06 13:58 - 2014-05-07 23:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-06 13:31 - 2014-03-24 21:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-06-06 13:31 - 2014-03-24 21:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-06-06 13:30 - 2014-05-09 01:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-06 13:30 - 2014-05-09 01:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-06 13:30 - 2014-04-11 21:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-06-06 13:30 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-06-06 13:30 - 2014-04-11 21:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-06-06 13:30 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-06-06 13:30 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-06-06 13:30 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-06-06 13:30 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-06-06 13:30 - 2014-04-11 21:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-06-06 13:30 - 2014-04-11 21:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-06-06 13:30 - 2014-03-04 04:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-06-06 13:30 - 2014-03-04 04:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-06-06 13:30 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-06-06 13:30 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-06-06 13:30 - 2014-03-04 04:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-06-06 13:30 - 2014-03-04 04:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-06-06 13:30 - 2014-03-04 04:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-06-06 13:30 - 2014-03-04 04:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-06-06 13:30 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-06-06 13:30 - 2014-03-04 04:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-06-06 13:30 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-06-06 13:30 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-06-06 13:30 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-06-06 13:30 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-06-06 13:30 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-06-06 13:30 - 2014-03-04 04:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-06-06 13:30 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-06-06 13:30 - 2014-03-04 04:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-06-06 13:30 - 2014-03-04 04:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-06-06 13:30 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-06-06 13:30 - 2014-03-04 04:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-06-06 13:30 - 2014-03-04 04:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-06-06 13:30 - 2014-03-04 04:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-06-06 13:30 - 2014-03-04 04:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-06-06 13:30 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-06-06 13:30 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-06-06 13:30 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-06-06 13:30 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-06-06 13:30 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-06-06 13:30 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-06-06 13:30 - 2014-03-04 04:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-06-06 13:30 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-06-06 13:14 - 2014-06-06 13:14 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\LSC 2014-06-03 21:21 - 2014-06-03 21:21 - 00003498 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Update 2014-06-03 21:21 - 2014-06-03 21:21 - 00003480 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Engine 2014-06-03 21:21 - 2014-06-03 21:21 - 00003306 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Initial Update 2014-05-30 20:55 - 2014-05-30 20:55 - 00033382 _____ () C:\Users\kmengarelli\Desktop\functional-resume.ott 2014-05-29 10:39 - 2014-05-29 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-05-29 10:38 - 2014-05-29 10:38 - 00000000 ____D () C:\Program Files\iPod 2014-05-29 10:37 - 2014-05-29 10:39 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-05-29 10:37 - 2014-05-29 10:39 - 00000000 ____D () C:\Program Files\iTunes 2014-05-29 10:37 - 2014-05-29 10:39 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-05-23 10:57 - 2014-05-23 10:57 - 00007578 _____ () C:\Users\kmengarelli\Desktop\2014 Summer School.xlsx 2014-05-21 15:17 - 2014-05-21 15:25 - 00000000 ____D () C:\Users\kmengarelli\Desktop\Map Recommend Export 2014-05-21 12:41 - 2014-05-21 15:37 - 00017103 _____ () C:\Users\kmengarelli\Desktop\Mengarelli Map.xlsx 2014-05-15 08:26 - 2014-05-15 08:26 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\GeoGebra 4.4 ==================== One Month Modified Files and Folders ======= 2014-06-11 20:40 - 2012-07-23 14:41 - 00000000 ____D () C:\Users\kmengarelli\AppData\Local\Temp 2014-06-11 20:40 - 2012-02-26 20:17 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-11 20:39 - 2014-06-10 16:35 - 00000000 ____D () C:\FRST 2014-06-11 20:39 - 2014-06-10 16:34 - 00000000 ____D () C:\Users\kmengarelli\Desktop\malwarebytes help 2014-06-11 20:36 - 2012-02-26 19:57 - 01837575 _____ () C:\Windows\WindowsUpdate.log 2014-06-11 20:31 - 2014-04-15 13:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-11 20:20 - 2009-07-13 23:51 - 00146273 _____ () C:\Windows\setupact.log 2014-06-11 20:18 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-11 20:18 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-11 20:17 - 2014-06-11 19:42 - 00000000 ____D () C:\Windows\ERUNT 2014-06-11 20:14 - 2013-09-12 20:44 - 00000000 ____D () C:\ProgramData\PrintKit 2014-06-11 20:14 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-11 20:12 - 2012-09-20 10:28 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\Dropbox 2014-06-11 20:11 - 2014-05-06 19:12 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\DropboxMaster 2014-06-11 20:11 - 2012-12-02 21:40 - 00000000 ___RD () C:\Users\kmengarelli\Dropbox 2014-06-11 20:11 - 2012-07-25 22:09 - 00000000 ___RD () C:\Users\kmengarelli\Desktop\Google Drive 2014-06-11 20:10 - 2012-02-26 20:17 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-11 20:09 - 2014-05-05 20:59 - 00000000 ____D () C:\Temp 2014-06-11 20:09 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-11 20:08 - 2010-11-20 22:47 - 00749986 _____ () C:\Windows\PFRO.log 2014-06-11 20:06 - 2014-06-11 19:43 - 00000000 ____D () C:\AdwCleaner 2014-06-11 19:53 - 2012-05-02 08:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-11 19:47 - 2013-04-05 10:03 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510UA.job 2014-06-11 19:42 - 2014-06-11 19:42 - 00000273 _____ () C:\DelFix.txt 2014-06-11 17:47 - 2013-04-05 10:03 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510Core.job 2014-06-11 13:04 - 2014-06-11 13:04 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-06-11 13:03 - 2014-06-11 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fingerprint Reader 2014-06-11 09:51 - 2012-05-03 00:54 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl 2014-06-11 09:18 - 2012-07-27 14:06 - 00000000 ____D () C:\Users\kmengarelli\AppData\Local\Deployment 2014-06-11 09:17 - 2014-04-25 07:00 - 00001934 _____ () C:\Users\kmengarelli\.powerschool_gradebook.properties 2014-06-11 09:17 - 2012-07-23 14:41 - 00000000 ____D () C:\Users\kmengarelli 2014-06-11 08:03 - 2014-03-31 18:37 - 00000618 _____ () C:\Windows\Tasks\New scan.job 2014-06-09 19:12 - 2013-05-14 12:40 - 00000000 ____D () C:\Users\phslib 2014-06-09 18:50 - 2013-04-30 07:41 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\Mozilla 2014-06-09 13:52 - 2014-06-09 13:52 - 00001676 _____ () C:\Users\kmengarelli\Desktop\1234.txt 2014-06-09 12:27 - 2012-07-23 14:43 - 00000000 ____D () C:\Users\kmengarelli\AppData\Local\CrashDumps 2014-06-07 19:57 - 2014-06-07 19:57 - 00001675 _____ () C:\1234.txt 2014-06-06 18:32 - 2012-07-23 14:42 - 00000000 ___RD () C:\Users\kmengarelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-06-06 18:32 - 2012-07-23 14:42 - 00000000 ___RD () C:\Users\kmengarelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-06-06 14:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache 2014-06-06 14:06 - 2014-05-06 18:14 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-06 14:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-06-06 13:58 - 2012-05-02 08:23 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-06 13:52 - 2013-09-05 15:23 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-06 13:38 - 2012-07-24 23:06 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-06 13:14 - 2014-06-06 13:14 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\LSC 2014-06-06 07:33 - 2012-02-26 20:09 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo 2014-06-06 07:33 - 2012-02-26 19:54 - 00000000 ____D () C:\Program Files\Lenovo 2014-06-06 07:30 - 2012-02-26 20:09 - 00000000 ____D () C:\Windows\Downloaded Installations 2014-06-04 07:33 - 2013-08-26 08:09 - 00001116 _____ () C:\SSUUpdater.log 2014-06-03 21:21 - 2014-06-03 21:21 - 00003498 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Update 2014-06-03 21:21 - 2014-06-03 21:21 - 00003480 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Engine 2014-06-03 21:21 - 2014-06-03 21:21 - 00003306 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Initial Update 2014-06-03 21:21 - 2014-05-05 20:58 - 00000000 ____D () C:\Program Files (x86)\Motorola Mobility 2014-06-02 07:32 - 2013-03-29 08:40 - 00001054 _____ () C:\Users\kmengarelli\Desktop\Dropbox.lnk 2014-06-02 07:32 - 2013-03-29 08:38 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-06-02 07:26 - 2014-04-15 13:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-02 07:12 - 2014-04-15 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-30 20:55 - 2014-05-30 20:55 - 00033382 _____ () C:\Users\kmengarelli\Desktop\functional-resume.ott 2014-05-29 10:39 - 2014-05-29 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-05-29 10:39 - 2014-05-29 10:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-05-29 10:39 - 2014-05-29 10:37 - 00000000 ____D () C:\Program Files\iTunes 2014-05-29 10:39 - 2014-05-29 10:37 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-05-29 10:38 - 2014-05-29 10:38 - 00000000 ____D () C:\Program Files\iPod 2014-05-23 10:57 - 2014-05-23 10:57 - 00007578 _____ () C:\Users\kmengarelli\Desktop\2014 Summer School.xlsx 2014-05-21 15:37 - 2014-05-21 12:41 - 00017103 _____ () C:\Users\kmengarelli\Desktop\Mengarelli Map.xlsx 2014-05-21 15:25 - 2014-05-21 15:17 - 00000000 ____D () C:\Users\kmengarelli\Desktop\Map Recommend Export 2014-05-20 09:00 - 2014-04-23 14:17 - 00140616 _____ () C:\Users\kmengarelli\Desktop\Mandatory Tutoring.xlsx 2014-05-16 09:51 - 2013-05-01 07:41 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-15 08:26 - 2014-05-15 08:26 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\GeoGebra 4.4 2014-05-14 06:59 - 2012-05-02 08:20 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 06:59 - 2012-05-02 08:20 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 06:59 - 2012-05-02 08:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-12 07:26 - 2014-04-15 13:21 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-04-15 13:21 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2012-05-02 10:08 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys Some content of TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\InstallAX.exe C:\Users\kmengarelli\AppData\Local\Temp\adb.exe C:\Users\kmengarelli\AppData\Local\Temp\AdbWinApi.dll C:\Users\kmengarelli\AppData\Local\Temp\AdbWinUsbApi.dll C:\Users\kmengarelli\AppData\Local\Temp\AutoItX3.dll C:\Users\kmengarelli\AppData\Local\Temp\converter.exe C:\Users\kmengarelli\AppData\Local\Temp\DeviceRooter.exe C:\Users\kmengarelli\AppData\Local\Temp\DIFxAPI.dll C:\Users\kmengarelli\AppData\Local\Temp\DPInstx64.exe C:\Users\kmengarelli\AppData\Local\Temp\DPInstx86.exe C:\Users\kmengarelli\AppData\Local\Temp\DPInst_Monx64.exe C:\Users\kmengarelli\AppData\Local\Temp\DPInst_Monx86.exe C:\Users\kmengarelli\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpasvdvd.dll C:\Users\kmengarelli\AppData\Local\Temp\ERUNT.exe C:\Users\kmengarelli\AppData\Local\Temp\fx-runtime.exe C:\Users\kmengarelli\AppData\Local\Temp\javagiac0.8644454434339026.dll C:\Users\kmengarelli\AppData\Local\Temp\jna6178250079325307547.dll C:\Users\kmengarelli\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\kmengarelli\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\kmengarelli\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe C:\Users\kmengarelli\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\kmengarelli\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\kmengarelli\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\kmengarelli\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe C:\Users\kmengarelli\AppData\Local\Temp\KUIU.EXE C:\Users\kmengarelli\AppData\Local\Temp\LMkRstPt.exe C:\Users\kmengarelli\AppData\Local\Temp\OneClickRoot.exe C:\Users\kmengarelli\AppData\Local\Temp\OS_Detect.exe C:\Users\kmengarelli\AppData\Local\Temp\Quarantine.exe C:\Users\kmengarelli\AppData\Local\Temp\SMARTProductUpdate.exe C:\Users\kmengarelli\AppData\Local\Temp\uninst.exe C:\Users\kmengarelli\AppData\Local\Temp\Updater.exe C:\Users\kmengarelli\AppData\Local\Temp\vlc-2.0.4-win32.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-08 09:15 ==================== End Of Log ============================
  9. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/11/2014 Scan Time: 8:31:56 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.12.01 Rootkit Database: v2014.06.02.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: kmengarelli Scan Type: Hyper Scan Result: Completed Objects Scanned: 319710 Time Elapsed: 5 min, 52 sec Memory: Enabled Startup: Enabled Filesystem: Disabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  10. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Professional x64 Ran by kmengarelli on Wed 06/11/2014 at 20:17:40.85 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [Folder] C:\Users\kmengarelli\AppData\Roaming\mozilla\firefox\profiles\9b71g888.default\extensions\staged Emptied folder: C:\Users\kmengarelli\AppData\Roaming\mozilla\firefox\profiles\9b71g888.default\minidumps [4 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 06/11/2014 at 20:26:41.67 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  11. # AdwCleaner v3.212 - Report created 11/06/2014 at 20:05:40 # Updated 05/06/2014 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : kmengarelli - PHS-KMENGARELLI # Running from : C:\Users\kmengarelli\Desktop\malwarebytes help\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\Users\KMENGA~1\AppData\Local\Temp\webget Folder Deleted : C:\Users\kmengarelli\AppData\LocalLow \Conduit Folder Deleted : C:\Users\kmengarelli\AppData\Roaming\1H1Q Folder Deleted : C:\Users\kmengarelli\Documents\Optimizer Pro Folder Deleted : C:\Users\Administrator\AppData\Roaming \Mozilla\Firefox\Profiles\scqf1i9s.default\Extensions\staged \{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} Folder Deleted : C:\Users\kmengarelli\AppData\Roaming \Mozilla\Firefox\Profiles\9b71g888.default\Extensions\staged \{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} Folder Deleted : C:\Users\Administrator\AppData\Local\Google \Chrome\User Data\Default\Extensions \cgiaikfpllchefojlnehlmpekeogihnm File Deleted : C:\Users\Administrator\AppData\Roaming \Mozilla\Firefox\Profiles\scqf1i9s.default\user.js File Deleted : C:\Users\kmengarelli\AppData\Roaming\Mozilla \Firefox\Profiles\9b71g888.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Google\Chrome\Extensions \cgiaikfpllchefojlnehlmpekeogihnm Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions \cgiaikfpllchefojlnehlmpekeogihnm Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing \updatewebget_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing \updatewebget_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9- 4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKCU\Software\Microsoft\Internet Explorer \SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431- B4FD-889BC837521F} Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD- 889BC837521F} Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96- 5467DA2C4EF0} Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002- C014AF797E9C} Key Deleted : HKLM\Software\InstallCore ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Users\Administrator\AppData\Roaming\Mozilla \Firefox\Profiles\scqf1i9s.default\prefs.js ] Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial"); [ File : C:\Users\kmengarelli\AppData\Roaming\Mozilla \Firefox\Profiles\9b71g888.default\prefs.js ] Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial"); -\\ Google Chrome v35.0.1916.114 [ File : C:\Users\Administrator\AppData\Local\Google\Chrome \User Data\Default\preferences ] Deleted [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q= {searchTerms} &a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtAyDtDtBz yyBzyzztD0BtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutC yEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0Ezz0BtCtDtGtDyDtB0 AtGyE0EyD0EtGtB0DtA0CtGtB0DyE0EzztD0C0E0ByC0DyD2QtN1M1F1B2Z1V 1N2Y1L1Qzu2SyBtByB0AtB0EtAzytG0F0CtCtDtGtC0CtC0BtG0F0B0BtAtGt C0EtDtBtByB0EyByCtA0B0C2Q&cr=531881053&ir= Deleted [Extension] : cgiaikfpllchefojlnehlmpekeogihnm Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc [ File : C:\Users\kmengarelli\AppData\Local\Google\Chrome \User Data\Default\preferences ] Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} Deleted [search Provider] : hxxp://www.ask.com/web?q= {searchTerms} Deleted [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q= {searchTerms} &a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtAyDtDtBz yyBzyzztD0BtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutC yEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0Ezz0BtCtDtGtDyDtB0 AtGyE0EyD0EtGtB0DtA0CtGtB0DyE0EzztD0C0E0ByC0DyD2QtN1M1F1B2Z1V 1N2Y1L1Qzu2SyBtByB0AtB0EtAzytG0F0CtCtDtGtC0CtC0BtG0F0B0BtAtGt C0EtDtBtByB0EyByCtA0B0C2Q&cr=531881053&ir= Deleted [Extension] : cgiaikfpllchefojlnehlmpekeogihnm Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff [ File : C:\Users\phslib\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q= {searchTerms} &a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtAyDtDtBz yyBzyzztD0BtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutC yEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0Ezz0BtCtDtGtDyDtB0 AtGyE0EyD0EtGtB0DtA0CtGtB0DyE0EzztD0C0E0ByC0DyD2QtN1M1F1B2Z1V 1N2Y1L1Qzu2SyBtByB0AtB0EtAzytG0F0CtCtDtGtC0CtC0BtG0F0B0BtAtGt C0EtDtBtByB0EyByCtA0B0C2Q&cr=531881053&ir= Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc [ File : C:\Users\USD No. 250\AppData\Local\Google\Chrome \User Data\Default\preferences ] Deleted [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q= {searchTerms} &a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtAyDtDtBz yyBzyzztD0BtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutC yEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0Ezz0BtCtDtGtDyDtB0 AtGyE0EyD0EtGtB0DtA0CtGtB0DyE0EzztD0C0E0ByC0DyD2QtN1M1F1B2Z1V 1N2Y1L1Qzu2SyBtByB0AtB0EtAzytG0F0CtCtDtGtC0CtC0BtG0F0B0BtAtGt C0EtDtBtByB0EyByCtA0B0C2Q&cr=531881053&ir= ************************* AdwCleaner[R0].txt - [5815 octets] - [11/06/2014 19:43:47] AdwCleaner[s0].txt - [6301 octets] - [11/06/2014 20:05:40] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6361 octets] ##########
  12. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/11/2014 Scan Time: 5:58:09 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.11.08 Rootkit Database: v2014.06.02.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: kmengarelli Scan Type: Threat Scan Result: Completed Objects Scanned: 417122 Time Elapsed: 36 min, 34 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  13. yes I did that prior to running rogue killer
  14. RogueKiller V9.0.2.0 (x64) [Jun 3 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : kmengarelli [Admin rights] Mode : Scan -- Date : 06/11/2014 13:22:45 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1090334920-1458969583-549785860-23510\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1090334920-1458969583-549785860-23510\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> FOUND ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: HITACHI HTS727550A9E364 +++++ --- User --- [MBR] cce895c4ba458e3c1cbc06e7c2823d52 [bSP] ef412d77646346af1adb49e220a2187d : Lenovo MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 459436 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 944003072 | Size: 16000 MB User = LL1 ... OK User != LL2 ... KO! --- LL2 --- [MBR] eeb048d272e15ba0de821772635b505e [bSP] 60b4dd6963259b25adca021abb6d053a : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 459438 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 944003072 | Size: 16000 MB
  15. And Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-06-2014Ran by kmengarelli at 2014-06-10 16:37:03Running from C:\Users\kmengarelli\Desktop\malwarebytes helpBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Sophos Anti-Virus (Enabled - Out of date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Sophos Anti-Virus (Enabled - Out of date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337} ==================== Installed Programs ====================== Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) HiddenAdobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) HiddenAdobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe Creative Suite 4 Design Premium (HKLM-x32\...\Adobe_55230b0b70661df0f212e88f0b655f7) (Version: 4.0 - Adobe Systems Incorporated)Adobe Creative Suite 4 Design Premium (x32 Version: 4.0 - Adobe Systems Incorporated) HiddenAdobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) HiddenAdobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) HiddenAdobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) HiddenAdobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe Fireworks CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) HiddenAdobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe Media Encoder CS4 Importer (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) HiddenAdobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) HiddenAdobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) HiddenAdobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAppInventor Setup (HKLM-x32\...\AppInventor Setup) (Version: 1.1 - Google Inc.)Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)BirdBrain Technologies Snap (HKLM-x32\...\{45A8FCE4-4553-4FE9-9EBA-99F3286E01E4}) (Version: 0.2.0 - BirdBrain Technologies LLC)BisonCam Twain Pro (HKLM-x32\...\{F2672232-FF17-4DC9-8F24-A1E1829FE086}) (Version: 1.5.4.7 - Bison WebCam Ap)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2200 - Broadcom Corporation)Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) HiddenConexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.48.0 - Conexant)Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) HiddenCorel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) HiddenCorel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft)Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) HiddenDisable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) HiddenExtreme Collaboration AddOn (beta) 1.1.27 (HKLM-x32\...\{F92CDDDC-99F7-4CF2-829B-D4C98617F254}_is1) (Version: 1.1.27 - Freiland Netzlösungen GmbH)Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0981 - Ezvid, inc.)File Extractor Packages (HKCU\...\File Extractor Packages) (Version: - ) <==== ATTENTIONFingerprint Reader (HKLM\...\{7DD99174-299B-4450-A179-7F27F4C2D042}) (Version: 6.0.200.105 - AuthenTec, Inc.)GeoGebra 4 (HKCU\...\GeoGebra 4) (Version: - International GeoGebra Institute)GeoGebra 4.4 (HKLM-x32\...\GeoGebra 4.4) (Version: 4.4.11.0 - International GeoGebra Institute)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) HiddenGoToMeeting 5.5.0.1132 (HKCU\...\GoToMeeting) (Version: 5.5.0.1132 - CitrixOnline)HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{7D220A57-969F-4D09-9297-D48195A8ABDD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3190 - Intel Corporation)Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.6.1.0536 - Intel Corporation) HiddenIntel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{A10B1524-63B5-40F2-B272-D841CF671C16}) (Version: 2.2.0.0266 - Intel Corporation)Intel® PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0167 - Intel Corporation) HiddenIntel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)Intel® WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142 - Intel Corporation) HiddenIntel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) HiddeniTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) HiddenJava 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.350 - Oracle)Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hiddenkuler (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenLenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.10 - )Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.9.0 - Lenovo)Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) HiddenLenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) HiddenLenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Mathematics (64-bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)Microsoft Mathematics Add-in (32-bit) (HKLM-x32\...\{E2C98732-F973-4985-A9C5-DC06178E16EE}) (Version: 2.0.040811.01 - Microsoft Corporation)Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Standard 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Security Client (Version: 4.3.0215.0 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2006.0314 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) HiddenMotorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) HiddenMotorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)MouseServer version 1.5.0.0 (HKLM-x32\...\{E13018F5-FFC7-4729-9C1B-1A85807D03E6}_is1) (Version: 1.5.0.0 - Necta Co.)Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenMozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) HiddenMSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)NBC Learn Offline Player (HKLM-x32\...\com.nbcuni.aodplayer.38154C9B00B8386E5872F08BE16716F44323C112.1) (Version: 3.03 - NBC Universal)NBC Learn Offline Player (x32 Version: 3.03 - NBC Universal) HiddenOn Screen Display (HKLM\...\OnScreenDisplay) (Version: 7.12.27 - )OneClickRoot (HKLM-x32\...\OneClickRoot) (Version: 1.0 - OneClickRoot)OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenPhotoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) HiddenPlanbook (HKLM-x32\...\{87EA1B44-0FB0-4EE9-A153-0D3BD026337E}) (Version: 4.00.051 - Hellmansoft)Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.64.4 - Lenovo Group Limited)Presto 1.0.319.0 (HKLM\...\{D65F74D9-5FD6-42E5-BE65-474AF84A5591}_is1) (Version: 1.0.319.0 - Collobos Software)PrintKit (HKLM\...\{41CCC6A9-EB5F-482C-AAB5-38849B7143EE}) (Version: 1.0.319.0 - Collobos Software)Publishly (HKLM-x32\...\Publishly) (Version: 1.0 - The Pretendery)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)Reflection (HKLM-x32\...\{63D5463D-0FED-4E4E-846A-CCB3245A2F28}) (Version: 1.2.1 - Squirrels)Reflector (HKLM\...\{F9C41F10-A70A-4717-8E86-19A4179FE689}) (Version: 1.2.3 - Squirrels)Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) HiddenRICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)SAMSUNG USB Driver for Mobile Phones V5.16.0.0 (HKLM-x32\...\{C0C1D2BC-72FE-4F77-A2F9-CD10D5AA8F93}) (Version: 1.2.2200.0 - SAMSUNG Electronics CO., LTD.)SamsungSimpleDownloaderTool for SPH-D710 (HKLM-x32\...\InstallShield_{8C9EBE06-8BA2-4AEB-BFD8-6614072FE75F}) (Version: 1.0.047 - Samsung Electronics)SamsungSimpleDownloaderTool for SPH-D710 (x32 Version: 1.0.047 - Samsung Electronics) HiddenScratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) HiddenSMART Common Files (HKLM-x32\...\{26A95DBF-A866-4838-A8C9-FA219FCBD22E}) (Version: 11.5.159.0 - SMART Technologies ULC)SMART Ink (HKLM-x32\...\{5ABC49B5-D0DC-428D-A082-4AEFF6490F04}) (Version: 2.0.723.0 - SMART Technologies ULC)SMART Notebook (HKLM-x32\...\{79660EE7-9C0B-4962-B566-2693FE34719D}) (Version: 11.4.564.0 - SMART Technologies ULC)SMART Notebook Gallery 2.0 Beta (HKLM-x32\...\{8FA9260A-062C-4F52-B2B2-08F4CE73CBB3}) (Version: 2.0.141.0 - SMART Technologies)SMART Product Drivers (HKLM-x32\...\{53330A17-78DE-458E-9997-292A2D6D3ADD}) (Version: 11.4.872.1 - SMART Technologies ULC)Songsmith (HKLM-x32\...\{30906093-42C6-4968-AEDD-B915972CF0DB}) (Version: 12.08.2700 - Microsoft Research)Sophos Anti-Virus (HKLM-x32\...\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}) (Version: 10.2.7 - Sophos Limited)Sophos AutoUpdate (HKLM-x32\...\{15C418EB-7675-42be-B2B3-281952DA014D}) (Version: 2.9.0.344 - Sophos Limited)Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.5.8.4 - Splashtop Inc.)Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2200 - Broadcom Corporation)ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.0.0 - )ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)ThinkVantage Access Connections (HKLM-x32\...\{9C551D9B-5D36-46A2-9414-F658D934B129}) (Version: 5.93 - Lenovo)ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARD_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARD_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARD_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.3.64 - VeriSign)VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)Windows Driver Package - Intel (iaStor) hdc (11/06/2010 10.1.0.1008) (HKLM\...\73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12) (Version: 11/06/2010 10.1.0.1008 - Intel)Windows Driver Package - Lenovo 1.64.00.00 (07/28/2011 1.64.00.00) (HKLM\...\01E3B64834B04ABAC85D8E1D3EBDC567D83AD29B) (Version: 07/28/2011 1.64.00.00 - Lenovo)Windows Driver Package - Realtek (RTL8167) Net (12/29/2010 7.037.1229.2010) (HKLM\...\828B05D2B647CDAEA22493F7BFB96847265EE596) (Version: 12/29/2010 7.037.1229.2010 - Realtek)Windows Driver Package - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 07-05-2014 01:26:50 Device Driver Package Install: Google, Inc. SAMSUNG Android Phone07-05-2014 01:36:35 Installed SamsungSimpleDownloaderTool for SPH-D71004-06-2014 02:20:12 Installed Motorola Device Manager06-06-2014 18:31:18 Windows Update ==================== Hosts content: ========================== 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {083E6C5A-B97C-489B-B795-CDB992B40380} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exeTask: {0866F271-C42F-4F66-A4FA-DF3E7BCE6C2F} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)Task: {0FEE389C-4C8A-49E5-AA4A-42ADD803E018} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-03-07] (Lenovo Group Limited)Task: {215C8BB4-AA95-4F94-9B38-406CC720DF09} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"Task: {5649AA3C-6C74-498F-9F1D-734D1F02499C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26] (Google Inc.)Task: {670D78CD-D01B-45E8-907B-C0285B9F9704} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510Core => C:\Users\kmengarelli\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-01] (Google Inc.)Task: {6B6CF214-BC27-44F1-AA76-F7AF5F9FB33F} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()Task: {72B3D271-C6EF-4FA8-98EA-5726D7722F51} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()Task: {77F50C04-4ADA-4B56-9DB1-E02FE55336AD} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()Task: {89C573F3-FA78-41B5-832A-FB1EA3BF1A99} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {95A44E88-C9C9-40ED-BFF7-4C462D4D43C1} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exeTask: {96C46302-7E7E-4D03-909B-DB1A1616C97C} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)Task: {99AD77A1-2C53-47DE-8105-B19F4CAE2905} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510UA => C:\Users\kmengarelli\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-01] (Google Inc.)Task: {B9A7D700-5323-41CD-9C74-CB3BE1FBA6E0} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()Task: {BCFC2974-7AA2-4228-80FA-DF6B7E60BB6E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)Task: {BF442980-691B-43B6-A6CB-E7570B446A50} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()Task: {C2DF1B3B-04BC-4C98-AAD3-D62626C80130} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-05-06] ()Task: {CD6D1CB7-93C7-402C-A840-5D9ACCA85817} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)Task: {D6996255-6DBA-4AB8-9B25-7C77B90C32D4} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()Task: {D94C961F-4FD7-48F0-B8A4-15D7B9D7B8FD} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)Task: {E99A7816-C486-490D-89F6-77C66CE08C8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26] (Google Inc.)Task: {FA1B8EB2-6669-4048-942B-3D312BE0F3AE} - System32\Tasks\New scan => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2012-09-21] (Sophos Limited)Task: {FB769969-7E67-460B-AE82-6A18DECF40ED} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)Task: {FBCBD813-DE95-4C98-8C3B-45175E8FF94C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)Task: {FD6C5330-3F9B-4C89-B98A-F3DB33D0D478} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510Core.job => C:\Users\kmengarelli\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510UA.job => C:\Users\kmengarelli\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\New scan.job => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-07 20:34 - 2012-10-04 19:49 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll2013-09-10 11:15 - 2013-09-10 11:15 - 01575936 _____ () C:\Program Files\PrintKit\libcups2.dll2012-02-26 20:08 - 2014-03-07 06:04 - 00104448 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL2013-04-03 09:59 - 2010-10-26 12:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe2012-02-26 20:06 - 2011-08-19 00:20 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2013-08-07 03:03 - 2013-08-07 03:03 - 01130792 _____ () C:\Program Files\Lenovo Fingerprint Reader\DataManager.dll2013-08-07 03:04 - 2013-08-07 03:04 - 00087848 _____ () C:\Program Files\Lenovo Fingerprint Reader\ssutil.dll2014-03-14 17:47 - 2014-03-14 17:47 - 00092504 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2013-09-05 15:12 - 2011-08-02 20:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll2013-09-05 15:12 - 2011-08-02 20:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll2012-02-06 03:50 - 2012-02-06 03:50 - 02402304 _____ () C:\Program Files (x86)\SAMSUNG\Intelli-studio\Filters\HTH264VD.dll2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll2014-03-31 16:26 - 2013-05-14 06:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll2012-02-26 20:09 - 2010-04-06 12:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll2012-02-26 20:09 - 2010-04-06 12:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll2014-06-09 19:14 - 2014-06-09 19:14 - 00043008 _____ () C:\Users\kmengarelli\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpedrx0v.dll2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\kmengarelli\AppData\Roaming\Dropbox\bin\libcef.dll2014-06-09 19:13 - 2014-06-09 19:13 - 00098816 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32api.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00110080 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\PyWinTypes27.dll2014-06-09 19:13 - 2014-06-09 19:13 - 00364544 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\pythoncom27.dll2014-06-09 19:13 - 2014-06-09 19:13 - 00045568 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\_socket.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 01159680 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\_ssl.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00320512 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32com.shell.shell.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00713216 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\_hashlib.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 01175040 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\wx._core_.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00805888 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\wx._gdi_.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00811008 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\wx._windows_.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 01062400 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\wx._controls_.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00735232 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\wx._misc_.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00128512 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\_elementtree.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00127488 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\pyexpat.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00557056 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\pysqlite2._sqlite.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00087552 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\_ctypes.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00119808 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32file.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00108544 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32security.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00018432 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32event.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00038912 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32inet.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00070656 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\wx._html2.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00167936 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32gui.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00011264 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32crypt.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00027136 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\_multiprocessing.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00122368 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\wx._wizard.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00010240 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\select.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00024064 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32pipe.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00686080 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\unicodedata.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00025600 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32pdh.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00525640 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\windows._lib_cacheinvalidation.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00035840 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32process.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00017408 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32profile.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00022528 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32ts.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00078336 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\wx._animate.pyd2013-08-22 19:43 - 2013-08-22 19:43 - 00272688 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK.node2013-08-22 19:44 - 2013-08-22 19:44 - 00039216 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\HWR.node2013-08-22 19:44 - 2013-08-22 19:44 - 00053040 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SWR.node2013-08-22 19:44 - 2013-08-22 19:44 - 00057648 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\MWR.node2013-08-22 19:44 - 2013-08-22 19:44 - 00014848 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SessionNotification.node2011-08-15 20:12 - 2011-08-15 20:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll2011-08-15 20:15 - 2011-08-15 20:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll2011-08-17 16:41 - 2011-08-17 16:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll2011-08-17 16:48 - 2011-08-17 16:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll2012-06-14 11:57 - 2012-06-14 11:57 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll2011-08-15 20:12 - 2011-08-15 20:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll2011-08-17 16:48 - 2011-08-17 16:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll2011-08-15 19:23 - 2011-08-15 19:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll2012-06-14 11:56 - 2012-06-14 11:56 - 00481792 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll2012-06-14 12:06 - 2012-06-14 12:06 - 00500064 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll2012-06-14 11:55 - 2012-06-14 11:55 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf2014-05-21 23:02 - 2014-05-13 18:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll2014-05-21 23:02 - 2014-05-13 18:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll2014-05-21 23:02 - 2014-05-13 18:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll2014-05-21 23:02 - 2014-05-13 18:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll2014-05-21 23:02 - 2014-05-13 18:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbyloginMSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: BLEServicesCtrl => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exeMSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostartMSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: Lenovo Registration => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /bootMSCONFIG\startupreg: PWMTRV => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitorMSCONFIG\startupreg: Response Desktop Menu => "C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe"MSCONFIG\startupreg: sbsdk-server => "C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe"MSCONFIG\startupreg: SkyDrive => "C:\Users\kmengarelli\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /backgroundMSCONFIG\startupreg: SMART Board Service => "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe" -dMSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==================== Faulty Device Manager Devices ============= Name: SMART Virtual TabletPCDescription: SMART Virtual TabletPCClass Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}Manufacturer: SMART Technologies ULCService: SMARTVTabletPCx64Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: SMART Virtual TabletPCDescription: SMART Virtual TabletPCClass Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}Manufacturer: SMART Technologies ULCService: SMARTVTabletPCx64Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (06/10/2014 04:25:50 PM) (Source: PrintKit Service) (EventID: 1) (User: )Description: 3268:5508 Tue Jun 10 16:25:43 2014 NKAddress.cpp:226 netkit::ip::address::resolve::<lambda_556c6c5232b365839ca913f34624bc95>::operator () error in getaddrinfo: N Error: (06/10/2014 11:08:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 31325 Error: (06/10/2014 11:08:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 31325 Error: (06/10/2014 11:08:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/10/2014 11:08:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 30311 Error: (06/10/2014 11:08:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 30311 Error: (06/10/2014 11:08:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/10/2014 11:08:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 29219 Error: (06/10/2014 11:08:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 29219 Error: (06/10/2014 11:08:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second System errors:=============Error: (06/10/2014 04:25:50 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: USD250)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (06/10/2014 04:25:50 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (06/10/2014 04:25:43 PM) (Source: NETLOGON) (EventID: 5719) (User: )Description: This computer was not able to set up a secure session with a domaincontroller in domain USD250 due to the following: %%1311 This may lead to authentication problems. Make sure that thiscomputer is connected to the network. If the problem persists,please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, itsets up the secure session to the primary domain controller emulator in the specifieddomain. Otherwise, this computer sets up the secure session to any domain controllerin the specified domain. Error: (06/10/2014 08:03:30 AM) (Source: TermService) (EventID: 1067) (User: )Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.. Error: (06/10/2014 07:29:46 AM) (Source: TermService) (EventID: 1067) (User: )Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.. Error: (06/10/2014 07:24:16 AM) (Source: TermService) (EventID: 1067) (User: )Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.. Error: (06/10/2014 07:19:28 AM) (Source: NETLOGON) (EventID: 5719) (User: )Description: This computer was not able to set up a secure session with a domaincontroller in domain USD250 due to the following: %%1311 This may lead to authentication problems. Make sure that thiscomputer is connected to the network. If the problem persists,please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, itsets up the secure session to the primary domain controller emulator in the specifieddomain. Otherwise, this computer sets up the secure session to any domain controllerin the specified domain. Error: (06/10/2014 07:19:03 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (06/09/2014 07:12:58 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: USD250)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (06/09/2014 07:10:59 PM) (Source: TermService) (EventID: 1067) (User: )Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.. Microsoft Office Sessions:=========================Error: (06/10/2014 04:25:50 PM) (Source: PrintKit Service) (EventID: 1) (User: )Description: 3268:5508 Tue Jun 10 16:25:43 2014 NKAddress.cpp:226 netkit::ip::address::resolve::<lambda_556c6c5232b365839ca913f34624bc95>::operator () error in getaddrinfo: N Error: (06/10/2014 11:08:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 31325 Error: (06/10/2014 11:08:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 31325 Error: (06/10/2014 11:08:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/10/2014 11:08:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 30311 Error: (06/10/2014 11:08:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 30311 Error: (06/10/2014 11:08:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/10/2014 11:08:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 29219 Error: (06/10/2014 11:08:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 29219 Error: (06/10/2014 11:08:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second ==================== Memory info =========================== Percentage of memory in use: 76%Total physical RAM: 3688.15 MBAvailable physical RAM: 874.54 MBTotal Pagefile: 7374.48 MBAvailable Pagefile: 4214.91 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:448.67 GB) (Free:223.35 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (1991_PITT_ST_FOOTBALL_CHAMPIONSH) (CDROM) (Total:3.1 GB) (Free:0 GB) UDFDrive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.61 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 466 GB) (Disk ID: 478F2F74)Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=449 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  16. Sorry I forgot to attach the log files" Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014Ran by kmengarelli (administrator) on PHS-KMENGARELLI on 10-06-2014 16:35:28Running from C:\Users\kmengarelli\Desktop\malwarebytes helpPlatform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe(Lenovo.) C:\Windows\System32\ibmpmsvc.exe(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe(Collobos Software) C:\Program Files\PrintKit\printkitd.exe(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe(Lenovo.) C:\Windows\System32\TpShocks.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Collobos Software) C:\Program Files\Presto\PrestoHelper.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe(Dropbox, Inc.) C:\Users\kmengarelli\AppData\Roaming\Dropbox\bin\Dropbox.exe(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Joyent, Inc) C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Microsoft Corporation) C:\Windows\splwow64.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\audiodg.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [297008 2014-01-28] (Lenovo Group Limited)HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)HKLM\...\Run: [MSC] => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyHKLM\...\Run: [ResetACGauge] => C:\Program Files (x86)\Lenovo\Access Connections\smbhlpr.exe [147456 2014-03-14] (Lenovo)HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()HKLM\...\Run: [bTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11586944 2012-06-18] (Motorola Solutions, Inc.)HKLM\...\Run: [] => [X]HKLM\...\Run: [bLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-05-31] (Intel Corporation)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3029744 2013-04-26] (Synaptics Incorporated)HKLM\...\Run: [PrestoHelper] => C:\Program Files\Presto\PrestoHelper.exe [3468800 2013-09-10] (Collobos Software)HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exeHKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-14] (Intel Corporation)HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-31] (Intel Corporation)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitorHKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)HKLM-x32\...\Run: [sMART Ink] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [147248 2014-02-11] (SMART Technologies)HKLM-x32\...\Run: [sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-01-11] (Sophos Limited)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [sMART Floating Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe [9024304 2013-11-20] (SMART Technologies ULC)HKLM-x32\...\Run: [sMARTNotification] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe [204592 2014-02-12] (SMART Technologies)HKLM-x32\...\Run: [sMART Tray Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe [744752 2014-02-12] (SMART Technologies)HKLM-x32\...\Run: [sMART Board Service] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [1933616 2014-02-12] (SMART Technologies)HKLM-x32\...\Run: [sbsdk-server] => C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62768 2013-08-22] (SMART Technologies)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)HKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)HKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\Run: [Google Update] => C:\Users\kmengarelli\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-03-01] (Google Inc.)HKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\RunOnce: [uninstall C:\Users\kmengarelli\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\kmengarelli\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"HKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\RunOnce: [uninstall C:\Users\kmengarelli\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\kmengarelli\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"HKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\MountPoints2: {4680a533-d21c-11e3-af28-b888e3350297} - E:\setup.exe -aHKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\MountPoints2: {b75e3514-f0ca-11e2-ad3b-b888e3350297} - E:\iStudio.exeHKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\MountPoints2: {c068f0c6-60dc-11e1-ac10-806e6f6e6963} - Q:\LenovoQDrive.exeAppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [218256 2012-09-21] (Sophos Limited)AppInit_DLLs-x32: c:\progra~2\sophos\sophos~1\sophos~1.dll => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [221840 2012-09-21] (Sophos Limited)Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGinaStartup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnkShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)Startup: C:\Users\kmengarelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\kmengarelli\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\kmengarelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Presto.lnkShortcutTarget: Presto.lnk -> C:\Program Files\Presto\Presto.exe (Collobos Software) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpadHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENPHKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpadSearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtAyDtDtBzyyBzyzztD0BtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0Ezz0BtCtDtGtDyDtB0AtGyE0EyD0EtGtB0DtA0CtGtB0DyE0EzztD0C0E0ByC0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByB0AtB0EtAzytG0F0CtCtDtGtC0CtC0BtG0F0B0BtAtGtC0EtDtBtByB0EyByCtA0B0C2Q&cr=531881053&ir=SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtAyDtDtBzyyBzyzztD0BtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0Ezz0BtCtDtGtDyDtB0AtGyE0EyD0EtGtB0DtA0CtGtB0DyE0EzztD0C0E0ByC0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByB0AtB0EtAzytG0F0CtCtDtGtC0CtC0BtG0F0B0BtAtGtC0EtDtBtByB0EyByCtA0B0C2Q&cr=531881053&ir=SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtAyDtDtBzyyBzyzztD0BtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0Ezz0BtCtDtGtDyDtB0AtGyE0EyD0EtGtB0DtA0CtGtB0DyE0EzztD0C0E0ByC0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByB0AtB0EtAzytG0F0CtCtDtGtC0CtC0BtG0F0B0BtAtGtC0EtDtBtByB0EyByCtA0B0C2Q&cr=531881053&ir=SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtAyDtDtBzyyBzyzztD0BtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0Ezz0BtCtDtGtDyDtB0AtGyE0EyD0EtGtB0DtA0CtGtB0DyE0EzztD0C0E0ByC0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByB0AtB0EtAzytG0F0CtCtDtGtC0CtC0BtG0F0B0BtAtGtC0EtDtBtByB0EyByCtA0B0C2Q&cr=531881053&ir=SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS494BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Android\adt-bundle-windows-x86_64-20130729\adt-bundle-windows-x86_64-20130729\eclipse\jre\bin\ssv.dll (Oracle Corporation)BHO: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Android\adt-bundle-windows-x86_64-20130729\adt-bundle-windows-x86_64-20130729\eclipse\jre\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll (SMART Technologies ULC.)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileToolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileWinsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 FireFox:========FF ProfilePath: C:\Users\kmengarelli\AppData\Roaming\Mozilla\Firefox\Profiles\9b71g888.defaultFF SelectedSearchEngine: MysearchdialFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Android\adt-bundle-windows-x86_64-20130729\adt-bundle-windows-x86_64-20130729\eclipse\jre\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @emusic.com/eMusicPlugin DLM6 - C:\Program Files (x86)\eMusic Download Manager 6\npEMusic604.dll No FileFF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\kmengarelli\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\kmengarelli\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\kmengarelli\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\kmengarelli\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF user.js: detected! => C:\Users\kmengarelli\AppData\Roaming\Mozilla\Firefox\Profiles\9b71g888.default\user.jsFF Plugin ProgramFiles/Appdata: C:\Users\kmengarelli\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\kmengarelli\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF Extension: No Name - C:\Users\kmengarelli\AppData\Roaming\Mozilla\Firefox\Profiles\9b71g888.default\Extensions\staged [2014-05-05]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-23]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-12]FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ []FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-03] Chrome: =======CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENPCHR StartupUrls: "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP", "hxxp://start.mysearchdial.com/?f=1&a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtAyDtDtBzyyBzyzztD0BtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0Ezz0BtCtDtGtDyDtB0AtGyE0EyD0EtGtB0DtA0CtGtB0DyE0EzztD0C0E0ByC0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByB0AtB0EtAzytG0F0CtCtDtGtC0CtC0BtG0F0B0BtAtGtC0EtDtBtByB0EyByCtA0B0C2Q&cr=531881053&ir="CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (TrueSuite) - C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc)CHR Plugin: (Google Update) - C:\Users\kmengarelli\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No FileCHR Plugin: (Google Talk Plugin) - C:\Users\kmengarelli\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\kmengarelli\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No FileCHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\kmengarelli\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No FileCHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No FileCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]CHR Extension: (YouTube) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-23]CHR Extension: (GeoGebra) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2014-02-10]CHR Extension: (Google Search) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-23]CHR Extension: (IBA Opt-out (by Google)) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2014-02-01]CHR Extension: (Keep My Opt-Outs) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2014-02-01]CHR Extension: (Wolfram|Alpha (Official)) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2012-11-15]CHR Extension: (Save to Pocket) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-06-01]CHR Extension: (Google Wallet) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]CHR Extension: (Readability) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2013-05-15]CHR Extension: (dotEPUB) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\okpfiebkkmjcnodegbbbiellepfhoglm [2013-01-21]CHR Extension: (Gmail) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-23]CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\KMENGA~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-04-30]CHR HKCU\...\Chrome\Extension: [cgiaikfpllchefojlnehlmpekeogihnm] - C:\Users\kmengarelli\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx [2013-01-20]CHR HKLM-x32\...\Chrome\Extension: [cgiaikfpllchefojlnehlmpekeogihnm] - C:\Users\kmengarelli\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx [2013-01-20]CHR HKLM-x32\...\Chrome\Extension: [clglhglbidpdbjffpfcldkifhdegdfle] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2013-04-01] ==================== Services (Whitelisted) ================= R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139944 2013-08-07] (AuthenTec, Inc)R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-05-31] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-05-31] (Intel Corporation)R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [198704 2014-01-28] (Lenovo Group Limited)R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()R2 PrintKit Service; C:\Program Files\PrintKit\printkitd.exe [4307224 2013-09-10] (Collobos Software)R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-01-11] (Sophos Limited)R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2012-09-21] (Sophos Limited)R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [538416 2014-02-12] (SMART Technologies)R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-01-11] (Sophos Limited)S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-02-04] (Sophos Limited)S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2012-11-12] (Sophos Limited)R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401704 2013-07-22] (AuthenTec, Inc.)R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2011-12-05] (Symantec Corporation)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [X]S3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [X] ==================== Drivers (Whitelisted) ==================== S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [111104 2012-05-21] (Motorola Solutions, Inc.)S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [849408 2012-06-09] (Motorola Solutions, Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-10] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2012-09-21] (Sophos Limited)R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2013-08-12] (SMART Technologies)R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2013-08-12] (SMART Technologies)S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2013-03-07] (SMART Technologies ULC)R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-26] (Synaptics Incorporated)R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2011-08-25] (Sophos Plc)R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)S3 5U877; system32\DRIVERS\5U877.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-10 16:35 - 2014-06-10 16:35 - 00000000 ____D () C:\FRST2014-06-10 16:34 - 2014-06-10 16:35 - 00000000 ____D () C:\Users\kmengarelli\Desktop\malwarebytes help2014-06-09 13:52 - 2014-06-09 13:52 - 00001676 _____ () C:\Users\kmengarelli\Desktop\1234.txt2014-06-07 19:57 - 2014-06-07 19:57 - 00001675 _____ () C:\1234.txt2014-06-06 13:58 - 2014-05-08 02:14 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-06-06 13:58 - 2014-05-08 01:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-06-06 13:58 - 2014-05-08 00:52 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-06-06 13:58 - 2014-05-08 00:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-06-06 13:58 - 2014-05-07 23:57 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-06-06 13:58 - 2014-05-07 23:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-06-06 13:31 - 2014-03-24 21:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-06-06 13:31 - 2014-03-24 21:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-06-06 13:30 - 2014-05-09 01:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-06-06 13:30 - 2014-05-09 01:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-06-06 13:30 - 2014-04-11 21:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2014-06-06 13:30 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2014-06-06 13:30 - 2014-04-11 21:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-06-06 13:30 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2014-06-06 13:30 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2014-06-06 13:30 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2014-06-06 13:30 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2014-06-06 13:30 - 2014-04-11 21:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-06-06 13:30 - 2014-04-11 21:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-06-06 13:30 - 2014-03-04 04:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-06-06 13:30 - 2014-03-04 04:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-06-06 13:30 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll2014-06-06 13:30 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2014-06-06 13:30 - 2014-03-04 04:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-06-06 13:30 - 2014-03-04 04:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-06-06 13:30 - 2014-03-04 04:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-06-06 13:30 - 2014-03-04 04:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-06-06 13:30 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll2014-06-06 13:30 - 2014-03-04 04:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-06-06 13:30 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll2014-06-06 13:30 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll2014-06-06 13:30 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll2014-06-06 13:30 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll2014-06-06 13:30 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll2014-06-06 13:30 - 2014-03-04 04:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-06-06 13:30 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2014-06-06 13:30 - 2014-03-04 04:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2014-06-06 13:30 - 2014-03-04 04:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-06-06 13:30 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2014-06-06 13:14 - 2014-06-06 13:14 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\LSC2014-06-05 07:39 - 2014-06-05 07:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fingerprint Reader2014-06-03 21:21 - 2014-06-03 21:21 - 00003498 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Update2014-06-03 21:21 - 2014-06-03 21:21 - 00003480 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Engine2014-06-03 21:21 - 2014-06-03 21:21 - 00003306 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Initial Update2014-05-30 20:55 - 2014-05-30 20:55 - 00033382 _____ () C:\Users\kmengarelli\Desktop\functional-resume.ott2014-05-29 10:39 - 2014-05-29 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-05-29 10:38 - 2014-05-29 10:38 - 00000000 ____D () C:\Program Files\iPod2014-05-29 10:37 - 2014-05-29 10:39 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-05-29 10:37 - 2014-05-29 10:39 - 00000000 ____D () C:\Program Files\iTunes2014-05-29 10:37 - 2014-05-29 10:39 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-05-23 10:57 - 2014-05-23 10:57 - 00007578 _____ () C:\Users\kmengarelli\Desktop\2014 Summer School.xlsx2014-05-21 15:17 - 2014-05-21 15:25 - 00000000 ____D () C:\Users\kmengarelli\Desktop\Map Recommend Export2014-05-21 12:41 - 2014-05-21 15:37 - 00017103 _____ () C:\Users\kmengarelli\Desktop\Mengarelli Map.xlsx2014-05-15 08:26 - 2014-05-15 08:26 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\GeoGebra 4.42014-05-11 17:58 - 2013-11-27 15:44 - 06226807 _____ () C:\Users\kmengarelli\Documents\Tutorial for SMART Notebook 11.4.notebook ==================== One Month Modified Files and Folders ======= 2014-06-10 16:36 - 2013-09-12 20:44 - 00000000 ____D () C:\ProgramData\PrintKit2014-06-10 16:36 - 2012-07-23 14:41 - 00000000 ____D () C:\Users\kmengarelli\AppData\Local\Temp2014-06-10 16:36 - 2012-02-26 19:57 - 01607625 _____ () C:\Windows\WindowsUpdate.log2014-06-10 16:35 - 2014-06-10 16:35 - 00000000 ____D () C:\FRST2014-06-10 16:35 - 2014-06-10 16:34 - 00000000 ____D () C:\Users\kmengarelli\Desktop\malwarebytes help2014-06-10 16:33 - 2012-02-26 20:17 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-06-10 16:26 - 2013-04-05 10:03 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510UA.job2014-06-10 16:26 - 2012-02-26 20:17 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-06-10 16:25 - 2012-05-02 08:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-06-10 10:52 - 2012-07-27 14:06 - 00000000 ____D () C:\Users\kmengarelli\AppData\Local\Deployment2014-06-10 09:54 - 2012-05-03 00:54 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl2014-06-10 07:20 - 2014-04-15 13:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-06-10 07:19 - 2014-03-31 18:37 - 00000618 _____ () C:\Windows\Tasks\New scan.job2014-06-10 07:19 - 2009-07-13 23:51 - 00145714 _____ () C:\Windows\setupact.log2014-06-09 19:14 - 2014-05-06 19:12 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\DropboxMaster2014-06-09 19:14 - 2012-12-02 21:40 - 00000000 ___RD () C:\Users\kmengarelli\Dropbox2014-06-09 19:14 - 2012-09-20 10:28 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\Dropbox2014-06-09 19:13 - 2014-05-05 20:59 - 00000000 ____D () C:\Temp2014-06-09 19:13 - 2012-07-25 22:09 - 00000000 ___RD () C:\Users\kmengarelli\Desktop\Google Drive2014-06-09 19:12 - 2013-05-14 12:40 - 00000000 ____D () C:\Users\phslib2014-06-09 19:12 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-06-09 19:12 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-06-09 19:10 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI2014-06-09 19:05 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-06-09 18:50 - 2013-04-30 07:41 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\Mozilla2014-06-09 17:47 - 2013-04-05 10:03 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510Core.job2014-06-09 14:11 - 2010-11-20 22:47 - 00749676 _____ () C:\Windows\PFRO.log2014-06-09 13:52 - 2014-06-09 13:52 - 00001676 _____ () C:\Users\kmengarelli\Desktop\1234.txt2014-06-09 12:27 - 2012-07-23 14:43 - 00000000 ____D () C:\Users\kmengarelli\AppData\Local\CrashDumps2014-06-07 19:57 - 2014-06-07 19:57 - 00001675 _____ () C:\1234.txt2014-06-06 18:32 - 2012-07-23 14:42 - 00000000 ___RD () C:\Users\kmengarelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-06-06 18:32 - 2012-07-23 14:42 - 00000000 ___RD () C:\Users\kmengarelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-06-06 14:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-06-06 14:06 - 2014-05-06 18:14 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-06-06 14:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-06-06 13:58 - 2012-05-02 08:23 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-06-06 13:52 - 2013-09-05 15:23 - 00000000 ____D () C:\Windows\system32\MRT2014-06-06 13:38 - 2012-07-24 23:06 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-06-06 13:14 - 2014-06-06 13:14 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\LSC2014-06-06 07:33 - 2012-02-26 20:09 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo2014-06-06 07:33 - 2012-02-26 19:54 - 00000000 ____D () C:\Program Files\Lenovo2014-06-06 07:30 - 2012-02-26 20:09 - 00000000 ____D () C:\Windows\Downloaded Installations2014-06-05 07:41 - 2014-04-25 07:00 - 00001934 _____ () C:\Users\kmengarelli\.powerschool_gradebook.properties2014-06-05 07:41 - 2012-07-23 14:41 - 00000000 ____D () C:\Users\kmengarelli2014-06-05 07:39 - 2014-06-05 07:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fingerprint Reader2014-06-04 07:33 - 2013-08-26 08:09 - 00001116 _____ () C:\SSUUpdater.log2014-06-03 21:21 - 2014-06-03 21:21 - 00003498 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Update2014-06-03 21:21 - 2014-06-03 21:21 - 00003480 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Engine2014-06-03 21:21 - 2014-06-03 21:21 - 00003306 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Initial Update2014-06-03 21:21 - 2014-05-05 20:58 - 00000000 ____D () C:\Program Files (x86)\Motorola Mobility2014-06-02 07:32 - 2013-03-29 08:40 - 00001054 _____ () C:\Users\kmengarelli\Desktop\Dropbox.lnk2014-06-02 07:32 - 2013-03-29 08:38 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-06-02 07:26 - 2014-04-15 13:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-02 07:12 - 2014-04-15 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-30 20:55 - 2014-05-30 20:55 - 00033382 _____ () C:\Users\kmengarelli\Desktop\functional-resume.ott2014-05-29 10:39 - 2014-05-29 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-05-29 10:39 - 2014-05-29 10:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-05-29 10:39 - 2014-05-29 10:37 - 00000000 ____D () C:\Program Files\iTunes2014-05-29 10:39 - 2014-05-29 10:37 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-05-29 10:38 - 2014-05-29 10:38 - 00000000 ____D () C:\Program Files\iPod2014-05-23 10:57 - 2014-05-23 10:57 - 00007578 _____ () C:\Users\kmengarelli\Desktop\2014 Summer School.xlsx2014-05-21 15:37 - 2014-05-21 12:41 - 00017103 _____ () C:\Users\kmengarelli\Desktop\Mengarelli Map.xlsx2014-05-21 15:25 - 2014-05-21 15:17 - 00000000 ____D () C:\Users\kmengarelli\Desktop\Map Recommend Export2014-05-20 09:00 - 2014-04-23 14:17 - 00140616 _____ () C:\Users\kmengarelli\Desktop\Mandatory Tutoring.xlsx2014-05-16 09:51 - 2013-05-01 07:41 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-05-15 08:26 - 2014-05-15 08:26 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\GeoGebra 4.42014-05-14 06:59 - 2012-05-02 08:20 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-05-14 06:59 - 2012-05-02 08:20 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-05-14 06:59 - 2012-05-02 08:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-05-12 07:26 - 2014-04-15 13:21 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-05-12 07:26 - 2014-04-15 13:21 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-05-12 07:25 - 2012-05-02 10:08 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-05-11 17:58 - 2012-07-23 20:07 - 00000000 ____D () C:\Users\kmengarelli\Documents\SMART Notebook Some content of TEMP:====================C:\Users\Administrator\AppData\Local\Temp\InstallAX.exeC:\Users\kmengarelli\AppData\Local\Temp\adb.exeC:\Users\kmengarelli\AppData\Local\Temp\AdbWinApi.dllC:\Users\kmengarelli\AppData\Local\Temp\AdbWinUsbApi.dllC:\Users\kmengarelli\AppData\Local\Temp\AutoItX3.dllC:\Users\kmengarelli\AppData\Local\Temp\converter.exeC:\Users\kmengarelli\AppData\Local\Temp\DeviceRooter.exeC:\Users\kmengarelli\AppData\Local\Temp\DIFxAPI.dllC:\Users\kmengarelli\AppData\Local\Temp\DPInstx64.exeC:\Users\kmengarelli\AppData\Local\Temp\DPInstx86.exeC:\Users\kmengarelli\AppData\Local\Temp\DPInst_Monx64.exeC:\Users\kmengarelli\AppData\Local\Temp\DPInst_Monx86.exeC:\Users\kmengarelli\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpedrx0v.dllC:\Users\kmengarelli\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfpyusq.dllC:\Users\kmengarelli\AppData\Local\Temp\fx-runtime.exeC:\Users\kmengarelli\AppData\Local\Temp\javagiac0.8644454434339026.dllC:\Users\kmengarelli\AppData\Local\Temp\jna6178250079325307547.dllC:\Users\kmengarelli\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exeC:\Users\kmengarelli\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exeC:\Users\kmengarelli\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exeC:\Users\kmengarelli\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exeC:\Users\kmengarelli\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exeC:\Users\kmengarelli\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\kmengarelli\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exeC:\Users\kmengarelli\AppData\Local\Temp\KUIU.EXEC:\Users\kmengarelli\AppData\Local\Temp\LMkRstPt.exeC:\Users\kmengarelli\AppData\Local\Temp\OneClickRoot.exeC:\Users\kmengarelli\AppData\Local\Temp\OS_Detect.exeC:\Users\kmengarelli\AppData\Local\Temp\SMARTProductUpdate.exeC:\Users\kmengarelli\AppData\Local\Temp\uninst.exeC:\Users\kmengarelli\AppData\Local\Temp\Updater.exeC:\Users\kmengarelli\AppData\Local\Temp\vlc-2.0.4-win32.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-08 09:15 ==================== End Of Log ============================
  17. Premium member of Malwarebytes. I have attached the logs from farbar. Malwarebytes when I scan shows mysearchdial and I quarantine it but it returns on every scan. Can you please help me remove it? thanks, Kris
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.