Jump to content

mb warnings: blocking outgoing ips


Recommended Posts

Hi there - comp was recently re-imaged due to MBR problem and had trend micro alert that some access to a website was blocked so installed malwarebytes to check it out, but came up empty.

Malwarebytes is alerting that outgoing traffic is being blocked (e.g., IP-BLOCK 60.173.8.247 (Type: outgoing, Port: 137))

Thanks for your assistance!

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16483

Run by Ken at 10:38:00 on 2013-05-20

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16316.10483 [GMT -7:00]

.

AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\ProgramData\OfficeGuardianV2\UACProxy.exe

C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files (x86)\MaaS360\MaaS360 Visibility Service\EMSAgent.exe

C:\Program Files\EVault Software\Agent\VVAgent.exe

C:\Program Files\EVault Software\Agent\buagent.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe

C:\Windows\system32\taskhost.exe

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNTMon.exe

C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe

C:\Users\Ken\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

C:\Program Files\EVault Software\Agent Assistant\Maestro.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe

C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Lenovo\SimpleTap\GestureLauncher.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe

C:\ww\WallWatcher.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPcbt64.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe

C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe

c:\Program Files (x86)\Lenovo\System Update\SUService.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

C:\Windows\splwow64.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe

C:\Program Files (x86)\FileZilla FTP Client\fzsftp.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe

C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe

C:\Windows\system32\notepad.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\sysWow64\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.sodexousa.com/defaulthome

uDefault_Page_URL = hxxp://lenovo.msn.com

mWinlogon: Userinit = userinit.exe

BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

uRun: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart

uRun: [sacReminderHDDV2] C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe

uRun: [Amazon Cloud Player] C:\Users\Ken\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey

mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AGENTA~1.LNK - C:\Program Files\EVault Software\Agent Assistant\Maestro.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PGPTRA~1.LNK - C:\Windows\Installer\{3F32670E-45AE-4B23-AE86-CB21FAF19DDF}\Icon6560581611.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WALLWA~1.LNK - C:\ww\WallWatcher.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: dontdisplaylastusername = dword:1

IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"

IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

LSP: C:\Windows\System32\PGPlsp.dll

Trusted Zone: MarketConnection.com

Trusted Zone: MySodexho.com

Trusted Zone: MySodexo.com

Trusted Zone: Sodexo.com

DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - vpnweb.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{DB9C2C14-351E-4EA1-AE5B-53CE461ECF3F} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{DB9C2C14-351E-4EA1-AE5B-53CE461ECF3F} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= PGPmapih.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina PGPpwflt

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --

system-level --multi-install --chrome

x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

x64-Run: [TpShocks] TpShocks.exe

x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t

x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe

x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe

x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

x64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

Hosts: 107.21.133.199 example.sodexomyway.tahzoo.net

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\20fk60vm.default\

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Ken\AppData\Roaming\Mozilla\plugins\npatgpc.dll

FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-03-25 14:57; {F003DA68-8256-4b37-A6C4-350FA04494DF}; C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF - ExtSQL: 2013-04-27 18:51; fiddlerhook@fiddler2.com; C:\Program Files (x86)\Fiddler2\FiddlerHook

.

============= SERVICES / DRIVERS ===============

.

R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2011-2-25 30320]

R0 pgpfs;PGP File Sharing;C:\Windows\System32\drivers\PGPfsfd.sys [2013-2-1 182632]

R0 Pgpwdefs;Pgpwdefs;C:\Windows\System32\drivers\PGPwdefs.sys [2013-2-1 16320]

R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2010-6-16 23664]

R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2010-7-30 15400]

R1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\System32\drivers\nm3.sys [2010-6-9 46392]

R2 CFUACProxy_officeguardianv2;CFUACProxy_officeguardianv2;C:\ProgramData\OfficeGuardianV2\UACProxy.exe [2013-3-27 83824]

R2 EMSAgent;Maas360 Visibility Service;C:\Program Files (x86)\MaaS360\MaaS360 Visibility Service\EMSAgent.exe [2011-2-17 378216]

R2 EVault InfoStage Agent;EVault Software Agent;C:\Program Files\EVault Software\Agent\VVAgent.exe [2011-3-31 6488576]

R2 EVault InfoStage BUAgent;EVault Software BUAgent;C:\Program Files\EVault Software\Agent\buagent.exe [2011-3-31 10013184]

R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-2-25 50536]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2010-7-30 45496]

R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-2-25 74088]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-7-30 93032]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-9 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-9 701512]

R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2010-4-30 6237800]

R2 PGP RDD Service;PGP RDD Service;C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [2013-2-1 1589528]

R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2011-2-25 61952]

R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]

R2 svcGenericHost;Trend Micro Client/Server Security Agent;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2013-1-11 50208]

R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2012-7-17 344376]

R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys [2012-7-17 42808]

R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2010-7-30 63928]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-9-29 12728]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-25 2533400]

R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-9-9 475088]

R3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2011-9-9 106408]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2011-2-25 292864]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2011-2-25 295088]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-2-25 56344]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-1-3 79240]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-1-3 15752]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-9 25928]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]

R3 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2013-3-17 65872]

R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-8-8 918064]

R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2009-10-8 41536]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2011-2-25 163072]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-2-25 35104]

S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-2-25 164200]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2011-2-25 31152]

S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-2-25 75112]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-17 59392]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-9-29 126392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-16 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"

ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2013-05-18 07:41:15 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5741861F-D98B-483A-B16A-5FC9FD903EC3}\offreg.dll

2013-05-17 16:46:45 -------- d-----w- C:\Program Files\iPod

2013-05-17 16:46:44 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-05-17 16:46:44 -------- d-----w- C:\Program Files\iTunes

2013-05-17 16:46:44 -------- d-----w- C:\Program Files (x86)\iTunes

2013-05-17 16:40:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2013-05-17 16:40:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2013-05-17 16:40:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2013-05-17 16:40:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2013-05-17 16:40:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2013-05-17 16:40:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2013-05-17 16:40:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2013-05-17 12:32:21 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5741861F-D98B-483A-B16A-5FC9FD903EC3}\mpengine.dll

2013-05-15 19:06:12 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-15 19:06:12 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-05-15 18:02:20 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-05-15 18:02:20 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-05-15 18:02:20 144384 ----a-w- C:\Windows\System32\cdd.dll

2013-05-15 18:02:11 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-05-15 18:02:11 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-05-15 18:02:11 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-05-15 18:02:11 111448 ----a-w- C:\Windows\System32\consent.exe

2013-05-15 18:01:43 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-05-15 18:01:43 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-05-15 18:01:42 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-05-14 19:16:35 -------- d-----w- C:\Users\Ken\AppData\Local\Amazon Cloud Player

2013-05-14 18:18:28 -------- d-----r- C:\Users\Ken\Podcasts

2013-05-14 17:56:58 -------- d-----w- C:\Windows\System32\drivers\UMDF\zh-CN

2013-05-14 17:56:56 -------- d-----w- C:\Windows\System32\drivers\UMDF\ja-JP

2013-05-14 17:56:54 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-BR

2013-05-14 17:56:52 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-PT

2013-05-14 17:56:50 -------- d-----w- C:\Windows\System32\drivers\UMDF\nl-NL

2013-05-14 17:56:48 -------- d-----w- C:\Windows\System32\drivers\UMDF\it-IT

2013-05-14 17:56:46 -------- d-----w- C:\Windows\System32\drivers\UMDF\de-DE

2013-05-14 17:56:44 -------- d-----w- C:\Windows\System32\drivers\UMDF\fr-FR

2013-05-14 17:56:42 -------- d-----w- C:\Windows\System32\drivers\UMDF\es-ES

2013-05-14 17:55:52 -------- d-----w- C:\Windows\System32\ms-MY

2013-05-09 18:02:33 -------- d-----w- C:\Users\Ken\467D5E81834948929E81C3674ED8E451.TMP

2013-05-09 17:10:04 -------- d-----w- C:\Users\Ken\AppData\Roaming\Malwarebytes

2013-05-09 17:09:39 -------- d-----w- C:\ProgramData\Malwarebytes

2013-05-09 17:09:35 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-05-09 17:09:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-09 17:09:22 -------- d-----w- C:\Users\Ken\AppData\Local\Programs

2013-05-09 14:53:40 -------- d-----w- C:\ProgramData\HitmanPro

2013-05-07 22:06:23 119808 ----a-r- C:\Users\Ken\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe

2013-05-02 04:34:20 -------- d-----w- C:\Users\Ken\AppData\Local\gtk-2.0

2013-05-01 17:52:58 -------- d-----w- C:\Program Files\Microsoft Network Monitor 3

2013-04-30 17:59:28 -------- d-----w- C:\Users\Ken\AppData\Roaming\Wireshark

2013-04-30 17:45:21 -------- d-----w- C:\Program Files (x86)\WinPcap

2013-04-30 17:39:18 -------- d-----w- C:\Program Files\Wireshark

2013-04-29 22:58:46 -------- d-----w- C:\Users\Ken\AppData\Local\Macromedia

2013-04-28 01:51:30 -------- d-----w- C:\Program Files (x86)\Fiddler2

2013-04-24 17:34:59 -------- d-----w- C:\Users\Ken\AppData\Local\Mozilla

2013-04-24 17:34:49 263064 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2013-04-24 17:34:45 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe

2013-04-24 17:10:43 -------- d-----w- C:\Program Files\PGP Corporation

2013-04-24 16:29:47 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-23 22:32:35 -------- d-----w- C:\Program Files\CPUID

.

==================== Find3M ====================

.

2013-05-02 09:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-29 22:57:27 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-29 22:57:27 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-04-24 17:10:55 135198 ----a-w- C:\Windows\SysWow64\PGPlspRollback.reg

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-03-26 16:35:41 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-26 16:35:41 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-25 21:57:56 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-18 07:49:33 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2013-03-18 07:49:32 175616 ----a-w- C:\Windows\System32\msclmd.dll

.

============= FINISH: 10:39:15.07 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 3/8/2011 9:42:04 AM

System Uptime: 5/17/2013 10:09:59 AM (72 hours ago)

.

Motherboard: LENOVO | | 43192RU

Processor: Intel® Core i7 CPU Q 820 @ 1.73GHz | None | 1734/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 287 GiB total, 102.129 GiB free.

D: is CDROM ()

F: is FIXED (FAT32) - 466 GiB total, 262.018 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro L7600

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet Pro L7600

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco Systems VPN Adapter for 64-bit Windows

Device ID: ROOT\NET\0001

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter for 64-bit Windows

PNP Device ID: ROOT\NET\0001

Service: CVirtA

.

==== System Restore Points ===================

.

RP63: 5/14/2013 3:56:14 AM - Windows Update

RP65: 5/14/2013 10:54:41 AM - Installed Zune 4.8

RP66: 5/15/2013 12:03:11 PM - Windows Update

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

7500_7600_7700_Help1

Access Help

Adobe Acrobat 9 Pro

Adobe Acrobat 9.2.0 - CPSID_50026

Adobe AIR

Adobe Community Help

Adobe Creative Suite 5 Web Premium

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Reader 9.2

Amazon Cloud Player

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bing Bar

Bing Rewards Client Installer

Bonjour

bpd_scan_Carrier

BPDSoftware

BPDSoftware_Ini

BufferChm

Burn.Now 4.5

Cisco AnyConnect Secure Mobility Client

Cisco AnyConnect Secure Mobility Client

Cisco Systems VPN Client 5.0.07.0290

Cisco WebEx Meetings

Client Security - Password Manager

Conexant 20585 SmartAudio HD

Corel Burn.Now Lenovo Edition

Corel DVD MovieFactory 7

Corel DVD MovieFactory Lenovo Edition

Create Recovery Media

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Direct DiscRecorder

Disable AMT Profile Synchronization Pop-up for Windows Vista/7

Dropbox

eReg

EVault Software Agent

Extend360 Enforcement Agent

Fiddler

FileZilla Client 3.6.0.2

Google Chrome

Google Update Helper

HP OfficeJet L7300/L7500/7600/7700

hueyPRO for Lenovo (Version 1.2.4.1)

IE Block for 9 and 10

Integrated Camera Driver Installer Package Ver.1.1.0.19

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® PROSet/Wireless WiFi Software

Intel® Turbo Boost Technology Monitor

InterVideo WinDVD 8

iTunes

Java 7 Update 17

Java Auto Updater

join.me

Junk Mail filter update

L7000_Basic

Lenovo Auto Scroll Utility

Lenovo SimpleTap

Lenovo System Interface Driver

Lenovo ThinkVantage Toolbox

Lenovo Warranty Information

Lenovo Welcome

Logitech SetPoint 6.52

MaaS360 Software Uninstall Utility

MaaS360 Visibility Service

Malwarebytes Anti-Malware version 1.75.0.1300

Mesh Runtime

Message Center Plus

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Network Monitor 3.4

Microsoft Network Monitor: NetworkMonitor Parsers 3.4

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Communicator 2007 R2

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Touch Pack for Windows 7

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 3.0

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Mobile Broadband

Mozilla Firefox 20.0.1 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird 17.0.5 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NEC Electronics USB 3.0 Host Controller Driver

Network64

Notepad++

NVIDIA Display Control Panel

NVIDIA Drivers

NVIDIA Performance Drivers

On Screen Display

OpenDNS Updater 2.2.1

PDF Settings CS5

QuickTime

Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7

Rescue and Recovery

RICOH R5U230 Media Driver ver.2.06.02.02

Safari

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Symantec Encryption Desktop

System Update

ThinkPad Bluetooth with Enhanced Data Rate Software

ThinkPad FullScreen Magnifier

ThinkPad Modem Adapter

ThinkPad Power Management Driver

ThinkPad Power Manager

ThinkPad UltraNav Driver

ThinkPad UltraNav Utility

ThinkVantage Access Connections

ThinkVantage Active Protection System

ThinkVantage Communications Utility

ThinkVantage Fingerprint Software

Toolbox

Trend Micro Client/Server Security Agent

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

WallWatcher

WebReg

Windows 7 USB/DVD Download Tool

Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)

Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)

Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

Windows Driver Package - Intel (e1kexpress) Net (06/22/2010 11.5.10.1012)

Windows Driver Package - Intel (HECIx64) System (09/17/2009 6.0.0.1179)

Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)

Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)

Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)

Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)

Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07)

Windows Driver Package - Synaptics (SynTP) Mouse (04/22/2010 15.0.18.0)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Mobile Device Updater Component

WinPcap 4.1.2

Wireshark 1.8.6 (64-bit)

Zune

Zune Language Pack (CHS)

Zune Language Pack (CHT)

Zune Language Pack (CSY)

Zune Language Pack (DAN)

Zune Language Pack (DEU)

Zune Language Pack (ELL)

Zune Language Pack (ESP)

Zune Language Pack (FIN)

Zune Language Pack (FRA)

Zune Language Pack (HUN)

Zune Language Pack (IND)

Zune Language Pack (ITA)

Zune Language Pack (JPN)

Zune Language Pack (KOR)

Zune Language Pack (MSL)

Zune Language Pack (NLD)

Zune Language Pack (NOR)

Zune Language Pack (PLK)

Zune Language Pack (PTB)

Zune Language Pack (PTG)

Zune Language Pack (RUS)

Zune Language Pack (SVE)

.

==== Event Viewer Messages From Past Week ========

.

5/20/2013 6:56:42 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

5/17/2013 10:13:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

5/17/2013 10:11:26 AM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "0024D7910DD0" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.

5/15/2013 9:49:29 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

5/15/2013 9:41:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

5/15/2013 9:41:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

5/15/2013 9:40:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

5/15/2013 9:40:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

5/15/2013 9:40:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

5/15/2013 9:40:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

5/15/2013 9:40:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/15/2013 9:40:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

5/15/2013 9:37:12 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache lenovo.smi NetBIOS NetBT nm3 nsiproxy PGPsdkDriver Psched rdbss spldr tdx tmcomm tmtdi TPPWRIF vwififlt Wanarpv6 WfpLwf

5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The Trend Micro Client/Server Security Agent service depends on the Network Connections service which failed to start because of the following error: The dependency service or group failed to start.

5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The Trend Micro Client/Server Security Agent Listener service depends on the Network Connections service which failed to start because of the following error: The dependency service or group failed to start.

5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

5/15/2013 6:17:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.

5/15/2013 6:17:51 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/15/2013 6:17:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

5/15/2013 2:12:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

5/15/2013 2:11:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vpnagent service.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello unname and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------

In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Link to post
Share on other sites

Hi DFB,

Thanks for the welcome and thank you very much for evaluating the logs.

I discovered during the scans that perhaps I am going to have to reinstall the OS - MBAR was unable to complete because corruption or encryption - I'm guessing the latter as the comp is running pgp.

Then I couldn't turn off trend micro (pw req'd) so it alerted during combofix.

If you think there's still an opportunity to proceed, I'll happily oblige. Otherwise I'd hate to use any further of your's and the community's time.

Again, thanks for your help - even if ends here, I appreciate it.

Link to post
Share on other sites

Just because MBAR couldn't finish doesn't mean that TDSSKiller or ComboFix will do the same. Give those other programs a try, post their logs, and then we can re-evaluate once I get an idea of what we're facing. :)

Link to post
Share on other sites

Ok - thanks :)

--- TDSS --- (no threats found)

08:48:03.0774 7580 TDSS rootkit removing tool 2.8.17.0 Apr 11 2013 11:56:34

08:48:04.0245 7580 ============================================================

08:48:04.0245 7580 Current date / time: 2013/05/23 08:48:04.0245

08:48:04.0245 7580 SystemInfo:

08:48:04.0245 7580

08:48:04.0245 7580 OS Version: 6.1.7601 ServicePack: 1.0

08:48:04.0245 7580 Product type: Workstation

08:48:04.0245 7580 ComputerName: ESORKMASON

08:48:04.0245 7580 UserName: Ken

08:48:04.0245 7580 Windows directory: C:\Windows

08:48:04.0245 7580 System windows directory: C:\Windows

08:48:04.0245 7580 Running under WOW64

08:48:04.0245 7580 Processor architecture: Intel x64

08:48:04.0245 7580 Number of processors: 8

08:48:04.0245 7580 Page size: 0x1000

08:48:04.0245 7580 Boot type: Normal boot

08:48:04.0245 7580 ============================================================

08:48:04.0635 7580 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

08:48:04.0644 7580 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

08:48:04.0649 7580 ============================================================

08:48:04.0649 7580 \Device\Harddisk0\DR0:

08:48:04.0649 7580 MBR partitions:

08:48:04.0649 7580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000

08:48:04.0649 7580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x23E4D7F8

08:48:04.0649 7580 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x240A6000, BlocksNum 0x1388000

08:48:04.0649 7580 \Device\Harddisk1\DR1:

08:48:04.0650 7580 MBR partitions:

08:48:04.0650 7580 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02

08:48:04.0650 7580 ============================================================

08:48:04.0661 7580 F: <-> \Device\Harddisk1\DR1\Partition1

08:48:04.0661 7580 ============================================================

08:48:04.0661 7580 Initialize success

08:48:04.0661 7580 ============================================================

08:48:06.0012 8092 ============================================================

08:48:06.0012 8092 Scan started

08:48:06.0012 8092 Mode: Manual;

08:48:06.0012 8092 ============================================================

08:48:06.0061 8092 ================ Scan system memory ========================

08:48:06.0061 8092 System memory - ok

08:48:06.0061 8092 ================ Scan services =============================

08:48:06.0096 8092 1394ohci - ok

08:48:06.0115 8092 5U877 - ok

08:48:06.0121 8092 ACPI - ok

08:48:06.0124 8092 AcpiPmi - ok

08:48:06.0144 8092 AcPrfMgrSvc - ok

08:48:06.0174 8092 acsock - ok

08:48:06.0211 8092 AcSvc - ok

08:48:06.0251 8092 adp94xx - ok

08:48:06.0256 8092 adpahci - ok

08:48:06.0260 8092 adpu320 - ok

08:48:06.0266 8092 AeLookupSvc - ok

08:48:06.0289 8092 AFD - ok

08:48:06.0293 8092 agp440 - ok

08:48:06.0298 8092 ALG - ok

08:48:06.0303 8092 aliide - ok

08:48:06.0307 8092 amdide - ok

08:48:06.0312 8092 AmdK8 - ok

08:48:06.0317 8092 AmdPPM - ok

08:48:06.0321 8092 amdsata - ok

08:48:06.0326 8092 amdsbs - ok

08:48:06.0329 8092 amdxata - ok

08:48:06.0334 8092 AppID - ok

08:48:06.0338 8092 AppIDSvc - ok

08:48:06.0351 8092 Appinfo - ok

08:48:06.0362 8092 Apple Mobile Device - ok

08:48:06.0367 8092 AppMgmt - ok

08:48:06.0485 8092 arc - ok

08:48:06.0489 8092 arcsas - ok

08:48:06.0497 8092 AsyncMac - ok

08:48:06.0502 8092 atapi - ok

08:48:06.0507 8092 AudioEndpointBuilder - ok

08:48:06.0512 8092 AudioSrv - ok

08:48:06.0523 8092 AxInstSV - ok

08:48:06.0528 8092 b06bdrv - ok

08:48:06.0532 8092 b57nd60a - ok

08:48:06.0539 8092 BBSvc - ok

08:48:06.0544 8092 BBUpdate - ok

08:48:06.0549 8092 BDESVC - ok

08:48:06.0553 8092 Beep - ok

08:48:06.0567 8092 BESClient - ok

08:48:06.0574 8092 BFE - ok

08:48:06.0578 8092 BITS - ok

08:48:06.0583 8092 blbdrive - ok

08:48:06.0587 8092 Bonjour Service - ok

08:48:06.0592 8092 bowser - ok

08:48:06.0601 8092 BrFiltLo - ok

08:48:06.0606 8092 BrFiltUp - ok

08:48:06.0617 8092 BridgeMP - ok

08:48:06.0622 8092 Browser - ok

08:48:06.0627 8092 Brserid - ok

08:48:06.0632 8092 BrSerWdm - ok

08:48:06.0638 8092 BrUsbMdm - ok

08:48:06.0642 8092 BrUsbSer - ok

08:48:06.0647 8092 BthEnum - ok

08:48:06.0651 8092 BTHMODEM - ok

08:48:06.0655 8092 BthPan - ok

08:48:06.0663 8092 BTHPORT - ok

08:48:06.0667 8092 bthserv - ok

08:48:06.0672 8092 BTHUSB - ok

08:48:06.0683 8092 btwaudio - ok

08:48:06.0696 8092 btwavdt - ok

08:48:06.0706 8092 btwdins - ok

08:48:06.0710 8092 btwl2cap - ok

08:48:06.0714 8092 btwrchid - ok

08:48:06.0717 8092 catchme - ok

08:48:06.0728 8092 CAXHWAZL - ok

08:48:06.0732 8092 cdfs - ok

08:48:06.0746 8092 cdrom - ok

08:48:06.0750 8092 CertPropSvc - ok

08:48:06.0760 8092 CFUACProxy_officeguardianv2 - ok

08:48:06.0779 8092 circlass - ok

08:48:06.0783 8092 CLFS - ok

08:48:06.0786 8092 clr_optimization_v2.0.50727_32 - ok

08:48:06.0791 8092 clr_optimization_v2.0.50727_64 - ok

08:48:06.0795 8092 clr_optimization_v4.0.30319_32 - ok

08:48:06.0800 8092 clr_optimization_v4.0.30319_64 - ok

08:48:06.0809 8092 CmBatt - ok

08:48:06.0813 8092 cmdide - ok

08:48:06.0816 8092 CNG - ok

08:48:06.0820 8092 CnxtHdAudService - ok

08:48:06.0825 8092 Compbatt - ok

08:48:06.0828 8092 CompositeBus - ok

08:48:06.0832 8092 COMSysApp - ok

08:48:06.0836 8092 crcdisk - ok

08:48:06.0841 8092 CryptSvc - ok

08:48:06.0844 8092 CSC - ok

08:48:06.0848 8092 CscService - ok

08:48:06.0853 8092 CVirtA - ok

08:48:06.0856 8092 CVPND - ok

08:48:06.0869 8092 CVPNDRVA - ok

08:48:06.0875 8092 DcomLaunch - ok

08:48:06.0878 8092 defragsvc - ok

08:48:06.0882 8092 DfsC - ok

08:48:06.0886 8092 Dhcp - ok

08:48:06.0890 8092 discache - ok

08:48:06.0894 8092 Disk - ok

08:48:06.0898 8092 DNE - ok

08:48:06.0902 8092 Dnscache - ok

08:48:06.0905 8092 dot3svc - ok

08:48:06.0908 8092 DozeSvc - ok

08:48:06.0912 8092 DPS - ok

08:48:06.0917 8092 drmkaud - ok

08:48:06.0920 8092 DXGKrnl - ok

08:48:06.0924 8092 DzHDD64 - ok

08:48:06.0942 8092 e1kexpress - ok

08:48:06.0946 8092 EapHost - ok

08:48:06.0950 8092 ebdrv - ok

08:48:06.0953 8092 EFS - ok

08:48:06.0956 8092 ehRecvr - ok

08:48:06.0959 8092 ehSched - ok

08:48:06.0963 8092 elxstor - ok

08:48:06.0973 8092 EMSAgent - ok

08:48:06.0976 8092 ErrDev - ok

08:48:06.0986 8092 EVault InfoStage Agent - ok

08:48:06.0991 8092 EVault InfoStage BUAgent - ok

08:48:06.0995 8092 EventSystem - ok

08:48:06.0999 8092 EvtEng - ok

08:48:07.0003 8092 exfat - ok

08:48:07.0006 8092 fastfat - ok

08:48:07.0010 8092 Fax - ok

08:48:07.0014 8092 fdc - ok

08:48:07.0017 8092 fdPHost - ok

08:48:07.0021 8092 FDResPub - ok

08:48:07.0025 8092 FileInfo - ok

08:48:07.0028 8092 Filetrace - ok

08:48:07.0038 8092 FLEXnet Licensing Service - ok

08:48:07.0043 8092 flpydisk - ok

08:48:07.0046 8092 FltMgr - ok

08:48:07.0050 8092 FontCache - ok

08:48:07.0054 8092 FontCache3.0.0.0 - ok

08:48:07.0058 8092 FsDepends - ok

08:48:07.0062 8092 Fs_Rec - ok

08:48:07.0065 8092 fvevol - ok

08:48:07.0069 8092 gagp30kx - ok

08:48:07.0073 8092 GEARAspiWDM - ok

08:48:07.0077 8092 gpsvc - ok

08:48:07.0081 8092 gupdate - ok

08:48:07.0085 8092 gupdatem - ok

08:48:07.0089 8092 hcw85cir - ok

08:48:07.0103 8092 HdAudAddService - ok

08:48:07.0111 8092 HDAudBus - ok

08:48:07.0115 8092 HECIx64 - ok

08:48:07.0119 8092 HidBatt - ok

08:48:07.0123 8092 HidBth - ok

08:48:07.0126 8092 HidIr - ok

08:48:07.0130 8092 hidserv - ok

08:48:07.0133 8092 HidUsb - ok

08:48:07.0137 8092 hkmsvc - ok

08:48:07.0141 8092 HomeGroupListener - ok

08:48:07.0145 8092 HomeGroupProvider - ok

08:48:07.0149 8092 HpSAMD - ok

08:48:07.0153 8092 HPSLPSVC - ok

08:48:07.0163 8092 HsfXAudioService - ok

08:48:07.0166 8092 HSF_DPV - ok

08:48:07.0170 8092 HTTP - ok

08:48:07.0173 8092 hwpolicy - ok

08:48:07.0180 8092 i8042prt - ok

08:48:07.0183 8092 iaStor - ok

08:48:07.0186 8092 iaStorV - ok

08:48:07.0190 8092 IBMPMDRV - ok

08:48:07.0193 8092 IBMPMSVC - ok

08:48:07.0197 8092 idsvc - ok

08:48:07.0200 8092 igfx - ok

08:48:07.0204 8092 iirsp - ok

08:48:07.0207 8092 IKEEXT - ok

08:48:07.0212 8092 intelide - ok

08:48:07.0224 8092 intelppm - ok

08:48:07.0226 8092 IPBusEnum - ok

08:48:07.0229 8092 IpFilterDriver - ok

08:48:07.0232 8092 iphlpsvc - ok

08:48:07.0236 8092 IPMIDRV - ok

08:48:07.0239 8092 IPNAT - ok

08:48:07.0242 8092 iPod Service - ok

08:48:07.0245 8092 IRENUM - ok

08:48:07.0248 8092 isapnp - ok

08:48:07.0251 8092 iScsiPrt - ok

08:48:07.0263 8092 IviRegMgr - ok

08:48:07.0267 8092 kbdclass - ok

08:48:07.0270 8092 kbdhid - ok

08:48:07.0273 8092 KeyIso - ok

08:48:07.0276 8092 KSecDD - ok

08:48:07.0278 8092 KSecPkg - ok

08:48:07.0281 8092 ksthunk - ok

08:48:07.0287 8092 KtmRm - ok

08:48:07.0295 8092 LanmanServer - ok

08:48:07.0298 8092 LanmanWorkstation - ok

08:48:07.0301 8092 LBTServ - ok

08:48:07.0309 8092 LENOVO.CAMMUTE - ok

08:48:07.0312 8092 LENOVO.MICMUTE - ok

08:48:07.0315 8092 lenovo.smi - ok

08:48:07.0318 8092 LENOVO.TPKNRSVC - ok

08:48:07.0321 8092 Lenovo.VIRTSCRLSVC - ok

08:48:07.0325 8092 LEqdUsb - ok

08:48:07.0328 8092 LHidEqd - ok

08:48:07.0331 8092 LHidFilt - ok

08:48:07.0337 8092 lltdio - ok

08:48:07.0341 8092 lltdsvc - ok

08:48:07.0343 8092 lmhosts - ok

08:48:07.0347 8092 LMouFilt - ok

08:48:07.0350 8092 LMS - ok

08:48:07.0364 8092 LSI_FC - ok

08:48:07.0367 8092 LSI_SAS - ok

08:48:07.0370 8092 LSI_SAS2 - ok

08:48:07.0373 8092 LSI_SCSI - ok

08:48:07.0376 8092 luafv - ok

08:48:07.0390 8092 MBAMProtector - ok

08:48:07.0399 8092 MBAMScheduler - ok

08:48:07.0403 8092 MBAMService - ok

08:48:07.0406 8092 Mcx2Svc - ok

08:48:07.0409 8092 mdmxsdk - ok

08:48:07.0411 8092 megasas - ok

08:48:07.0415 8092 MegaSR - ok

08:48:07.0417 8092 Microsoft SharePoint Workspace Audit Service - ok

08:48:07.0427 8092 MMCSS - ok

08:48:07.0430 8092 Modem - ok

08:48:07.0433 8092 monitor - ok

08:48:07.0435 8092 mouclass - ok

08:48:07.0438 8092 mouhid - ok

08:48:07.0442 8092 mountmgr - ok

08:48:07.0445 8092 MozillaMaintenance - ok

08:48:07.0448 8092 mpio - ok

08:48:07.0451 8092 mpsdrv - ok

08:48:07.0454 8092 MpsSvc - ok

08:48:07.0457 8092 MRxDAV - ok

08:48:07.0460 8092 mrxsmb - ok

08:48:07.0462 8092 mrxsmb10 - ok

08:48:07.0465 8092 mrxsmb20 - ok

08:48:07.0468 8092 msahci - ok

08:48:07.0471 8092 msdsm - ok

08:48:07.0474 8092 MSDTC - ok

08:48:07.0486 8092 Msfs - ok

08:48:07.0489 8092 mshidkmdf - ok

08:48:07.0492 8092 msisadrv - ok

08:48:07.0495 8092 MSiSCSI - ok

08:48:07.0498 8092 msiserver - ok

08:48:07.0501 8092 MSKSSRV - ok

08:48:07.0504 8092 MSPCLOCK - ok

08:48:07.0507 8092 MSPQM - ok

08:48:07.0510 8092 MsRPC - ok

08:48:07.0515 8092 mssmbios - ok

08:48:07.0517 8092 MSTEE - ok

08:48:07.0523 8092 MTConfig - ok

08:48:07.0526 8092 Mup - ok

08:48:07.0529 8092 napagent - ok

08:48:07.0532 8092 NativeWifiP - ok

08:48:07.0535 8092 NDIS - ok

08:48:07.0538 8092 NdisCap - ok

08:48:07.0544 8092 NdisTapi - ok

08:48:07.0547 8092 Ndisuio - ok

08:48:07.0550 8092 NdisWan - ok

08:48:07.0553 8092 NDProxy - ok

08:48:07.0580 8092 Net Driver HPZ12 - ok

08:48:07.0584 8092 NetBIOS - ok

08:48:07.0588 8092 NetBT - ok

08:48:07.0591 8092 Netlogon - ok

08:48:07.0644 8092 Netman - ok

08:48:07.0650 8092 netprofm - ok

08:48:07.0653 8092 NetTcpPortSharing - ok

08:48:07.0657 8092 netw5v64 - ok

08:48:07.0660 8092 NETwNs64 - ok

08:48:07.0663 8092 nfrd960 - ok

08:48:07.0666 8092 NlaSvc - ok

08:48:07.0710 8092 nm3 - ok

08:48:07.0716 8092 NPF - ok

08:48:07.0719 8092 Npfs - ok

08:48:07.0722 8092 nsi - ok

08:48:07.0725 8092 nsiproxy - ok

08:48:07.0729 8092 Ntfs - ok

08:48:07.0733 8092 ntrtscan - ok

08:48:07.0736 8092 Null - ok

08:48:07.0743 8092 nusb3hub - ok

08:48:07.0746 8092 nusb3xhc - ok

08:48:07.0758 8092 NVHDA - ok

08:48:07.0762 8092 NVIDIA Performance Driver Service - ok

08:48:07.0765 8092 nvlddmkm - ok

08:48:07.0767 8092 nvraid - ok

08:48:07.0770 8092 nvstor - ok

08:48:07.0773 8092 nvsvc - ok

08:48:07.0782 8092 nv_agp - ok

08:48:07.0785 8092 ohci1394 - ok

08:48:07.0796 8092 ose - ok

08:48:07.0800 8092 osppsvc - ok

08:48:07.0805 8092 p2pimsvc - ok

08:48:07.0807 8092 p2psvc - ok

08:48:07.0810 8092 Parport - ok

08:48:07.0813 8092 partmgr - ok

08:48:07.0816 8092 PcaSvc - ok

08:48:07.0819 8092 pci - ok

08:48:07.0821 8092 pciide - ok

08:48:07.0824 8092 pcmcia - ok

08:48:07.0827 8092 pcw - ok

08:48:07.0830 8092 PEAUTH - ok

08:48:07.0833 8092 PeerDistSvc - ok

08:48:07.0838 8092 PerfHost - ok

08:48:07.0847 8092 PGP RDD Service - ok

08:48:07.0853 8092 PGPdisk - ok

08:48:07.0856 8092 pgpfs - ok

08:48:07.0861 8092 PGPsdkDriver - ok

08:48:07.0864 8092 PGPwded - ok

08:48:07.0868 8092 Pgpwdefs - ok

08:48:07.0871 8092 pla - ok

08:48:07.0879 8092 PlugPlay - ok

08:48:07.0883 8092 Pml Driver HPZ12 - ok

08:48:07.0892 8092 pmxdrv - ok

08:48:07.0895 8092 PNRPAutoReg - ok

08:48:07.0898 8092 PNRPsvc - ok

08:48:07.0901 8092 PolicyAgent - ok

08:48:07.0905 8092 Power - ok

08:48:07.0911 8092 Power Manager DBC Service - ok

08:48:07.0914 8092 PptpMiniport - ok

08:48:07.0917 8092 Processor - ok

08:48:07.0920 8092 ProfSvc - ok

08:48:07.0924 8092 ProtectedStorage - ok

08:48:07.0927 8092 psadd - ok

08:48:07.0963 8092 Psched - ok

08:48:07.0966 8092 ql2300 - ok

08:48:07.0969 8092 ql40xx - ok

08:48:07.0973 8092 QWAVE - ok

08:48:07.0976 8092 QWAVEdrv - ok

08:48:07.0979 8092 RasAcd - ok

08:48:08.0012 8092 RasAgileVpn - ok

08:48:08.0020 8092 RasAuto - ok

08:48:08.0025 8092 Rasl2tp - ok

08:48:08.0034 8092 RasMan - ok

08:48:08.0040 8092 RasPppoe - ok

08:48:08.0043 8092 RasSstp - ok

08:48:08.0046 8092 rdbss - ok

08:48:08.0049 8092 rdpbus - ok

08:48:08.0052 8092 RDPCDD - ok

08:48:08.0056 8092 RDPDR - ok

08:48:08.0081 8092 RDPENCDD - ok

08:48:08.0086 8092 RDPREFMP - ok

08:48:08.0089 8092 RDPWD - ok

08:48:08.0092 8092 rdyboost - ok

08:48:08.0131 8092 RegSrvc - ok

08:48:08.0135 8092 RemoteAccess - ok

08:48:08.0139 8092 RemoteRegistry - ok

08:48:08.0144 8092 RFCOMM - ok

08:48:08.0151 8092 rimspci - ok

08:48:08.0167 8092 rpcapd - ok

08:48:08.0184 8092 RpcEptMapper - ok

08:48:08.0188 8092 RpcLocator - ok

08:48:08.0191 8092 RpcSs - ok

08:48:08.0194 8092 rspndr - ok

08:48:08.0197 8092 s3cap - ok

08:48:08.0200 8092 SamSs - ok

08:48:08.0202 8092 sbp2port - ok

08:48:08.0205 8092 SCardSvr - ok

08:48:08.0208 8092 scfilter - ok

08:48:08.0211 8092 Schedule - ok

08:48:08.0214 8092 SCPolicySvc - ok

08:48:08.0217 8092 sdbus - ok

08:48:08.0220 8092 SDRSVC - ok

08:48:08.0222 8092 secdrv - ok

08:48:08.0225 8092 seclogon - ok

08:48:08.0234 8092 SENS - ok

08:48:08.0243 8092 SensrSvc - ok

08:48:08.0249 8092 Serenum - ok

08:48:08.0252 8092 Serial - ok

08:48:08.0256 8092 sermouse - ok

08:48:08.0263 8092 SessionEnv - ok

08:48:08.0268 8092 sffdisk - ok

08:48:08.0271 8092 sffp_mmc - ok

08:48:08.0274 8092 sffp_sd - ok

08:48:08.0277 8092 sfloppy - ok

08:48:08.0289 8092 SharedAccess - ok

08:48:08.0292 8092 ShellHWDetection - ok

08:48:08.0295 8092 Shockprf - ok

08:48:08.0304 8092 SiSRaid2 - ok

08:48:08.0307 8092 SiSRaid4 - ok

08:48:08.0310 8092 Smb - ok

08:48:08.0313 8092 smihlp - ok

08:48:08.0320 8092 SNMPTRAP - ok

08:48:08.0322 8092 spldr - ok

08:48:08.0325 8092 Spooler - ok

08:48:08.0328 8092 sppsvc - ok

08:48:08.0332 8092 sppuinotify - ok

08:48:08.0334 8092 srv - ok

08:48:08.0337 8092 srv2 - ok

08:48:08.0344 8092 SrvHsfHDA - ok

08:48:08.0347 8092 SrvHsfV92 - ok

08:48:08.0350 8092 SrvHsfWinac - ok

08:48:08.0352 8092 srvnet - ok

08:48:08.0355 8092 SSDPSRV - ok

08:48:08.0358 8092 SstpSvc - ok

08:48:08.0361 8092 stexstor - ok

08:48:08.0364 8092 StillCam - ok

08:48:08.0367 8092 stisvc - ok

08:48:08.0370 8092 storflt - ok

08:48:08.0372 8092 StorSvc - ok

08:48:08.0375 8092 storvsc - ok

08:48:08.0378 8092 SUService - ok

08:48:08.0384 8092 svcGenericHost - ok

08:48:08.0387 8092 swenum - ok

08:48:08.0391 8092 SwitchBoard - ok

08:48:08.0394 8092 swprv - ok

08:48:08.0397 8092 SynTP - ok

08:48:08.0400 8092 SysMain - ok

08:48:08.0403 8092 TabletInputService - ok

08:48:08.0406 8092 TapiSrv - ok

08:48:08.0409 8092 TBS - ok

08:48:08.0412 8092 Tcpip - ok

08:48:08.0415 8092 TCPIP6 - ok

08:48:08.0419 8092 tcpipreg - ok

08:48:08.0424 8092 TDPIPE - ok

08:48:08.0427 8092 TDTCP - ok

08:48:08.0431 8092 tdx - ok

08:48:08.0435 8092 TermDD - ok

08:48:08.0438 8092 TermService - ok

08:48:08.0442 8092 Themes - ok

08:48:08.0446 8092 ThinkVantage Registry Monitor Service - ok

08:48:08.0450 8092 THREADORDER - ok

08:48:08.0453 8092 tmactmon - ok

08:48:08.0460 8092 TMBMServer - ok

08:48:08.0463 8092 tmcomm - ok

08:48:08.0467 8092 tmevtmgr - ok

08:48:08.0478 8092 TmFilter - ok

08:48:08.0481 8092 tmlisten - ok

08:48:08.0499 8092 TmPreFilter - ok

08:48:08.0503 8092 TmProxy - ok

08:48:08.0506 8092 tmtdi - ok

08:48:08.0518 8092 TPDIGIMN - ok

08:48:08.0520 8092 TPHDEXLGSVC - ok

08:48:08.0523 8092 TPHKSVC - ok

08:48:08.0535 8092 TPM - ok

08:48:08.0538 8092 TPPWRIF - ok

08:48:08.0541 8092 TrkWks - ok

08:48:08.0544 8092 TrustedInstaller - ok

08:48:08.0548 8092 tssecsrv - ok

08:48:08.0552 8092 TsUsbFlt - ok

08:48:08.0568 8092 tunnel - ok

08:48:08.0571 8092 TurboB - ok

08:48:08.0574 8092 TurboBoost - ok

08:48:08.0577 8092 TVT Backup Service - ok

08:48:08.0580 8092 TVTI2C - ok

08:48:08.0583 8092 uagp35 - ok

08:48:08.0586 8092 udfs - ok

08:48:08.0591 8092 UI0Detect - ok

08:48:08.0595 8092 UleadBurningHelper - ok

08:48:08.0608 8092 uliagpkx - ok

08:48:08.0611 8092 umbus - ok

08:48:08.0614 8092 UmPass - ok

08:48:08.0617 8092 UmRdpService - ok

08:48:08.0619 8092 UNS - ok

08:48:08.0623 8092 upnphost - ok

08:48:08.0630 8092 USBAAPL64 - ok

08:48:08.0633 8092 usbccgp - ok

08:48:08.0636 8092 usbcir - ok

08:48:08.0639 8092 usbehci - ok

08:48:08.0642 8092 usbhub - ok

08:48:08.0646 8092 usbohci - ok

08:48:08.0648 8092 usbprint - ok

08:48:08.0651 8092 USBSTOR - ok

08:48:08.0654 8092 usbuhci - ok

08:48:08.0665 8092 usbvideo - ok

08:48:08.0668 8092 UxSms - ok

08:48:08.0670 8092 VaultSvc - ok

08:48:08.0680 8092 vdrvroot - ok

08:48:08.0685 8092 vds - ok

08:48:08.0689 8092 vga - ok

08:48:08.0693 8092 VgaSave - ok

08:48:08.0697 8092 vhdmp - ok

08:48:08.0701 8092 viaide - ok

08:48:08.0704 8092 vmbus - ok

08:48:08.0708 8092 VMBusHID - ok

08:48:08.0712 8092 volmgr - ok

08:48:08.0716 8092 volmgrx - ok

08:48:08.0720 8092 volsnap - ok

08:48:08.0725 8092 vpnagent - ok

08:48:08.0730 8092 vpnva - ok

08:48:08.0733 8092 VSApiNt - ok

08:48:08.0738 8092 vsmraid - ok

08:48:08.0742 8092 VSS - ok

08:48:08.0746 8092 vwifibus - ok

08:48:08.0755 8092 vwififlt - ok

08:48:08.0759 8092 W32Time - ok

08:48:08.0764 8092 WacomPen - ok

08:48:08.0768 8092 WANARP - ok

08:48:08.0779 8092 Wanarpv6 - ok

08:48:08.0787 8092 WatAdminSvc - ok

08:48:08.0791 8092 wbengine - ok

08:48:08.0795 8092 WbioSrvc - ok

08:48:08.0798 8092 wcncsvc - ok

08:48:08.0802 8092 WcsPlugInService - ok

08:48:08.0806 8092 Wd - ok

08:48:08.0810 8092 Wdf01000 - ok

08:48:08.0814 8092 WdiServiceHost - ok

08:48:08.0818 8092 WdiSystemHost - ok

08:48:08.0821 8092 WebClient - ok

08:48:08.0825 8092 Wecsvc - ok

08:48:08.0829 8092 wercplsupport - ok

08:48:08.0839 8092 WerSvc - ok

08:48:08.0843 8092 WfpLwf - ok

08:48:08.0847 8092 WIMMount - ok

08:48:08.0851 8092 winachsf - ok

08:48:08.0855 8092 WinDefend - ok

08:48:08.0861 8092 WinHttpAutoProxySvc - ok

08:48:08.0865 8092 Winmgmt - ok

08:48:08.0868 8092 WinRing0_1_2_0 - ok

08:48:08.0873 8092 WinRM - ok

08:48:08.0880 8092 WinUsb - ok

08:48:08.0884 8092 Wlansvc - ok

08:48:08.0888 8092 wlcrasvc - ok

08:48:08.0891 8092 wlidsvc - ok

08:48:08.0896 8092 WmiAcpi - ok

08:48:08.0901 8092 wmiApSrv - ok

08:48:08.0905 8092 WMPNetworkSvc - ok

08:48:08.0941 8092 WMZuneComm - ok

08:48:08.0948 8092 WPCSvc - ok

08:48:08.0954 8092 WPDBusEnum - ok

08:48:08.0960 8092 ws2ifsl - ok

08:48:08.0969 8092 wscsvc - ok

08:48:08.0973 8092 WSearch - ok

08:48:08.0978 8092 wuauserv - ok

08:48:08.0981 8092 WudfPf - ok

08:48:08.0984 8092 WUDFRd - ok

08:48:08.0987 8092 wudfsvc - ok

08:48:08.0990 8092 WwanSvc - ok

08:48:08.0993 8092 XAudio - ok

08:48:08.0998 8092 ZuneNetworkSvc - ok

08:48:09.0001 8092 ZuneWlanCfgSvc - ok

08:48:09.0037 8092 ================ Scan global ===============================

08:48:09.0038 8092 [Global] - ok

08:48:09.0039 8092 ================ Scan MBR ==================================

08:48:09.0060 8092 [ CDAD75D3EC5E1B28A473CCFC6744F488 ] \Device\Harddisk0\DR0

08:48:09.0202 8092 \Device\Harddisk0\DR0 - ok

08:48:09.0207 8092 [ 8464D19686910A2E5D0E5C28C70A95AB ] \Device\Harddisk1\DR1

08:48:09.0215 8092 \Device\Harddisk1\DR1 - ok

08:48:09.0216 8092 ================ Scan VBR ==================================

08:48:09.0230 8092 [ FE19E7DA9B62030FC3AFD08FA6B0AF8B ] \Device\Harddisk0\DR0\Partition1

08:48:09.0230 8092 \Device\Harddisk0\DR0\Partition1 - ok

08:48:09.0244 8092 [ 405733900A3B9D5FE0A587752BB69B6E ] \Device\Harddisk0\DR0\Partition2

08:48:09.0244 8092 \Device\Harddisk0\DR0\Partition2 - ok

08:48:09.0274 8092 [ 6E867FD1EBEA65EEE887B8FFE2138BC7 ] \Device\Harddisk0\DR0\Partition3

08:48:09.0275 8092 \Device\Harddisk0\DR0\Partition3 - ok

08:48:09.0280 8092 [ 27A125B82848D7DE4BC0F6772A187D22 ] \Device\Harddisk1\DR1\Partition1

08:48:09.0282 8092 \Device\Harddisk1\DR1\Partition1 - ok

08:48:09.0283 8092 ============================================================

08:48:09.0283 8092 Scan finished

08:48:09.0283 8092 ============================================================

08:48:09.0302 8224 Detected object count: 0

08:48:09.0302 8224 Actual detected object count: 0

08:48:03.0774 7580 TDSS rootkit removing tool 2.8.17.0 Apr 11 2013 11:56:34

08:48:04.0245 7580 ============================================================

08:48:04.0245 7580 Current date / time: 2013/05/23 08:48:04.0245

08:48:04.0245 7580 SystemInfo:

08:48:04.0245 7580

08:48:04.0245 7580 OS Version: 6.1.7601 ServicePack: 1.0

08:48:04.0245 7580 Product type: Workstation

08:48:04.0245 7580 ComputerName: ESORKMASON

08:48:04.0245 7580 UserName: Ken

08:48:04.0245 7580 Windows directory: C:\Windows

08:48:04.0245 7580 System windows directory: C:\Windows

08:48:04.0245 7580 Running under WOW64

08:48:04.0245 7580 Processor architecture: Intel x64

08:48:04.0245 7580 Number of processors: 8

08:48:04.0245 7580 Page size: 0x1000

08:48:04.0245 7580 Boot type: Normal boot

08:48:04.0245 7580 ============================================================

08:48:04.0635 7580 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

08:48:04.0644 7580 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

08:48:04.0649 7580 ============================================================

08:48:04.0649 7580 \Device\Harddisk0\DR0:

08:48:04.0649 7580 MBR partitions:

08:48:04.0649 7580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000

08:48:04.0649 7580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x23E4D7F8

08:48:04.0649 7580 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x240A6000, BlocksNum 0x1388000

08:48:04.0649 7580 \Device\Harddisk1\DR1:

08:48:04.0650 7580 MBR partitions:

08:48:04.0650 7580 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02

08:48:04.0650 7580 ============================================================

08:48:04.0661 7580 F: <-> \Device\Harddisk1\DR1\Partition1

08:48:04.0661 7580 ============================================================

08:48:04.0661 7580 Initialize success

08:48:04.0661 7580 ============================================================

08:48:06.0012 8092 ============================================================

08:48:06.0012 8092 Scan started

08:48:06.0012 8092 Mode: Manual;

08:48:06.0012 8092 ============================================================

08:48:06.0061 8092 ================ Scan system memory ========================

08:48:06.0061 8092 System memory - ok

08:48:06.0061 8092 ================ Scan services =============================

08:48:06.0096 8092 1394ohci - ok

08:48:06.0115 8092 5U877 - ok

08:48:06.0121 8092 ACPI - ok

08:48:06.0124 8092 AcpiPmi - ok

08:48:06.0144 8092 AcPrfMgrSvc - ok

08:48:06.0174 8092 acsock - ok

08:48:06.0211 8092 AcSvc - ok

08:48:06.0251 8092 adp94xx - ok

08:48:06.0256 8092 adpahci - ok

08:48:06.0260 8092 adpu320 - ok

08:48:06.0266 8092 AeLookupSvc - ok

08:48:06.0289 8092 AFD - ok

08:48:06.0293 8092 agp440 - ok

08:48:06.0298 8092 ALG - ok

08:48:06.0303 8092 aliide - ok

08:48:06.0307 8092 amdide - ok

08:48:06.0312 8092 AmdK8 - ok

08:48:06.0317 8092 AmdPPM - ok

08:48:06.0321 8092 amdsata - ok

08:48:06.0326 8092 amdsbs - ok

08:48:06.0329 8092 amdxata - ok

08:48:06.0334 8092 AppID - ok

08:48:06.0338 8092 AppIDSvc - ok

08:48:06.0351 8092 Appinfo - ok

08:48:06.0362 8092 Apple Mobile Device - ok

08:48:06.0367 8092 AppMgmt - ok

08:48:06.0485 8092 arc - ok

08:48:06.0489 8092 arcsas - ok

08:48:06.0497 8092 AsyncMac - ok

08:48:06.0502 8092 atapi - ok

08:48:06.0507 8092 AudioEndpointBuilder - ok

08:48:06.0512 8092 AudioSrv - ok

08:48:06.0523 8092 AxInstSV - ok

08:48:06.0528 8092 b06bdrv - ok

08:48:06.0532 8092 b57nd60a - ok

08:48:06.0539 8092 BBSvc - ok

08:48:06.0544 8092 BBUpdate - ok

08:48:06.0549 8092 BDESVC - ok

08:48:06.0553 8092 Beep - ok

08:48:06.0567 8092 BESClient - ok

08:48:06.0574 8092 BFE - ok

08:48:06.0578 8092 BITS - ok

08:48:06.0583 8092 blbdrive - ok

08:48:06.0587 8092 Bonjour Service - ok

08:48:06.0592 8092 bowser - ok

08:48:06.0601 8092 BrFiltLo - ok

08:48:06.0606 8092 BrFiltUp - ok

08:48:06.0617 8092 BridgeMP - ok

08:48:06.0622 8092 Browser - ok

08:48:06.0627 8092 Brserid - ok

08:48:06.0632 8092 BrSerWdm - ok

08:48:06.0638 8092 BrUsbMdm - ok

08:48:06.0642 8092 BrUsbSer - ok

08:48:06.0647 8092 BthEnum - ok

08:48:06.0651 8092 BTHMODEM - ok

08:48:06.0655 8092 BthPan - ok

08:48:06.0663 8092 BTHPORT - ok

08:48:06.0667 8092 bthserv - ok

08:48:06.0672 8092 BTHUSB - ok

08:48:06.0683 8092 btwaudio - ok

08:48:06.0696 8092 btwavdt - ok

08:48:06.0706 8092 btwdins - ok

08:48:06.0710 8092 btwl2cap - ok

08:48:06.0714 8092 btwrchid - ok

08:48:06.0717 8092 catchme - ok

08:48:06.0728 8092 CAXHWAZL - ok

08:48:06.0732 8092 cdfs - ok

08:48:06.0746 8092 cdrom - ok

08:48:06.0750 8092 CertPropSvc - ok

08:48:06.0760 8092 CFUACProxy_officeguardianv2 - ok

08:48:06.0779 8092 circlass - ok

08:48:06.0783 8092 CLFS - ok

08:48:06.0786 8092 clr_optimization_v2.0.50727_32 - ok

08:48:06.0791 8092 clr_optimization_v2.0.50727_64 - ok

08:48:06.0795 8092 clr_optimization_v4.0.30319_32 - ok

08:48:06.0800 8092 clr_optimization_v4.0.30319_64 - ok

08:48:06.0809 8092 CmBatt - ok

08:48:06.0813 8092 cmdide - ok

08:48:06.0816 8092 CNG - ok

08:48:06.0820 8092 CnxtHdAudService - ok

08:48:06.0825 8092 Compbatt - ok

08:48:06.0828 8092 CompositeBus - ok

08:48:06.0832 8092 COMSysApp - ok

08:48:06.0836 8092 crcdisk - ok

08:48:06.0841 8092 CryptSvc - ok

08:48:06.0844 8092 CSC - ok

08:48:06.0848 8092 CscService - ok

08:48:06.0853 8092 CVirtA - ok

08:48:06.0856 8092 CVPND - ok

08:48:06.0869 8092 CVPNDRVA - ok

08:48:06.0875 8092 DcomLaunch - ok

08:48:06.0878 8092 defragsvc - ok

08:48:06.0882 8092 DfsC - ok

08:48:06.0886 8092 Dhcp - ok

08:48:06.0890 8092 discache - ok

08:48:06.0894 8092 Disk - ok

08:48:06.0898 8092 DNE - ok

08:48:06.0902 8092 Dnscache - ok

08:48:06.0905 8092 dot3svc - ok

08:48:06.0908 8092 DozeSvc - ok

08:48:06.0912 8092 DPS - ok

08:48:06.0917 8092 drmkaud - ok

08:48:06.0920 8092 DXGKrnl - ok

08:48:06.0924 8092 DzHDD64 - ok

08:48:06.0942 8092 e1kexpress - ok

08:48:06.0946 8092 EapHost - ok

08:48:06.0950 8092 ebdrv - ok

08:48:06.0953 8092 EFS - ok

08:48:06.0956 8092 ehRecvr - ok

08:48:06.0959 8092 ehSched - ok

08:48:06.0963 8092 elxstor - ok

08:48:06.0973 8092 EMSAgent - ok

08:48:06.0976 8092 ErrDev - ok

08:48:06.0986 8092 EVault InfoStage Agent - ok

08:48:06.0991 8092 EVault InfoStage BUAgent - ok

08:48:06.0995 8092 EventSystem - ok

08:48:06.0999 8092 EvtEng - ok

08:48:07.0003 8092 exfat - ok

08:48:07.0006 8092 fastfat - ok

08:48:07.0010 8092 Fax - ok

08:48:07.0014 8092 fdc - ok

08:48:07.0017 8092 fdPHost - ok

08:48:07.0021 8092 FDResPub - ok

08:48:07.0025 8092 FileInfo - ok

08:48:07.0028 8092 Filetrace - ok

08:48:07.0038 8092 FLEXnet Licensing Service - ok

08:48:07.0043 8092 flpydisk - ok

08:48:07.0046 8092 FltMgr - ok

08:48:07.0050 8092 FontCache - ok

08:48:07.0054 8092 FontCache3.0.0.0 - ok

08:48:07.0058 8092 FsDepends - ok

08:48:07.0062 8092 Fs_Rec - ok

08:48:07.0065 8092 fvevol - ok

08:48:07.0069 8092 gagp30kx - ok

08:48:07.0073 8092 GEARAspiWDM - ok

08:48:07.0077 8092 gpsvc - ok

08:48:07.0081 8092 gupdate - ok

08:48:07.0085 8092 gupdatem - ok

08:48:07.0089 8092 hcw85cir - ok

08:48:07.0103 8092 HdAudAddService - ok

08:48:07.0111 8092 HDAudBus - ok

08:48:07.0115 8092 HECIx64 - ok

08:48:07.0119 8092 HidBatt - ok

08:48:07.0123 8092 HidBth - ok

08:48:07.0126 8092 HidIr - ok

08:48:07.0130 8092 hidserv - ok

08:48:07.0133 8092 HidUsb - ok

08:48:07.0137 8092 hkmsvc - ok

08:48:07.0141 8092 HomeGroupListener - ok

08:48:07.0145 8092 HomeGroupProvider - ok

08:48:07.0149 8092 HpSAMD - ok

08:48:07.0153 8092 HPSLPSVC - ok

08:48:07.0163 8092 HsfXAudioService - ok

08:48:07.0166 8092 HSF_DPV - ok

08:48:07.0170 8092 HTTP - ok

08:48:07.0173 8092 hwpolicy - ok

08:48:07.0180 8092 i8042prt - ok

08:48:07.0183 8092 iaStor - ok

08:48:07.0186 8092 iaStorV - ok

08:48:07.0190 8092 IBMPMDRV - ok

08:48:07.0193 8092 IBMPMSVC - ok

08:48:07.0197 8092 idsvc - ok

08:48:07.0200 8092 igfx - ok

08:48:07.0204 8092 iirsp - ok

08:48:07.0207 8092 IKEEXT - ok

08:48:07.0212 8092 intelide - ok

08:48:07.0224 8092 intelppm - ok

08:48:07.0226 8092 IPBusEnum - ok

08:48:07.0229 8092 IpFilterDriver - ok

08:48:07.0232 8092 iphlpsvc - ok

08:48:07.0236 8092 IPMIDRV - ok

08:48:07.0239 8092 IPNAT - ok

08:48:07.0242 8092 iPod Service - ok

08:48:07.0245 8092 IRENUM - ok

08:48:07.0248 8092 isapnp - ok

08:48:07.0251 8092 iScsiPrt - ok

08:48:07.0263 8092 IviRegMgr - ok

08:48:07.0267 8092 kbdclass - ok

08:48:07.0270 8092 kbdhid - ok

08:48:07.0273 8092 KeyIso - ok

08:48:07.0276 8092 KSecDD - ok

08:48:07.0278 8092 KSecPkg - ok

08:48:07.0281 8092 ksthunk - ok

08:48:07.0287 8092 KtmRm - ok

08:48:07.0295 8092 LanmanServer - ok

08:48:07.0298 8092 LanmanWorkstation - ok

08:48:07.0301 8092 LBTServ - ok

08:48:07.0309 8092 LENOVO.CAMMUTE - ok

08:48:07.0312 8092 LENOVO.MICMUTE - ok

08:48:07.0315 8092 lenovo.smi - ok

08:48:07.0318 8092 LENOVO.TPKNRSVC - ok

08:48:07.0321 8092 Lenovo.VIRTSCRLSVC - ok

08:48:07.0325 8092 LEqdUsb - ok

08:48:07.0328 8092 LHidEqd - ok

08:48:07.0331 8092 LHidFilt - ok

08:48:07.0337 8092 lltdio - ok

08:48:07.0341 8092 lltdsvc - ok

08:48:07.0343 8092 lmhosts - ok

08:48:07.0347 8092 LMouFilt - ok

08:48:07.0350 8092 LMS - ok

08:48:07.0364 8092 LSI_FC - ok

08:48:07.0367 8092 LSI_SAS - ok

08:48:07.0370 8092 LSI_SAS2 - ok

08:48:07.0373 8092 LSI_SCSI - ok

08:48:07.0376 8092 luafv - ok

08:48:07.0390 8092 MBAMProtector - ok

08:48:07.0399 8092 MBAMScheduler - ok

08:48:07.0403 8092 MBAMService - ok

08:48:07.0406 8092 Mcx2Svc - ok

08:48:07.0409 8092 mdmxsdk - ok

08:48:07.0411 8092 megasas - ok

08:48:07.0415 8092 MegaSR - ok

08:48:07.0417 8092 Microsoft SharePoint Workspace Audit Service - ok

08:48:07.0427 8092 MMCSS - ok

08:48:07.0430 8092 Modem - ok

08:48:07.0433 8092 monitor - ok

08:48:07.0435 8092 mouclass - ok

08:48:07.0438 8092 mouhid - ok

08:48:07.0442 8092 mountmgr - ok

08:48:07.0445 8092 MozillaMaintenance - ok

08:48:07.0448 8092 mpio - ok

08:48:07.0451 8092 mpsdrv - ok

08:48:07.0454 8092 MpsSvc - ok

08:48:07.0457 8092 MRxDAV - ok

08:48:07.0460 8092 mrxsmb - ok

08:48:07.0462 8092 mrxsmb10 - ok

08:48:07.0465 8092 mrxsmb20 - ok

08:48:07.0468 8092 msahci - ok

08:48:07.0471 8092 msdsm - ok

08:48:07.0474 8092 MSDTC - ok

08:48:07.0486 8092 Msfs - ok

08:48:07.0489 8092 mshidkmdf - ok

08:48:07.0492 8092 msisadrv - ok

08:48:07.0495 8092 MSiSCSI - ok

08:48:07.0498 8092 msiserver - ok

08:48:07.0501 8092 MSKSSRV - ok

08:48:07.0504 8092 MSPCLOCK - ok

08:48:07.0507 8092 MSPQM - ok

08:48:07.0510 8092 MsRPC - ok

08:48:07.0515 8092 mssmbios - ok

08:48:07.0517 8092 MSTEE - ok

08:48:07.0523 8092 MTConfig - ok

08:48:07.0526 8092 Mup - ok

08:48:07.0529 8092 napagent - ok

08:48:07.0532 8092 NativeWifiP - ok

08:48:07.0535 8092 NDIS - ok

08:48:07.0538 8092 NdisCap - ok

08:48:07.0544 8092 NdisTapi - ok

08:48:07.0547 8092 Ndisuio - ok

08:48:07.0550 8092 NdisWan - ok

08:48:07.0553 8092 NDProxy - ok

08:48:07.0580 8092 Net Driver HPZ12 - ok

08:48:07.0584 8092 NetBIOS - ok

08:48:07.0588 8092 NetBT - ok

08:48:07.0591 8092 Netlogon - ok

08:48:07.0644 8092 Netman - ok

08:48:07.0650 8092 netprofm - ok

08:48:07.0653 8092 NetTcpPortSharing - ok

08:48:07.0657 8092 netw5v64 - ok

08:48:07.0660 8092 NETwNs64 - ok

08:48:07.0663 8092 nfrd960 - ok

08:48:07.0666 8092 NlaSvc - ok

08:48:07.0710 8092 nm3 - ok

08:48:07.0716 8092 NPF - ok

08:48:07.0719 8092 Npfs - ok

08:48:07.0722 8092 nsi - ok

08:48:07.0725 8092 nsiproxy - ok

08:48:07.0729 8092 Ntfs - ok

08:48:07.0733 8092 ntrtscan - ok

08:48:07.0736 8092 Null - ok

08:48:07.0743 8092 nusb3hub - ok

08:48:07.0746 8092 nusb3xhc - ok

08:48:07.0758 8092 NVHDA - ok

08:48:07.0762 8092 NVIDIA Performance Driver Service - ok

08:48:07.0765 8092 nvlddmkm - ok

08:48:07.0767 8092 nvraid - ok

08:48:07.0770 8092 nvstor - ok

08:48:07.0773 8092 nvsvc - ok

08:48:07.0782 8092 nv_agp - ok

08:48:07.0785 8092 ohci1394 - ok

08:48:07.0796 8092 ose - ok

08:48:07.0800 8092 osppsvc - ok

08:48:07.0805 8092 p2pimsvc - ok

08:48:07.0807 8092 p2psvc - ok

08:48:07.0810 8092 Parport - ok

08:48:07.0813 8092 partmgr - ok

08:48:07.0816 8092 PcaSvc - ok

08:48:07.0819 8092 pci - ok

08:48:07.0821 8092 pciide - ok

08:48:07.0824 8092 pcmcia - ok

08:48:07.0827 8092 pcw - ok

08:48:07.0830 8092 PEAUTH - ok

08:48:07.0833 8092 PeerDistSvc - ok

08:48:07.0838 8092 PerfHost - ok

08:48:07.0847 8092 PGP RDD Service - ok

08:48:07.0853 8092 PGPdisk - ok

08:48:07.0856 8092 pgpfs - ok

08:48:07.0861 8092 PGPsdkDriver - ok

08:48:07.0864 8092 PGPwded - ok

08:48:07.0868 8092 Pgpwdefs - ok

08:48:07.0871 8092 pla - ok

08:48:07.0879 8092 PlugPlay - ok

08:48:07.0883 8092 Pml Driver HPZ12 - ok

08:48:07.0892 8092 pmxdrv - ok

08:48:07.0895 8092 PNRPAutoReg - ok

08:48:07.0898 8092 PNRPsvc - ok

08:48:07.0901 8092 PolicyAgent - ok

08:48:07.0905 8092 Power - ok

08:48:07.0911 8092 Power Manager DBC Service - ok

08:48:07.0914 8092 PptpMiniport - ok

08:48:07.0917 8092 Processor - ok

08:48:07.0920 8092 ProfSvc - ok

08:48:07.0924 8092 ProtectedStorage - ok

08:48:07.0927 8092 psadd - ok

08:48:07.0963 8092 Psched - ok

08:48:07.0966 8092 ql2300 - ok

08:48:07.0969 8092 ql40xx - ok

08:48:07.0973 8092 QWAVE - ok

08:48:07.0976 8092 QWAVEdrv - ok

08:48:07.0979 8092 RasAcd - ok

08:48:08.0012 8092 RasAgileVpn - ok

08:48:08.0020 8092 RasAuto - ok

08:48:08.0025 8092 Rasl2tp - ok

08:48:08.0034 8092 RasMan - ok

08:48:08.0040 8092 RasPppoe - ok

08:48:08.0043 8092 RasSstp - ok

08:48:08.0046 8092 rdbss - ok

08:48:08.0049 8092 rdpbus - ok

08:48:08.0052 8092 RDPCDD - ok

08:48:08.0056 8092 RDPDR - ok

08:48:08.0081 8092 RDPENCDD - ok

08:48:08.0086 8092 RDPREFMP - ok

08:48:08.0089 8092 RDPWD - ok

08:48:08.0092 8092 rdyboost - ok

08:48:08.0131 8092 RegSrvc - ok

08:48:08.0135 8092 RemoteAccess - ok

08:48:08.0139 8092 RemoteRegistry - ok

08:48:08.0144 8092 RFCOMM - ok

08:48:08.0151 8092 rimspci - ok

08:48:08.0167 8092 rpcapd - ok

08:48:08.0184 8092 RpcEptMapper - ok

08:48:08.0188 8092 RpcLocator - ok

08:48:08.0191 8092 RpcSs - ok

08:48:08.0194 8092 rspndr - ok

08:48:08.0197 8092 s3cap - ok

08:48:08.0200 8092 SamSs - ok

08:48:08.0202 8092 sbp2port - ok

08:48:08.0205 8092 SCardSvr - ok

08:48:08.0208 8092 scfilter - ok

08:48:08.0211 8092 Schedule - ok

08:48:08.0214 8092 SCPolicySvc - ok

08:48:08.0217 8092 sdbus - ok

08:48:08.0220 8092 SDRSVC - ok

08:48:08.0222 8092 secdrv - ok

08:48:08.0225 8092 seclogon - ok

08:48:08.0234 8092 SENS - ok

08:48:08.0243 8092 SensrSvc - ok

08:48:08.0249 8092 Serenum - ok

08:48:08.0252 8092 Serial - ok

08:48:08.0256 8092 sermouse - ok

08:48:08.0263 8092 SessionEnv - ok

08:48:08.0268 8092 sffdisk - ok

08:48:08.0271 8092 sffp_mmc - ok

08:48:08.0274 8092 sffp_sd - ok

08:48:08.0277 8092 sfloppy - ok

08:48:08.0289 8092 SharedAccess - ok

08:48:08.0292 8092 ShellHWDetection - ok

08:48:08.0295 8092 Shockprf - ok

08:48:08.0304 8092 SiSRaid2 - ok

08:48:08.0307 8092 SiSRaid4 - ok

08:48:08.0310 8092 Smb - ok

08:48:08.0313 8092 smihlp - ok

08:48:08.0320 8092 SNMPTRAP - ok

08:48:08.0322 8092 spldr - ok

08:48:08.0325 8092 Spooler - ok

08:48:08.0328 8092 sppsvc - ok

08:48:08.0332 8092 sppuinotify - ok

08:48:08.0334 8092 srv - ok

08:48:08.0337 8092 srv2 - ok

08:48:08.0344 8092 SrvHsfHDA - ok

08:48:08.0347 8092 SrvHsfV92 - ok

08:48:08.0350 8092 SrvHsfWinac - ok

08:48:08.0352 8092 srvnet - ok

08:48:08.0355 8092 SSDPSRV - ok

08:48:08.0358 8092 SstpSvc - ok

08:48:08.0361 8092 stexstor - ok

08:48:08.0364 8092 StillCam - ok

08:48:08.0367 8092 stisvc - ok

08:48:08.0370 8092 storflt - ok

08:48:08.0372 8092 StorSvc - ok

08:48:08.0375 8092 storvsc - ok

08:48:08.0378 8092 SUService - ok

08:48:08.0384 8092 svcGenericHost - ok

08:48:08.0387 8092 swenum - ok

08:48:08.0391 8092 SwitchBoard - ok

08:48:08.0394 8092 swprv - ok

08:48:08.0397 8092 SynTP - ok

08:48:08.0400 8092 SysMain - ok

08:48:08.0403 8092 TabletInputService - ok

08:48:08.0406 8092 TapiSrv - ok

08:48:08.0409 8092 TBS - ok

08:48:08.0412 8092 Tcpip - ok

08:48:08.0415 8092 TCPIP6 - ok

08:48:08.0419 8092 tcpipreg - ok

08:48:08.0424 8092 TDPIPE - ok

08:48:08.0427 8092 TDTCP - ok

08:48:08.0431 8092 tdx - ok

08:48:08.0435 8092 TermDD - ok

08:48:08.0438 8092 TermService - ok

08:48:08.0442 8092 Themes - ok

08:48:08.0446 8092 ThinkVantage Registry Monitor Service - ok

08:48:08.0450 8092 THREADORDER - ok

08:48:08.0453 8092 tmactmon - ok

08:48:08.0460 8092 TMBMServer - ok

08:48:08.0463 8092 tmcomm - ok

08:48:08.0467 8092 tmevtmgr - ok

08:48:08.0478 8092 TmFilter - ok

08:48:08.0481 8092 tmlisten - ok

08:48:08.0499 8092 TmPreFilter - ok

08:48:08.0503 8092 TmProxy - ok

08:48:08.0506 8092 tmtdi - ok

08:48:08.0518 8092 TPDIGIMN - ok

08:48:08.0520 8092 TPHDEXLGSVC - ok

08:48:08.0523 8092 TPHKSVC - ok

08:48:08.0535 8092 TPM - ok

08:48:08.0538 8092 TPPWRIF - ok

08:48:08.0541 8092 TrkWks - ok

08:48:08.0544 8092 TrustedInstaller - ok

08:48:08.0548 8092 tssecsrv - ok

08:48:08.0552 8092 TsUsbFlt - ok

08:48:08.0568 8092 tunnel - ok

08:48:08.0571 8092 TurboB - ok

08:48:08.0574 8092 TurboBoost - ok

08:48:08.0577 8092 TVT Backup Service - ok

08:48:08.0580 8092 TVTI2C - ok

08:48:08.0583 8092 uagp35 - ok

08:48:08.0586 8092 udfs - ok

08:48:08.0591 8092 UI0Detect - ok

08:48:08.0595 8092 UleadBurningHelper - ok

08:48:08.0608 8092 uliagpkx - ok

08:48:08.0611 8092 umbus - ok

08:48:08.0614 8092 UmPass - ok

08:48:08.0617 8092 UmRdpService - ok

08:48:08.0619 8092 UNS - ok

08:48:08.0623 8092 upnphost - ok

08:48:08.0630 8092 USBAAPL64 - ok

08:48:08.0633 8092 usbccgp - ok

08:48:08.0636 8092 usbcir - ok

08:48:08.0639 8092 usbehci - ok

08:48:08.0642 8092 usbhub - ok

08:48:08.0646 8092 usbohci - ok

08:48:08.0648 8092 usbprint - ok

08:48:08.0651 8092 USBSTOR - ok

08:48:08.0654 8092 usbuhci - ok

08:48:08.0665 8092 usbvideo - ok

08:48:08.0668 8092 UxSms - ok

08:48:08.0670 8092 VaultSvc - ok

08:48:08.0680 8092 vdrvroot - ok

08:48:08.0685 8092 vds - ok

08:48:08.0689 8092 vga - ok

08:48:08.0693 8092 VgaSave - ok

08:48:08.0697 8092 vhdmp - ok

08:48:08.0701 8092 viaide - ok

08:48:08.0704 8092 vmbus - ok

08:48:08.0708 8092 VMBusHID - ok

08:48:08.0712 8092 volmgr - ok

08:48:08.0716 8092 volmgrx - ok

08:48:08.0720 8092 volsnap - ok

08:48:08.0725 8092 vpnagent - ok

08:48:08.0730 8092 vpnva - ok

08:48:08.0733 8092 VSApiNt - ok

08:48:08.0738 8092 vsmraid - ok

08:48:08.0742 8092 VSS - ok

08:48:08.0746 8092 vwifibus - ok

08:48:08.0755 8092 vwififlt - ok

08:48:08.0759 8092 W32Time - ok

08:48:08.0764 8092 WacomPen - ok

08:48:08.0768 8092 WANARP - ok

08:48:08.0779 8092 Wanarpv6 - ok

08:48:08.0787 8092 WatAdminSvc - ok

08:48:08.0791 8092 wbengine - ok

08:48:08.0795 8092 WbioSrvc - ok

08:48:08.0798 8092 wcncsvc - ok

08:48:08.0802 8092 WcsPlugInService - ok

08:48:08.0806 8092 Wd - ok

08:48:08.0810 8092 Wdf01000 - ok

08:48:08.0814 8092 WdiServiceHost - ok

08:48:08.0818 8092 WdiSystemHost - ok

08:48:08.0821 8092 WebClient - ok

08:48:08.0825 8092 Wecsvc - ok

08:48:08.0829 8092 wercplsupport - ok

08:48:08.0839 8092 WerSvc - ok

08:48:08.0843 8092 WfpLwf - ok

08:48:08.0847 8092 WIMMount - ok

08:48:08.0851 8092 winachsf - ok

08:48:08.0855 8092 WinDefend - ok

08:48:08.0861 8092 WinHttpAutoProxySvc - ok

08:48:08.0865 8092 Winmgmt - ok

08:48:08.0868 8092 WinRing0_1_2_0 - ok

08:48:08.0873 8092 WinRM - ok

08:48:08.0880 8092 WinUsb - ok

08:48:08.0884 8092 Wlansvc - ok

08:48:08.0888 8092 wlcrasvc - ok

08:48:08.0891 8092 wlidsvc - ok

08:48:08.0896 8092 WmiAcpi - ok

08:48:08.0901 8092 wmiApSrv - ok

08:48:08.0905 8092 WMPNetworkSvc - ok

08:48:08.0941 8092 WMZuneComm - ok

08:48:08.0948 8092 WPCSvc - ok

08:48:08.0954 8092 WPDBusEnum - ok

08:48:08.0960 8092 ws2ifsl - ok

08:48:08.0969 8092 wscsvc - ok

08:48:08.0973 8092 WSearch - ok

08:48:08.0978 8092 wuauserv - ok

08:48:08.0981 8092 WudfPf - ok

08:48:08.0984 8092 WUDFRd - ok

08:48:08.0987 8092 wudfsvc - ok

08:48:08.0990 8092 WwanSvc - ok

08:48:08.0993 8092 XAudio - ok

08:48:08.0998 8092 ZuneNetworkSvc - ok

08:48:09.0001 8092 ZuneWlanCfgSvc - ok

08:48:09.0037 8092 ================ Scan global ===============================

08:48:09.0038 8092 [Global] - ok

08:48:09.0039 8092 ================ Scan MBR ==================================

08:48:09.0060 8092 [ CDAD75D3EC5E1B28A473CCFC6744F488 ] \Device\Harddisk0\DR0

08:48:09.0202 8092 \Device\Harddisk0\DR0 - ok

08:48:09.0207 8092 [ 8464D19686910A2E5D0E5C28C70A95AB ] \Device\Harddisk1\DR1

08:48:09.0215 8092 \Device\Harddisk1\DR1 - ok

08:48:09.0216 8092 ================ Scan VBR ==================================

08:48:09.0230 8092 [ FE19E7DA9B62030FC3AFD08FA6B0AF8B ] \Device\Harddisk0\DR0\Partition1

08:48:09.0230 8092 \Device\Harddisk0\DR0\Partition1 - ok

08:48:09.0244 8092 [ 405733900A3B9D5FE0A587752BB69B6E ] \Device\Harddisk0\DR0\Partition2

08:48:09.0244 8092 \Device\Harddisk0\DR0\Partition2 - ok

08:48:09.0274 8092 [ 6E867FD1EBEA65EEE887B8FFE2138BC7 ] \Device\Harddisk0\DR0\Partition3

08:48:09.0275 8092 \Device\Harddisk0\DR0\Partition3 - ok

08:48:09.0280 8092 [ 27A125B82848D7DE4BC0F6772A187D22 ] \Device\Harddisk1\DR1\Partition1

08:48:09.0282 8092 \Device\Harddisk1\DR1\Partition1 - ok

08:48:09.0283 8092 ============================================================

08:48:09.0283 8092 Scan finished

08:48:09.0283 8092 ============================================================

08:48:09.0302 8224 Detected object count: 0

08:48:09.0302 8224 Actual detected object count: 0

---COMBOFIX---

ComboFix 13-05-22.01 - Ken 05/22/2013 21:53:16.2.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16316.13440 [GMT -7:00]

Running from: c:\users\Ken\Desktop\ComboFix.exe

AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}

SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\Installer\{3F32670E-45AE-4B23-AE86-CB21FAF19DDF}\Icon6560581611.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-04-23 to 2013-05-23 )))))))))))))))))))))))))))))))

.

.

2013-05-23 05:12 . 2013-05-23 05:12 -------- d-----w- c:\users\Sodexo\AppData\Local\temp

2013-05-23 05:12 . 2013-05-23 05:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-23 04:55 . 2013-05-23 04:55 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FC2F7BB-844B-4475-A04F-90803C6E8D66}\offreg.dll

2013-05-22 20:11 . 2013-05-22 20:11 -------- d-----w- c:\program files (x86)\7-Zip

2013-05-21 10:02 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FC2F7BB-844B-4475-A04F-90803C6E8D66}\mpengine.dll

2013-05-17 16:46 . 2013-05-17 16:46 -------- d-----w- c:\program files\iPod

2013-05-17 16:46 . 2013-05-17 16:47 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-05-17 16:46 . 2013-05-17 16:47 -------- d-----w- c:\program files\iTunes

2013-05-17 16:46 . 2013-05-17 16:47 -------- d-----w- c:\program files (x86)\iTunes

2013-05-17 16:40 . 2013-05-17 16:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2013-05-17 16:40 . 2013-05-17 16:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2013-05-17 16:40 . 2013-05-17 16:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2013-05-17 16:40 . 2013-05-17 16:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2013-05-17 16:40 . 2013-05-17 16:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2013-05-17 16:40 . 2013-05-17 16:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2013-05-17 16:40 . 2013-05-17 16:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2013-05-17 16:40 . 2013-05-17 16:40 -------- d-----w- c:\program files (x86)\QuickTime

2013-05-15 19:06 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll

2013-05-15 19:06 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-05-15 19:06 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-05-15 18:02 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-15 18:02 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-05-15 18:02 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll

2013-05-15 18:02 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe

2013-05-15 18:02 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll

2013-05-15 18:02 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll

2013-05-15 18:02 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll

2013-05-15 18:02 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll

2013-05-15 18:02 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-05-15 18:01 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll

2013-05-15 18:01 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll

2013-05-15 18:01 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-05-14 19:16 . 2013-05-14 19:17 -------- d-----w- c:\users\Ken\AppData\Local\Amazon Cloud Player

2013-05-14 18:18 . 2013-05-15 19:46 -------- d-----r- c:\users\Ken\Podcasts

2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\zh-CN

2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP

2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-BR

2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT

2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL

2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT

2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE

2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR

2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES

2013-05-14 17:55 . 2013-05-14 17:55 -------- d-----w- c:\windows\system32\ms-MY

2013-05-14 17:55 . 2013-05-14 17:57 -------- d-----w- c:\program files\Zune

2013-05-09 18:02 . 2013-05-09 18:02 -------- d-----w- c:\users\Ken\467D5E81834948929E81C3674ED8E451.TMP

2013-05-09 17:10 . 2013-05-09 17:10 -------- d-----w- c:\users\Ken\AppData\Roaming\Malwarebytes

2013-05-09 17:09 . 2013-05-09 17:09 -------- d-----w- c:\programdata\Malwarebytes

2013-05-09 17:09 . 2013-05-09 17:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-05-09 17:09 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-09 17:09 . 2013-05-09 17:09 -------- d-----w- c:\users\Ken\AppData\Local\Programs

2013-05-09 14:53 . 2013-05-09 15:06 -------- d-----w- c:\programdata\HitmanPro

2013-05-07 22:06 . 2013-05-07 22:06 119808 ----a-r- c:\users\Ken\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe

2013-05-02 04:34 . 2013-05-10 20:56 -------- d-----w- c:\users\Ken\AppData\Local\gtk-2.0

2013-05-01 17:52 . 2013-05-01 17:52 -------- d-----w- c:\program files\Microsoft Network Monitor 3

2013-04-30 17:59 . 2013-05-09 22:27 -------- d-----w- c:\users\Ken\AppData\Roaming\Wireshark

2013-04-30 17:45 . 2013-04-30 17:45 -------- d-----w- c:\program files (x86)\WinPcap

2013-04-30 17:39 . 2013-04-30 17:45 -------- d-----w- c:\program files\Wireshark

2013-04-29 22:58 . 2013-04-29 22:58 -------- d-----w- c:\users\Ken\AppData\Local\Macromedia

2013-04-28 01:51 . 2013-04-28 01:51 -------- d-----w- c:\program files (x86)\Fiddler2

2013-04-25 18:51 . 2013-04-25 19:01 -------- d-----w- c:\users\Ken\AppData\Roaming\Notepad++

2013-04-25 18:51 . 2013-04-25 18:51 -------- d-----w- c:\program files (x86)\Notepad++

2013-04-24 17:34 . 2013-04-24 17:34 -------- d-----w- c:\users\Ken\AppData\Local\Mozilla

2013-04-24 17:34 . 2013-04-10 06:58 263064 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll

2013-04-24 17:34 . 2013-04-10 06:58 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe

2013-04-24 17:10 . 2013-04-24 17:10 -------- d-----w- c:\program files\PGP Corporation

2013-04-24 16:29 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-23 22:32 . 2013-04-23 22:32 -------- d-----w- c:\program files\CPUID

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-17 17:12 . 2010-06-24 19:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-15 19:13 . 2013-03-16 13:57 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-02 09:06 . 2013-03-16 05:51 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-29 22:57 . 2013-04-19 02:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-29 22:57 . 2013-04-19 02:55 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-04-24 17:10 . 2013-03-16 15:49 135198 ----a-w- c:\windows\SysWow64\PGPlspRollback.reg

2013-04-13 05:49 . 2013-05-15 18:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 18:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 18:02 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 18:02 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 18:02 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 18:02 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-03-26 16:35 . 2013-03-26 16:36 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-26 16:35 . 2013-03-26 16:36 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-03-25 21:58 . 2013-03-25 21:58 53248 ----a-r- c:\users\Ken\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2013-03-25 21:57 . 2013-03-25 21:57 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2013-03-19 06:04 . 2013-04-10 08:07 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-10 08:07 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 08:07 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 08:07 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 08:07 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 08:07 112640 ----a-w- c:\windows\system32\smss.exe

2013-03-18 07:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2013-03-18 07:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2013-03-16 06:31 . 2013-03-16 06:31 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-03-16 06:31 . 2013-03-16 06:31 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2013-03-16 06:31 . 2013-03-16 06:31 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-03-16 06:31 . 2013-03-16 06:31 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2013-03-16 06:31 . 2013-03-16 06:31 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2013-03-16 06:31 . 2013-03-16 06:31 65024 ----a-w- c:\windows\system32\pngfilt.dll

2013-03-16 06:31 . 2013-03-16 06:31 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-03-16 06:31 . 2013-03-16 06:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-03-16 06:31 . 2013-03-16 06:31 367104 ----a-w- c:\windows\SysWow64\html.iec

2013-03-16 06:31 . 2013-03-16 06:31 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-03-16 06:31 . 2013-03-16 06:31 267776 ----a-w- c:\windows\system32\ieaksie.dll

2013-03-16 06:31 . 2013-03-16 06:31 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-03-16 06:31 . 2013-03-16 06:31 222208 ----a-w- c:\windows\system32\msls31.dll

2013-03-16 06:31 . 2013-03-16 06:31 197120 ----a-w- c:\windows\system32\msrating.dll

2013-03-16 06:31 . 2013-03-16 06:31 163840 ----a-w- c:\windows\system32\ieakui.dll

2013-03-16 06:31 . 2013-03-16 06:31 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2013-03-16 06:31 . 2013-03-16 06:31 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2013-03-16 06:31 . 2013-03-16 06:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-03-16 06:31 . 2013-03-16 06:31 149504 ----a-w- c:\windows\system32\occache.dll

2013-03-16 06:31 . 2013-03-16 06:31 12288 ----a-w- c:\windows\system32\mshta.exe

2013-03-16 06:31 . 2013-03-16 06:31 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2013-03-16 06:31 . 2013-03-16 06:31 114176 ----a-w- c:\windows\system32\admparse.dll

2013-03-16 06:31 . 2013-03-16 06:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-03-16 06:31 . 2013-03-16 06:31 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2013-03-16 06:31 . 2013-03-16 06:31 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-03-16 06:31 . 2013-03-16 06:31 89088 ----a-w- c:\windows\system32\ie4uinit.exe

2013-03-16 06:31 . 2013-03-16 06:31 85504 ----a-w- c:\windows\system32\iesetup.dll

2013-03-16 06:31 . 2013-03-16 06:31 82432 ----a-w- c:\windows\system32\icardie.dll

2013-03-16 06:31 . 2013-03-16 06:31 76800 ----a-w- c:\windows\system32\tdc.ocx

2013-03-16 06:31 . 2013-03-16 06:31 55296 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-03-16 06:31 . 2013-03-16 06:31 534528 ----a-w- c:\windows\system32\ieapfltr.dll

2013-03-16 06:31 . 2013-03-16 06:31 49664 ----a-w- c:\windows\system32\imgutil.dll

2013-03-16 06:31 . 2013-03-16 06:31 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-03-16 06:31 . 2013-03-16 06:31 452608 ----a-w- c:\windows\system32\dxtmsft.dll

2013-03-16 06:31 . 2013-03-16 06:31 448512 ----a-w- c:\windows\system32\html.iec

2013-03-16 06:31 . 2013-03-16 06:31 403248 ----a-w- c:\windows\system32\iedkcs32.dll

2013-03-16 06:31 . 2013-03-16 06:31 39936 ----a-w- c:\windows\system32\iernonce.dll

2013-03-16 06:31 . 2013-03-16 06:31 3695416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-03-16 06:31 . 2013-03-16 06:31 30720 ----a-w- c:\windows\system32\licmgr10.dll

2013-03-16 06:31 . 2013-03-16 06:31 282112 ----a-w- c:\windows\system32\dxtrans.dll

2013-03-16 06:31 . 2013-03-16 06:31 249344 ----a-w- c:\windows\system32\webcheck.dll

2013-03-16 06:31 . 2013-03-16 06:31 165888 ----a-w- c:\windows\system32\iexpress.exe

2013-03-16 06:31 . 2013-03-16 06:31 160256 ----a-w- c:\windows\system32\wextract.exe

2013-03-16 06:31 . 2013-03-16 06:31 160256 ----a-w- c:\windows\system32\ieakeng.dll

2013-03-16 06:31 . 2013-03-16 06:31 145920 ----a-w- c:\windows\system32\iepeers.dll

2013-03-16 06:31 . 2013-03-16 06:31 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-03-16 06:31 . 2013-03-16 06:31 111616 ----a-w- c:\windows\system32\iesysprep.dll

2013-03-16 06:31 . 2013-03-16 06:31 10752 ----a-w- c:\windows\system32\msfeedssync.exe

2013-03-16 06:31 . 2013-03-16 06:31 103936 ----a-w- c:\windows\system32\inseng.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IconOverlayHandlerAccessible]

@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"

[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]

2013-02-02 00:18 1196640 ----a-w- c:\windows\SysWOW64\PGPfsshl.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SacReminderHDDV2"="c:\programdata\OfficeGuardianV2\reminder\SacReminder.exe" [2012-06-28 464752]

"OpenDNS Updater"="c:\program files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]

"Amazon Cloud Player"="c:\users\Ken\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-05-10 3086656]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-08-24 1129832]

"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2013-03-19 2112536]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]

"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-05-03 112152]

"Communicator"="c:\program files (x86)\Microsoft Office Communicator\communicator.exe" [2013-04-10 5164712]

"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-09-09 523216]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Agent Assistant.lnk - c:\program files\EVault Software\Agent Assistant\Maestro.exe [2011-2-17 286720]

PGP Tray.lnk - c:\windows\Installer\{3F32670E-45AE-4B23-AE86-CB21FAF19DDF}\Icon6560581611.exe [N/A]

Wall Watcher.lnk - c:\ww\WallWatcher.exe [2013-3-17 476160]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

R2 CFUACProxy_officeguardianv2;CFUACProxy_officeguardianv2;c:\programdata\OfficeGuardianV2\UACProxy.exe [2012-06-28 83824]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-12-15 163072]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]

R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-08-24 164200]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-02-26 31152]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-08-24 75112]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 126392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-16 1255736]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Ken\Downloads\RealTemp_370\WinRing0x64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2010-08-24 30320]

S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [2013-02-02 182632]

S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys [2013-02-02 16320]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2010-06-16 23664]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]

S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [2010-06-10 46392]

S2 EMSAgent;Maas360 Visibility Service;c:\program files (x86)\MaaS360\MaaS360 Visibility Service\EMSAgent.exe [2011-02-18 378216]

S2 EVault InfoStage Agent;EVault Software Agent;c:\program files\EVault Software\Agent\VVAgent.exe [2011-04-01 6488576]

S2 EVault InfoStage BUAgent;EVault Software BUAgent;c:\program files\EVault Software\Agent\buagent.exe [2011-04-01 10013184]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]

S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088]

S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]

S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2010-04-30 6237800]

S2 PGP RDD Service;PGP RDD Service;c:\program files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [2013-02-02 1589528]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]

S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]

S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2013-01-11 50208]

S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2012-07-17 344376]

S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2012-07-17 42808]

S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-30 12728]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]

S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-09-09 475088]

S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2011-09-09 106408]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-30 292864]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-06-22 295088]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2013-01-03 79240]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2013-01-03 15752]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]

S3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2012-10-30 65872]

S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-08-09 918064]

S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 41536]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-05-21 18:17 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.93\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19 20:05]

.

2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19 20:05]

.

2013-05-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\uaclauncher.exe [2010-11-12 01:34]

.

2013-05-23 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\pcdrcui.exe [2010-11-12 01:34]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IconOverlayHandlerAccessible]

@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"

[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]

2013-02-02 00:19 1983024 ----a-w- c:\windows\System32\PGPfsshl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

"TpShocks"="TpShocks.exe" [2010-07-02 380776]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-15 307768]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]

"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-18 31592]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.sodexousa.com/defaulthome

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

LSP: c:\windows\system32\PGPlsp.dll

Trusted Zone: MarketConnection.com

Trusted Zone: MarketConnection.com\www

Trusted Zone: MySodexho.com

Trusted Zone: MySodexho.com\www

Trusted Zone: MySodexo.com

Trusted Zone: MySodexo.com\www

Trusted Zone: Sodexo.com

Trusted Zone: Sodexo.com\www

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{DB9C2C14-351E-4EA1-AE5B-53CE461ECF3F}: NameServer = 8.8.8.8,8.8.4.4

DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - vpnweb.cab

FF - ProfilePath - c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\20fk60vm.default\

FF - ExtSQL: 2013-03-25 14:57; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF - ExtSQL: 2013-04-27 18:51; fiddlerhook@fiddler2.com; c:\program files (x86)\Fiddler2\FiddlerHook

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-05-22 22:38:35

ComboFix-quarantined-files.txt 2013-05-23 05:38

ComboFix2.txt 2013-05-23 04:29

.

Pre-Run: 112,818,311,168 bytes free

Post-Run: 112,736,075,776 bytes free

.

- - End Of File - - EEF08E3A9F09CBB82076FED08D748DFE

Link to post
Share on other sites

No worries. :)

Please do the following:

We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:

    [*]Save it to your desktop.

    [*]Double click on the otlicon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Change the "Extra Registry" option to "SafeList"

    [*]Push the runscan.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

How is your computer running now?

Link to post
Share on other sites

Computer seems to be running fine - still have those ip block alerts - although mb said trial is over so maybe that protection is no longer happening.

OTL logfile created on: 5/23/2013 11:29:53 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ken\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.93 Gb Total Physical Memory | 11.62 Gb Available Physical Memory | 72.93% Memory free

31.86 Gb Paging File | 26.97 Gb Available in Paging File | 84.63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 287.15 Gb Total Space | 104.83 Gb Free Space | 36.51% Space Free | Partition Type: NTFS

Drive F: | 465.65 Gb Total Space | 275.39 Gb Free Space | 59.14% Space Free | Partition Type: FAT32

Computer Name: ESORKMASON | User Name: Ken | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/23 11:26:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe

PRC - [2013/05/23 08:43:11 | 000,890,902 | ---- | M] () -- C:\Users\Ken\Desktop\SecurityCheck.exe

PRC - [2013/05/17 14:35:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013/04/10 14:44:20 | 005,164,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013/02/01 17:19:08 | 001,589,528 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe

PRC - [2013/02/01 17:19:04 | 004,195,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe

PRC - [2013/01/11 15:31:14 | 000,050,208 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe

PRC - [2013/01/11 15:29:18 | 000,024,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe

PRC - [2012/11/29 14:59:32 | 008,212,480 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe

PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE

PRC - [2011/09/09 10:08:56 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

PRC - [2011/02/17 22:34:26 | 000,378,216 | ---- | M] (Fiberlink Communications Corp.) -- C:\Program Files (x86)\MaaS360\MaaS360 Visibility Service\EMSAgent.exe

PRC - [2010/12/23 00:35:38 | 000,476,160 | ---- | M] (DMT and Associates) -- C:\ww\WallWatcher.exe

PRC - [2010/09/17 18:51:10 | 000,357,736 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe

PRC - [2010/09/17 18:50:54 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe

PRC - [2010/09/17 18:50:48 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe

PRC - [2010/07/30 00:07:50 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe

PRC - [2010/07/27 14:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

PRC - [2010/07/27 14:51:54 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe

PRC - [2010/07/27 14:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe

PRC - [2010/07/27 01:05:02 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

PRC - [2010/06/16 14:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe

PRC - [2010/05/02 20:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/05/02 20:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/04/25 21:46:34 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe

PRC - [2010/04/06 22:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe

PRC - [2010/04/06 22:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

PRC - [2010/04/06 20:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe

PRC - [2010/04/02 01:40:18 | 015,946,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe

PRC - [2010/03/31 22:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

PRC - [2010/02/22 13:49:08 | 002,370,632 | ---- | M] (BigFix Inc.) -- C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe

PRC - [2010/02/22 04:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

PRC - [2010/02/10 16:40:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe

PRC - [2009/11/23 21:51:20 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

PRC - [2009/10/02 23:32:51 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

PRC - [2009/08/28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2009/03/05 00:28:28 | 000,059,760 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe

PRC - [2008/01/10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

PRC - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/23 08:43:11 | 000,890,902 | ---- | M] () -- C:\Users\Ken\Desktop\SecurityCheck.exe

MOD - [2013/05/17 14:35:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ppgooglenaclpluginchrome.dll

MOD - [2013/05/17 14:35:41 | 013,136,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\PepperFlash\pepflashplayer.dll

MOD - [2013/05/17 14:35:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\pdf.dll

MOD - [2013/05/17 14:34:47 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\libglesv2.dll

MOD - [2013/05/17 14:34:47 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\libegl.dll

MOD - [2013/05/17 14:34:45 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ffmpegsumo.dll

MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2012/11/29 14:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2010/06/16 14:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe

MOD - [2010/04/02 01:41:58 | 000,568,768 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\configuration\KnowledgeEngines\PHP_KnowledgeEngine.dll

MOD - [2010/04/02 01:41:56 | 000,649,152 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\configuration\KnowledgeEngines\JS_KnowledgeEngine.dll

MOD - [2010/04/02 01:41:12 | 005,014,464 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\configuration\flash player\authplay.dll

MOD - [2010/04/02 01:41:06 | 004,350,912 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\configuration\browsers\webkit\WebKit.dll

MOD - [2010/04/02 01:40:56 | 000,823,744 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Workspace.dll

MOD - [2010/04/02 01:40:50 | 000,165,312 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\ssleay32.dll

MOD - [2010/04/02 01:40:36 | 000,849,344 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\libeay32.dll

MOD - [2010/02/22 04:50:20 | 000,060,416 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\zlib1.dll

MOD - [2010/01/02 07:42:28 | 000,018,207 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\mingwm10.dll

MOD - [2003/01/02 23:32:06 | 000,020,480 | ---- | M] () -- C:\ww\NetUtils.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/02/08 11:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)

SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)

SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)

SRV:64bit: - [2011/03/31 22:58:12 | 006,488,576 | ---- | M] () [Auto | Running] -- C:\Program Files\EVault Software\Agent\VVAgent.exe -- (EVault InfoStage Agent)

SRV:64bit: - [2011/03/31 22:43:20 | 010,013,184 | ---- | M] () [Auto | Running] -- C:\Program Files\EVault Software\Agent\buagent.exe -- (EVault InfoStage BUAgent)

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/07/27 14:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)

SRV:64bit: - [2010/07/27 14:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)

SRV:64bit: - [2010/07/19 19:08:30 | 001,429,776 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2010/07/19 18:46:54 | 000,838,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2010/06/16 14:44:38 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)

SRV:64bit: - [2010/04/30 07:52:50 | 006,237,800 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)

SRV:64bit: - [2010/04/06 22:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)

SRV:64bit: - [2010/04/06 22:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV:64bit: - [2010/04/06 20:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)

SRV:64bit: - [2009/11/17 22:04:24 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)

SRV:64bit: - [2009/09/29 18:25:48 | 000,126,392 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2009/08/11 17:59:38 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2013/04/09 23:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/03/18 11:57:50 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2013/03/17 21:50:20 | 002,060,904 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten)

SRV - [2013/03/17 21:46:32 | 001,824,800 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe -- (ntrtscan)

SRV - [2013/03/13 01:24:26 | 000,571,928 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)

SRV - [2013/02/01 17:19:08 | 001,589,528 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service)

SRV - [2013/01/11 15:31:14 | 000,050,208 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)

SRV - [2012/08/08 18:26:42 | 000,918,064 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)

SRV - [2012/06/28 05:33:47 | 000,083,824 | R--- | M] (Storage Appliance Corp.) [Auto | Stopped] -- C:\ProgramData\OfficeGuardianV2\UACProxy.exe -- (CFUACProxy_officeguardianv2)

SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)

SRV - [2011/09/09 10:08:56 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)

SRV - [2011/02/17 22:34:26 | 000,378,216 | ---- | M] (Fiberlink Communications Corp.) [Auto | Running] -- C:\Program Files (x86)\MaaS360\MaaS360 Visibility Service\EMSAgent.exe -- (EMSAgent)

SRV - [2010/09/17 18:50:54 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)

SRV - [2010/09/17 18:50:48 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2010/08/24 11:30:00 | 000,164,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)

SRV - [2010/08/24 11:30:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)

SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)

SRV - [2010/05/28 03:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2010/05/02 20:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/05/02 20:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/22 13:49:08 | 002,370,632 | ---- | M] (BigFix Inc.) [On_Demand | Running] -- C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010/02/10 16:40:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2009/08/28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/04/28 19:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)

SRV - [2008/01/10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013/02/01 17:19:22 | 000,378,832 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PGPwded.sys -- (PGPwded)

DRV:64bit: - [2013/02/01 17:19:22 | 000,016,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\PGPwdefs.sys -- (Pgpwdefs)

DRV:64bit: - [2013/02/01 17:19:18 | 000,052,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PGPsdk.sys -- (PGPsdkDriver)

DRV:64bit: - [2013/02/01 17:19:10 | 000,274,320 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PGPdisk.sys -- (PGPdisk)

DRV:64bit: - [2013/02/01 17:19:10 | 000,182,632 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\PGPfsfd.sys -- (pgpfs)

DRV:64bit: - [2013/01/09 04:39:34 | 000,109,080 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)

DRV:64bit: - [2013/01/03 01:17:38 | 000,079,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)

DRV:64bit: - [2013/01/03 01:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2013/01/03 01:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2013/01/03 01:17:38 | 000,015,752 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)

DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/11/13 19:33:12 | 000,174,016 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)

DRV:64bit: - [2012/10/30 11:08:48 | 000,082,840 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)

DRV:64bit: - [2012/10/30 11:08:10 | 000,065,872 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/09/09 10:00:06 | 000,026,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)

DRV:64bit: - [2011/09/09 09:59:20 | 000,106,408 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/25 20:43:04 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)

DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/08/25 09:46:18 | 000,682,624 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2010/08/24 11:30:00 | 000,030,320 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)

DRV:64bit: - [2010/08/24 11:30:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)

DRV:64bit: - [2010/07/14 05:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)

DRV:64bit: - [2010/06/25 10:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV:64bit: - [2010/06/21 23:37:38 | 000,295,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)

DRV:64bit: - [2010/06/20 23:07:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2010/06/16 14:44:38 | 000,136,816 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)

DRV:64bit: - [2010/06/16 14:44:38 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)

DRV:64bit: - [2010/06/09 17:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)

DRV:64bit: - [2010/04/22 01:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV:64bit: - [2010/03/03 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)

DRV:64bit: - [2010/01/22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/01/22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2009/12/14 18:09:08 | 000,163,072 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)

DRV:64bit: - [2009/11/17 22:04:04 | 000,032,880 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)

DRV:64bit: - [2009/10/25 22:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)

DRV:64bit: - [2009/09/29 18:25:50 | 000,012,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2009/09/24 04:58:38 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)

DRV:64bit: - [2009/09/16 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/07/13 16:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2009/07/01 19:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)

DRV:64bit: - [2009/06/30 20:46:00 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2009/06/30 20:46:00 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2009/06/30 20:46:00 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2009/06/29 21:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)

DRV:64bit: - [2009/06/29 21:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)

DRV:64bit: - [2009/06/29 20:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)

DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/04/28 19:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)

DRV:64bit: - [2009/04/06 23:33:00 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2009/03/13 15:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)

DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)

DRV:64bit: - [2008/05/12 02:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)

DRV:64bit: - [2006/06/18 06:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)

DRV - [2012/07/17 12:37:44 | 000,344,376 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)

DRV - [2012/07/17 12:37:16 | 000,042,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)

DRV - [2012/07/17 12:28:46 | 002,224,952 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2F609AAE-4284-40F8-9C47-1B0C6F0E10C7}

IE:64bit: - HKLM\..\SearchScopes\{2F609AAE-4284-40F8-9C47-1B0C6F0E10C7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {F4FEE6BA-ACAD-4BAB-9373-9408C6458FDC}

IE - HKLM\..\SearchScopes\{F4FEE6BA-ACAD-4BAB-9373-9408C6458FDC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sodexousa.com/defaulthome

IE - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..\SearchScopes,DefaultScope = {D495AE69-7513-4CF9-87D3-0956F7E6D9F4}

IE - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..\SearchScopes\{D495AE69-7513-4CF9-87D3-0956F7E6D9F4}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension [2013/03/16 09:20:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2013/03/19 16:35:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/03/25 14:57:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2013/04/27 18:51:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/17 09:40:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/05/17 09:40:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2013/04/06 13:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Extensions

[2013/04/24 10:34:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/04/09 23:58:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2013/04/09 23:57:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2013/04/09 23:57:54 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/05/22 22:23:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.)

O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)

O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)

O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)

O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)

O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001..\Run: [Amazon Cloud Player] C:\Users\Ken\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()

O4 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()

O4 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001..\Run: [sacReminderHDDV2] C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe (SAC)

O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)

O9:64bit: - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)

O9 - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)

O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PGPlsp.dll (Symantec Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\PGPlsp.dll (Symantec Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\PGPlsp.dll (Symantec Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\PGPlsp.dll (Symantec Corporation)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MarketConnection.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MarketConnection.com ([www] http in Trusted sites)

O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MarketConnection.com ([www] https in Trusted sites)

O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MySodexho.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MySodexho.com ([www] http in Trusted sites)

O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MySodexho.com ([www] https in Trusted sites)

O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MySodexo.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MySodexo.com ([www] http in Trusted sites)

O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MySodexo.com ([www] https in Trusted sites)

O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: Sodexo.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: Sodexo.com ([www] http in Trusted sites)

O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: Sodexo.com ([www] https in Trusted sites)

O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB9C2C14-351E-4EA1-AE5B-53CE461ECF3F}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB9C2C14-351E-4EA1-AE5B-53CE461ECF3F}: NameServer = 8.8.8.8,8.8.4.4

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/09/04 10:16:00 | 000,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/23 11:26:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe

[2013/05/22 21:50:12 | 000,000,000 | ---D | C] -- C:\ComboFix

[2013/05/22 20:49:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/05/22 20:49:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/05/22 20:49:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/05/22 20:49:23 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/05/22 20:48:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/05/22 20:40:39 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2013/05/22 19:42:55 | 000,000,000 | ---D | C] -- C:\Users\Ken\Desktop\mbar

[2013/05/22 19:41:25 | 005,069,782 | R--- | C] (Swearware) -- C:\Users\Ken\Desktop\ComboFix.exe

[2013/05/22 13:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2013/05/22 13:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2013/05/17 09:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2013/05/17 09:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2013/05/17 09:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2013/05/17 09:46:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2013/05/17 09:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2013/05/17 09:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2013/05/17 09:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2013/05/15 12:04:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013/05/15 12:04:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/05/15 12:04:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/05/15 12:04:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/05/15 12:04:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013/05/15 12:04:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013/05/15 12:04:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/05/15 12:04:38 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013/05/15 12:04:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/05/15 12:04:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013/05/15 12:04:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/05/15 12:04:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/05/15 12:04:36 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/05/15 12:04:36 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/05/15 12:04:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2013/05/15 11:02:20 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys

[2013/05/15 11:02:20 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll

[2013/05/15 11:02:11 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll

[2013/05/15 11:02:11 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll

[2013/05/15 11:02:11 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll

[2013/05/15 11:02:11 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe

[2013/05/15 11:01:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll

[2013/05/14 12:16:40 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player

[2013/05/14 12:16:35 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Amazon Cloud Player

[2013/05/14 11:18:28 | 000,000,000 | R--D | C] -- C:\Users\Ken\Podcasts

[2013/05/14 11:18:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft

[2013/05/14 10:55:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ms-MY

[2013/05/14 10:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune

[2013/05/14 10:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\Zune

[2013/05/09 10:23:49 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2013/05/09 10:10:04 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Malwarebytes

[2013/05/09 10:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/05/09 10:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/05/09 10:09:35 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/05/09 10:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/05/09 10:09:22 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Programs

[2013/05/09 07:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2013/05/08 16:32:00 | 000,000,000 | ---D | C] -- C:\Users\Ken\Desktop\gallery

[2013/05/07 15:06:23 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool

[2013/05/01 21:34:20 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\gtk-2.0

[2013/05/01 16:59:01 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\Personnel

[2013/05/01 10:55:17 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\Network Monitor 3

[2013/05/01 10:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4

[2013/05/01 10:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Network Monitor 3

[2013/04/30 10:59:28 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Wireshark

[2013/04/30 10:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap

[2013/04/30 10:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap

[2013/04/30 10:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark

[2013/04/30 09:40:56 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\Fiddler2

[2013/04/29 15:58:46 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Macromedia

[2013/04/27 18:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fiddler2

[2013/04/26 12:58:26 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\Adobe

[2013/04/25 11:51:10 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++

[2013/04/25 11:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++

[2013/04/25 11:51:08 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Notepad++

[2013/04/25 11:51:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++

[2013/04/24 10:34:59 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Mozilla

[2013/04/24 10:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Encryption

[2013/04/24 10:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\PGP Corporation

[2013/04/23 15:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID

[2013/04/23 15:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage

[1 C:\Users\Ken\*.tmp files -> C:\Users\Ken\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/23 11:55:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2013/05/23 11:52:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2013/05/23 11:26:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe

[2013/05/23 11:17:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/05/23 08:43:11 | 000,890,902 | ---- | M] () -- C:\Users\Ken\Desktop\SecurityCheck.exe

[2013/05/23 01:17:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/05/22 22:23:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/05/22 21:55:05 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/05/22 21:55:05 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/05/22 21:44:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/05/22 21:44:04 | 4241,096,702 | -HS- | M] () -- C:\hiberfil.sys

[2013/05/22 19:41:58 | 005,069,782 | R--- | M] (Swearware) -- C:\Users\Ken\Desktop\ComboFix.exe

[2013/05/22 19:37:34 | 002,240,352 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ken\Desktop\TDSSKiller.exe

[2013/05/22 11:59:42 | 000,001,456 | ---- | M] () -- C:\Users\Ken\AppData\Local\Adobe Save for Web 12.0 Prefs

[2013/05/21 22:31:31 | 001,635,886 | ---- | M] () -- C:\Users\Ken\Desktop\scan0070.pdf

[2013/05/16 09:01:36 | 165,691,072 | ---- | M] () -- C:\Users\Ken\051513_00001_20130515175814

[2013/05/15 17:36:42 | 000,000,600 | ---- | M] () -- C:\Users\Ken\AppData\Local\PUTTY.RND

[2013/05/15 12:44:18 | 007,840,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/05/15 12:10:03 | 000,803,430 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/05/15 12:10:03 | 000,671,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/05/15 12:10:03 | 000,121,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/05/14 10:55:59 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf

[2013/05/13 22:25:51 | 065,044,408 | ---- | M] () -- C:\Users\Ken\051313_00008_20130513213254

[2013/05/13 21:32:54 | 524,288,024 | ---- | M] () -- C:\Users\Ken\051313_00007_20130513193355

[2013/05/13 19:33:55 | 524,288,164 | ---- | M] () -- C:\Users\Ken\051313_00006_20130513191750

[2013/05/13 19:17:50 | 524,289,012 | ---- | M] () -- C:\Users\Ken\051313_00005_20130513190706

[2013/05/13 19:07:06 | 524,288,868 | ---- | M] () -- C:\Users\Ken\051313_00004_20130513183222

[2013/05/13 18:32:22 | 524,289,332 | ---- | M] () -- C:\Users\Ken\051313_00003_20130513175844

[2013/05/13 17:58:44 | 524,288,356 | ---- | M] () -- C:\Users\Ken\051313_00002_20130513170656

[2013/05/13 17:06:56 | 524,288,588 | ---- | M] () -- C:\Users\Ken\051313_00001_20130513162439

[2013/05/10 16:16:38 | 000,002,277 | ---- | M] () -- C:\Users\Ken\AppData\Local\recently-used.xbel

[2013/05/09 10:23:48 | 899,118,561 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013/05/02 06:37:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\DAC_ELIST

[2013/04/29 15:57:27 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/04/29 15:57:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/04/24 18:09:16 | 001,048,576 | RHS- | M] () -- C:\PGPWDE00

[2013/04/24 18:09:04 | 004,194,304 | RHS- | M] () -- C:\PGPWDE02

[2013/04/24 10:10:55 | 000,135,198 | ---- | M] () -- C:\Windows\SysWow64\PGPlspRollback.reg

[2013/04/24 10:10:54 | 000,002,477 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PGP Tray.lnk

[2013/04/23 16:14:26 | 000,007,609 | ---- | M] () -- C:\Users\Ken\AppData\Local\Resmon.ResmonCfg

[1 C:\Users\Ken\*.tmp files -> C:\Users\Ken\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/23 08:43:04 | 000,890,902 | ---- | C] () -- C:\Users\Ken\Desktop\SecurityCheck.exe

[2013/05/22 21:43:01 | 000,002,477 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PGP Tray.lnk

[2013/05/22 21:43:01 | 000,001,976 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Agent Assistant.lnk

[2013/05/22 21:43:01 | 000,000,591 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wall Watcher.lnk

[2013/05/22 20:49:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/05/22 20:49:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/05/22 20:49:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/05/22 20:49:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/05/22 20:49:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/05/21 22:29:32 | 001,635,886 | ---- | C] () -- C:\Users\Ken\Desktop\scan0070.pdf

[2013/05/15 17:58:14 | 165,691,072 | ---- | C] () -- C:\Users\Ken\051513_00001_20130515175814

[2013/05/14 10:55:59 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf

[2013/05/13 21:32:54 | 065,044,408 | ---- | C] () -- C:\Users\Ken\051313_00008_20130513213254

[2013/05/13 19:33:55 | 524,288,024 | ---- | C] () -- C:\Users\Ken\051313_00007_20130513193355

[2013/05/13 19:17:50 | 524,288,164 | ---- | C] () -- C:\Users\Ken\051313_00006_20130513191750

[2013/05/13 19:07:06 | 524,289,012 | ---- | C] () -- C:\Users\Ken\051313_00005_20130513190706

[2013/05/13 18:32:22 | 524,288,868 | ---- | C] () -- C:\Users\Ken\051313_00004_20130513183222

[2013/05/13 17:58:44 | 524,289,332 | ---- | C] () -- C:\Users\Ken\051313_00003_20130513175844

[2013/05/13 17:06:56 | 524,288,356 | ---- | C] () -- C:\Users\Ken\051313_00002_20130513170656

[2013/05/13 16:24:39 | 524,288,588 | ---- | C] () -- C:\Users\Ken\051313_00001_20130513162439

[2013/05/10 16:16:38 | 000,002,277 | ---- | C] () -- C:\Users\Ken\AppData\Local\recently-used.xbel

[2013/05/09 10:23:48 | 899,118,561 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2013/04/30 10:39:42 | 000,001,539 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk

[2013/04/27 18:51:31 | 000,001,904 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler2.lnk

[2013/04/23 16:14:26 | 000,007,609 | ---- | C] () -- C:\Users\Ken\AppData\Local\Resmon.ResmonCfg

[2013/03/29 11:31:30 | 000,197,582 | ---- | C] () -- C:\Windows\hpwins05.dat

[2013/03/29 11:31:30 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat

[2013/03/27 16:46:45 | 000,787,842 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/03/20 15:59:24 | 000,000,600 | ---- | C] () -- C:\Users\Ken\PUTTY.RND

[2013/03/20 15:59:24 | 000,000,600 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\PUTTY.RND

[2013/03/20 14:03:32 | 000,000,600 | ---- | C] () -- C:\Users\Ken\AppData\Local\PUTTY.RND

[2013/03/20 10:47:19 | 000,001,456 | ---- | C] () -- C:\Users\Ken\AppData\Local\Adobe Save for Web 12.0 Prefs

[2013/02/01 17:20:34 | 000,000,280 | ---- | C] () -- C:\Windows\SysWow64\PGPsdk.dll.sig

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Link to post
Share on other sites

EXTRAS:

OTL Extras logfile created on: 5/23/2013 11:29:53 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ken\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.93 Gb Total Physical Memory | 11.62 Gb Available Physical Memory | 72.93% Memory free

31.86 Gb Paging File | 26.97 Gb Available in Paging File | 84.63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 287.15 Gb Total Space | 104.83 Gb Free Space | 36.51% Space Free | Partition Type: NTFS

Drive F: | 465.65 Gb Total Space | 275.39 Gb Free Space | 59.14% Space Free | Partition Type: FAT32

Computer Name: ESORKMASON | User Name: Ken | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3263463438-2871500760-3022703788-1001\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00FFBACF-ABAF-4E5F-B7DF-6B980585B07A}" = lport=139 | protocol=6 | dir=in | app=system |

"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |

"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |

"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |

"{11FFEA09-F743-4DAF-9E4A-6977674526E2}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{17F8AEFC-129C-448D-AC9E-380679919ED0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{2204354C-81D9-4A2D-A344-D62116EB406A}" = lport=138 | protocol=17 | dir=in | app=system |

"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{28D38630-B5E1-4481-849A-2D8246DC50BA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |

"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{35EBE5FA-3146-4A5F-990F-684604F5EB69}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent broadcast |

"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{4466BE8C-5D93-453D-B598-612C46B66A67}" = lport=445 | protocol=6 | dir=in | app=system |

"{475234C9-A285-4D44-914C-9DFE60477DDB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{4A824990-B7DB-4A44-BD1C-B21E1123845B}" = rport=137 | protocol=17 | dir=out | app=system |

"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |

"{60EBF2CA-7389-4DB8-8C48-B0710AAEADB8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |

"{64DD729B-5356-4769-9719-309EB9F9A79C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{705B5428-FD83-4F25-951B-44176B365038}" = rport=445 | protocol=6 | dir=out | app=system |

"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |

"{7DD68EF8-EA61-43EA-9E86-6DFF538293D7}" = rport=10243 | protocol=6 | dir=out | app=system |

"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{87A72EAF-CF31-4427-B5BB-24607186D396}" = rport=138 | protocol=17 | dir=out | app=system |

"{8ADD308B-E405-4746-86A3-A3D673E277FF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{8B728BCF-9F94-4163-BC5A-401473EFC31C}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener |

"{9494D133-BDE6-4F1B-8FE2-4B7B47D18E28}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{95CF4BFA-63F4-48F6-85B0-0D5B50C8A6D6}" = lport=137 | protocol=17 | dir=in | app=system |

"{A09A087D-1FF4-45F1-B925-0C9155AD52EE}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent update |

"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B822802E-44A5-423E-8577-787BF0A3CF0D}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |

"{BEA8A763-2EB3-4202-A5DB-6F9B744793CD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |

"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{C5199E19-4706-4578-997E-E430AE154F03}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D4211EC6-D439-4A77-8981-140E08938F39}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{D599017B-3680-4D8D-A213-A39C7D792178}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{DCCFE73F-9E9C-4972-A483-B24131508303}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{DE4154AB-F12B-4758-AEF8-6DD803B4830F}" = rport=139 | protocol=6 | dir=out | app=system |

"{E0DE7D58-45CC-4C3B-A0CA-2B1FB2035B65}" = lport=10243 | protocol=6 | dir=in | app=system |

"{F1740B8F-997D-48B4-BFA9-90643E7279EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |

"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{0691DD1C-645E-4FF2-8D95-B40067254AFD}" = protocol=6 | dir=in | app=c:\program files (x86)\fiddler2\fiddler.exe |

"{06C2AD06-7051-40BB-BBCD-1E1DAE93B3E6}" = protocol=6 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe |

"{07BAC5E3-A03D-408A-9299-EBB8E17985D1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{08AF7C4A-56C9-42A5-BCD9-83F1BBA275A2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |

"{0A04F9A7-008C-4E85-B45D-F2BC4D2B3ED0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{1AF5953C-1BD8-4CEE-9A34-F619961AC470}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{1CFA4BCC-C9FB-4DF1-9430-48B2F0737F6D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{24E00028-27F0-4D0C-AD30-D5AE46FE6D05}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{24F19106-3553-4C59-B362-BE7E7E3D796A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2D90DFA6-6176-4F91-B8E7-DC8C9DF2B6DB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{2FFB39D0-62B6-486C-A32F-D12D28DAC16C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |

"{327E32A6-C7FD-49AD-AED7-BD6A0B239844}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{3C8F44F2-D39B-4C83-91C0-6E4CA9F97EF9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |

"{40619F2D-624A-44B7-8871-8B72F67AED23}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{4EA37F7B-3625-44A6-91F9-3CC838FDEC0F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{5A59F86C-F9C6-4297-A477-57FFFB3F7488}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{6B5E0586-C9BB-495F-8433-A389B52B8B3B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{6B7E6919-B486-4EBD-8E44-369359587799}" = protocol=17 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe |

"{6BE1AE71-3DD4-4132-82E2-9FC3E400C655}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{709F5415-3BD7-4F12-9D1D-7D57D6E19FB5}" = protocol=6 | dir=out | app=system |

"{739795B1-D9B3-4AF7-AD4B-C7B0A86CA02C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{74FA11F4-0090-419A-A9F1-4ADDEFF418AD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{8725833A-5E8D-4C0A-87AC-BB7517B1D3A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{89F43BF9-9E0B-4E5A-99F0-037EDD217A4A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{90D9C1A0-AB23-4824-98DC-56B794BD22E1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |

"{9407C7A6-28E9-4A62-B428-6E391C1F4A3C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A579E56F-3100-4BFE-9367-B3FD0959B07C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |

"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{B05A11F1-90A3-4456-A298-0548024F2471}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |

"{B14E7820-643B-4DF4-B7DA-F22704599EA4}" = dir=in | app=c:\users\ken\appdata\local\temp\7zs0aea\ojprol7x00_basic_14\setup\hpznui40.exe |

"{B3AEF99A-7DA2-494C-9D2C-F7583C8694B1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{B879B106-816E-4A7B-8F71-9F77B174C69A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{BAFBCB81-81AE-4259-A286-717FD2C9C036}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |

"{BCFBE368-30EF-4956-A4E7-DB5A7009E5F6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{BF91E062-086B-45BA-900A-0846D3CFF0B7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{C3E24362-7D7A-4608-B803-35D1CA5FB616}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{C614D8FC-F987-45D8-819C-C459C89B941D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{C6E0AA11-F7F3-4461-A7A2-762E5A0DA4BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E01948F8-ABAC-4E20-A8C1-73FC44FC873D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{E5374116-58FA-4C1C-A751-6E92F0540FA5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{ED221F2F-6C1C-4563-8F38-5ABD5D5669EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{EF4A1D0F-E42F-4606-830A-DAFA54F777A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F8C21A77-2B75-44E5-9C68-A4F1A5740A5F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |

"{FF8F9CD8-C9D6-4C5C-8A18-4260FD583B8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"TCP Query User{1581CC9A-8EB6-4748-A3F5-A121699E560A}C:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe |

"TCP Query User{35B32D36-06BF-4FCB-9658-3AC566722440}C:\program files (x86)\microsoft office communicator\communicator.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |

"TCP Query User{4B901E87-169B-4BDF-B115-BE518E7A4486}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |

"TCP Query User{BD0DF28B-79DE-4908-8D6F-CC55DDDEEF29}C:\ww\wallwatcher.exe" = protocol=6 | dir=in | app=c:\ww\wallwatcher.exe |

"TCP Query User{C20E4016-7268-4D1A-B995-7DBBDC7DE6C9}C:\ww\wallwatcher.exe" = protocol=6 | dir=in | app=c:\ww\wallwatcher.exe |

"TCP Query User{D7D9EE32-C9F3-4DD6-9573-045F3D44A259}C:\program files (x86)\adobe\adobe contribute cs5\app\contribute.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe contribute cs5\app\contribute.exe |

"UDP Query User{029823D4-52A8-4DAD-BC71-0E653214B4CE}C:\ww\wallwatcher.exe" = protocol=17 | dir=in | app=c:\ww\wallwatcher.exe |

"UDP Query User{10C69DBC-2424-4794-A75B-94DE3B52A867}C:\program files (x86)\adobe\adobe contribute cs5\app\contribute.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe contribute cs5\app\contribute.exe |

"UDP Query User{581C7CBD-5200-4D3D-A219-A17B94124878}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |

"UDP Query User{B46CDE0B-CDD7-4DD7-A6E5-FAF6C28F3F10}C:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe |

"UDP Query User{CF05A3F6-C75E-4A0E-BCE9-70086D1EA901}C:\ww\wallwatcher.exe" = protocol=17 | dir=in | app=c:\ww\wallwatcher.exe |

"UDP Query User{FAB1F05C-C117-4E67-816E-AF1A16E462D0}C:\program files (x86)\microsoft office communicator\communicator.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{006EFC7F-7958-4125-973A-788B947C9D9D}" = Lenovo SimpleTap

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)

"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor

"{3F32670E-45AE-4B23-AE86-CB21FAF19DDF}" = Symantec Encryption Desktop

"{3FD730D4-755F-439B-8082-B55E00924A44}" = Client Security - Password Manager

"{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel® PROSet/Wireless WiFi Software

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System

"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64

"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers

"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)

"{55CEDC7F-3965-47C0-AC71-40AAA418B6A5}" = ThinkVantage Fingerprint Software

"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)

"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)

"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)

"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)

"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)

"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility

"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)

"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4

"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune

"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)

"{A818DAE1-EBBE-4438-B557-8115955D88E4}" = HP OfficeJet L7300/L7500/7600/7700

"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)

"{BD4F2616-B17D-4982-815F-0C78C476839F}" = EVault Software Agent

"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)

"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer

"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)

"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)

"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"114EB224AD576F278686036AA9E1EFB7847E3935" = Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)

"30A4777E896192B8D398199AE1AB235B69BAB26D" = Windows Driver Package - Intel (HECIx64) System (09/17/2009 6.0.0.1179)

"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

"3C4C8BB88656F616D170176E1905526541B60FDF" = Windows Driver Package - Intel (e1kexpress) Net (06/22/2010 11.5.10.1012)

"50BEEEA1F00D30E432867EA15672212B3FB5740E" = Windows Driver Package - Synaptics (SynTP) Mouse (04/22/2010 15.0.18.0)

"573C3C32A1DB5625CA00E633E584E8A0E6383672" = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)

"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)

"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)

"A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)

"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD

"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter

"D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1" = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)

"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows Vista/7

"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)

"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7

"FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF" = Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07)

"LENOVO.SMIIF" = Lenovo System Interface Driver

"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"OnScreenDisplay" = On Screen Display

"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox

"Power Management Driver" = ThinkPad Power Management Driver

"ProInst" = Intel PROSet Wireless

"sp6" = Logitech SetPoint 6.52

"SynTPDeinstKey" = ThinkPad UltraNav Driver

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.06.02.02

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048DDE77-66D5-4335-8497-903856759B58}" = BPDSoftware

"{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}" = bpd_scan_Carrier

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{1485CD45-F42D-46A6-9CFE-24537E481F53}" = L7000_Basic

"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8

"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg

"{4330AAE7-1893-42F9-BC38-539A1A60530B}" = Mobile Broadband

"{492D6A69-BE0D-4F71-939D-A11470A207D0}" = MaaS360 Visibility Service

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AA7C442-2AC2-45A9-BCD1-FF534621AAB2}" = MaaS360 Software Uninstall Utility

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media

"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7

"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9615E45B-7670-4D17-9ED5-28B9E936EEDD}" = 7500_7600_7700_Help1

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro

"{AC76BA86-1033-0000-7760-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026

"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery

"{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}" = Trend Micro Client/Server Security Agent

"{BF7023BC-319B-4FE1-B569-C854A19F81F8}" = Extend360 Enforcement Agent

"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.1.0.19

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help

"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari

"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool

"{CDC08463-9303-4BF1-BF8C-E1A2ECEE3248}" = Adobe Creative Suite 5 Web Premium

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar

"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ED3D79A6-B3BB-4482-B226-0B620F97258A}" = BPDSoftware_Ini

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus

"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"7-Zip" = 7-Zip 9.20

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"Fiddler2" = Fiddler

"FileZilla Client" = FileZilla Client 3.6.0.2

"Google Chrome" = Google Chrome

"huey_is1" = hueyPRO for Lenovo (Version 1.2.4.1)

"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8

"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition

"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition

"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder

"Lenovo Welcome_is1" = Lenovo Welcome

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)

"Mozilla Thunderbird 17.0.5 (x86 en-US)" = Mozilla Thunderbird 17.0.5 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Notepad++" = Notepad++

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"OpenDNS Updater" = OpenDNS Updater 2.2.1

"SdxBlockIE" = IE Block for 9 and 10

"WallWatcher" = WallWatcherR 9 AND 1

"WinLiveSuite" = Windows Live Essentials

"WinPcapInst" = WinPcap 4.1.2

"Wireshark" = Wireshark 1.8.6 (64-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3263463438-2871500760-3022703788-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"ActiveTouchMeetingClient" = Cisco WebEx Meetings

"Amazon Amazon Cloud Player" = Amazon Cloud Player

"Dropbox" = Dropbox

"JoinMe" = join.me

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 5/15/2013 9:11:38 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 5/15/2013 9:11:38 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 5/15/2013 9:11:39 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 5/15/2013 9:11:39 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 5/15/2013 9:11:39 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 5/15/2013 9:11:40 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 5/15/2013 9:11:40 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 5/15/2013 9:11:41 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 5/15/2013 9:12:03 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 5/15/2013 9:12:03 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101

Description =

Error - 5/15/2013 9:12:04 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101

Description =

[ Cisco AnyConnect Secure Mobility Client Events ]

Error - 5/23/2013 12:45:54 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866

Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4910

Invoked

Function: CMainThread::reportStates Return Code: -31522805 (0xFE1F000B) Description:

SOCKETTRANSPORT_ERROR_WRITE

Error - 5/23/2013 12:45:54 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866

Description = Function: CTcpTransport::internalReadSocket File: .\IPC\SocketTransport.cpp

Line:

1731 Invoked Function: WSARecv Return Code: 10053 (0x00002745) Description: An established

connection was aborted by the software in your host machine.

Error - 5/23/2013 12:45:54 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866

Description = Function: CSocketTransport::readSocket File: .\IPC\SocketTransport.cpp

Line:

853 Invoked Function: CSocketTransport::internalReadSocket Return Code: -31522806

(0xFE1F000A) Description: SOCKETTRANSPORT_ERROR_READ

Error - 5/23/2013 12:45:54 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866

Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp

Line:

1226 Invoked Function: CSocketTransport::readSocket Return Code: -31522806 (0xFE1F000A)

Description:

SOCKETTRANSPORT_ERROR_READ

Error - 5/23/2013 12:45:54 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866

Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:

832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522806

(0xFE1F000A) Description: SOCKETTRANSPORT_ERROR_READ

Error - 5/23/2013 12:45:54 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866

Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp

Line:

1676 Invoked Function: WSASend Return Code: 10053 (0x00002745) Description: An established

connection was aborted by the software in your host machine.

Error - 5/23/2013 12:45:54 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866

Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp

Line:

384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805

(0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE

Error - 5/23/2013 12:45:58 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866

Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked

Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

Error - 5/23/2013 12:46:37 AM | Computer Name = ESORKMASON | Source = acvpnui | ID = 67108866

Description = Function: CMainFrame::OnCreate File: .\mainfrm.cpp Line: 362 Invoked

Function: The VPN service is not responding or available. Return Code: -33554423

(0xFE000009) Description: GLOBAL_ERROR_UNEXPECTED

Error - 5/23/2013 12:46:37 AM | Computer Name = ESORKMASON | Source = acvpnui | ID = 67108865

Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:

1089 NULL object. Cannot establish a connection at this time.

[ System Events ]

Error - 5/15/2013 12:52:20 PM | Computer Name = ESORKMASON | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the vpnagent service.

Error - 5/15/2013 1:38:57 PM | Computer Name = ESORKMASON | Source = EventLog | ID = 6008

Description = The previous system shutdown at 10:37:28 AM on ?5/?15/?2013 was unexpected.

Error - 5/15/2013 1:39:50 PM | Computer Name = ESORKMASON | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the vpnagent service.

Error - 5/15/2013 3:44:10 PM | Computer Name = ESORKMASON | Source = NetBT | ID = 4311

Description = Initialization failed because the driver device could not be created.

Use

the string "0024D7910DD0" to identify the interface for which initialization failed.

It represents the MAC address of the failed interface or the Globally Unique Interface

Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither

the MAC address nor the GUID were available, the string represents a cluster device

name.

Error - 5/15/2013 3:44:10 PM | Computer Name = ESORKMASON | Source = NetBT | ID = 4311

Description = Initialization failed because the driver device could not be created.

Use

the string "0024D7910DD0" to identify the interface for which initialization failed.

It represents the MAC address of the failed interface or the Globally Unique Interface

Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither

the MAC address nor the GUID were available, the string represents a cluster device

name.

Error - 5/15/2013 5:11:32 PM | Computer Name = ESORKMASON | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the vpnagent service.

Error - 5/15/2013 5:12:19 PM | Computer Name = ESORKMASON | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the ShellHWDetection service.

Error - 5/15/2013 9:17:51 PM | Computer Name = ESORKMASON | Source = DCOM | ID = 10005

Description =

Error - 5/15/2013 9:17:51 PM | Computer Name = ESORKMASON | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Windows

Modules Installer service to connect.

Error - 5/15/2013 9:17:51 PM | Computer Name = ESORKMASON | Source = Service Control Manager | ID = 7000

Description = The Windows Modules Installer service failed to start due to the following

error: %%1053

< End of report >

Link to post
Share on other sites

Looks pretty good to me. Please run this online scan to verify we haven't missed anything:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Link to post
Share on other sites

<p>Hi DFB - the log is very short, but the scan found a lot of old html / php files on an external drive that were from backed up websites that at one point were hacked. Here it is:</p>

<p> </p>

<div>ESETSmartInstaller@High as CAB hook log:</div>

<div>OnlineScanner64.ocx - registred OK</div>

<div>OnlineScanner.ocx - registred OK</div>

<div> </div>

<div>It looks like MB is still alerting that it is blocking access though - could this be a false positive?</div>

<div> </div>

<div>IP-BLOCK<span class="Apple-tab-span" style="white-space:pre"> </span>222.186.26.151 (Type: outgoing, Port: 137)</div>

Link to post
Share on other sites

I hope this is the correct one:

2013/05/24 08:18:08 -0700 IP-BLOCK 222.186.26.151 (Type: outgoing, Port: 137)

2013/05/24 08:18:08 -0700 IP-BLOCK 222.186.26.151 (Type: outgoing, Port: 137)

2013/05/24 08:18:08 -0700 IP-BLOCK 222.186.26.151 (Type: outgoing, Port: 137)

2013/05/24 08:40:46 -0700 MESSAGE Starting database refresh

2013/05/24 08:40:46 -0700 MESSAGE Stopping IP protection

2013/05/24 08:40:46 -0700 MESSAGE IP Protection stopped successfully

2013/05/24 08:40:58 -0700 MESSAGE Database refreshed successfully

2013/05/24 08:40:58 -0700 MESSAGE Starting IP protection

2013/05/24 08:41:02 -0700 MESSAGE IP Protection started successfully

2013/05/24 12:47:18 -0700 IP-BLOCK 60.173.11.7 (Type: outgoing, Port: 137)

2013/05/24 12:47:26 -0700 IP-BLOCK 60.173.11.7 (Type: outgoing, Port: 137)

2013/05/24 12:47:26 -0700 IP-BLOCK 60.173.11.7 (Type: outgoing, Port: 137)

Link to post
Share on other sites

well - very strange - here's the logs from the weekend. Some days are fine, others are not. I just thought of something... Is it possible that if I'm pseudo-mirroring traffic on my router (via IP tables) from another computer, that MB would alert against this traffic and maybe the other computer is the one attempting to reach these IPs? Although, that computer was used heavily on Saturday on there's nothing in the log.

5/25

2013/05/25 22:35:26 -0700 MESSAGE Executing scheduled update: Daily

2013/05/25 22:35:41 -0700 MESSAGE Scheduled update executed successfully: database updated from version v2013.05.25.01 to version v2013.05.26.02

2013/05/25 22:35:41 -0700 MESSAGE Starting database refresh

2013/05/25 22:35:42 -0700 MESSAGE Stopping IP protection

2013/05/25 22:35:42 -0700 MESSAGE IP Protection stopped successfully

2013/05/25 22:35:45 -0700 MESSAGE Database refreshed successfully

2013/05/25 22:35:45 -0700 MESSAGE Starting IP protection

2013/05/25 22:35:48 -0700 MESSAGE IP Protection started successfully

5/26

2013/05/26 02:14:12 -0700 IP-BLOCK 218.7.242.6 (Type: outgoing, Port: 137)

2013/05/26 02:14:12 -0700 IP-BLOCK 218.7.242.6 (Type: outgoing, Port: 137)

2013/05/26 02:14:20 -0700 IP-BLOCK 218.7.242.6 (Type: outgoing, Port: 137)

2013/05/26 09:30:31 -0700 IP-BLOCK 58.240.191.98 (Type: outgoing, Port: 137)

2013/05/26 09:30:31 -0700 IP-BLOCK 58.240.191.98 (Type: outgoing, Port: 137)

2013/05/26 09:30:31 -0700 IP-BLOCK 58.240.191.98 (Type: outgoing, Port: 137)

2013/05/26 10:11:28 -0700 IP-BLOCK 218.93.205.140 (Type: outgoing, Port: 137)

2013/05/26 10:11:28 -0700 IP-BLOCK 218.93.205.140 (Type: outgoing, Port: 137)

2013/05/26 10:11:28 -0700 IP-BLOCK 218.93.205.140 (Type: outgoing, Port: 137)

2013/05/26 15:52:04 -0700 IP-BLOCK 60.173.11.7 (Type: outgoing, Port: 137)

2013/05/26 15:52:04 -0700 IP-BLOCK 60.173.11.7 (Type: outgoing, Port: 137)

2013/05/26 15:52:04 -0700 IP-BLOCK 60.173.11.7 (Type: outgoing, Port: 137)

2013/05/26 22:38:09 -0700 MESSAGE Executing scheduled update: Daily

2013/05/26 22:38:23 -0700 MESSAGE Scheduled update executed successfully: database updated from version v2013.05.26.02 to version v2013.05.27.01

2013/05/26 22:38:23 -0700 MESSAGE Starting database refresh

2013/05/26 22:38:24 -0700 MESSAGE Stopping IP protection

2013/05/26 22:38:24 -0700 MESSAGE IP Protection stopped successfully

2013/05/26 22:38:27 -0700 MESSAGE Database refreshed successfully

2013/05/26 22:38:27 -0700 MESSAGE Starting IP protection

2013/05/26 22:38:31 -0700 MESSAGE IP Protection

5/27

2013/05/27 22:31:38 -0700 MESSAGE Executing scheduled update: Daily

2013/05/27 22:31:49 -0700 MESSAGE Scheduled update executed successfully: database updated from version v2013.05.27.01 to version v2013.05.28.01

2013/05/27 22:31:49 -0700 MESSAGE Starting database refresh

2013/05/27 22:31:50 -0700 MESSAGE Stopping IP protection

2013/05/27 22:31:50 -0700 MESSAGE IP Protection stopped successfully

2013/05/27 22:31:53 -0700 MESSAGE Database refreshed successfully

2013/05/27 22:31:53 -0700 MESSAGE Starting IP protection

2013/05/27 22:31:56 -0700 MESSAGE IP Protection started successfully

5/28

2013/05/28 05:05:04 -0700 IP-BLOCK 222.186.57.37 (Type: outgoing, Port: 137)

2013/05/28 05:05:04 -0700 IP-BLOCK 222.186.57.37 (Type: outgoing, Port: 137)

2013/05/28 05:05:04 -0700 IP-BLOCK 222.186.57.37 (Type: outgoing, Port: 137)

Link to post
Share on other sites

It might very well be the IP table issue you suggested. I think it's either that or some other (legitimate) program on your computer causing that, as I don't see any signs of it being malware that's causing that.

Let's run just one more scan to be sure:

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Link to post
Share on other sites

Thanks DFB - I'm still unable to stop Trend due to password, but here are the results:

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-05-30 09:23:40

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.PCEZ 298.09GB

Running: f6n0g02t.exe; Driver: C:\Users\Ken\AppData\Local\Temp\pwddqpoc.sys

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75]

.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75]

.text ... * 2

.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75]

.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75]

.text ... * 2

.text C:\Program Files (x86)\MaaS360\MaaS360 Visibility Service\EMSAgent.exe[2500] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076ff87b1 5 bytes JMP 0000000100412770

.text C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75]

.text C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75]

.text ... * 2

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75]

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75]

.text ... * 2

.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75]

.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75]

.text ... * 2

.text C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe[5180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75]

.text C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe[5180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75]

.text ... * 2

.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[6588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75]

.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[6588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75]

.text ... * 2

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[7400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75]

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[7400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75]

.text ... * 2

.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[7584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75]

.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[7584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75]

.text ... * 2

.text C:\Users\Ken\Desktop\SecurityCheck.exe[8352] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000727a1a22 2 bytes [7A, 72]

.text C:\Users\Ken\Desktop\SecurityCheck.exe[8352] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000727a1ad0 2 bytes [7A, 72]

.text C:\Users\Ken\Desktop\SecurityCheck.exe[8352] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000727a1b08 2 bytes [7A, 72]

.text C:\Users\Ken\Desktop\SecurityCheck.exe[8352] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000727a1bba 2 bytes [7A, 72]

.text C:\Users\Ken\Desktop\SecurityCheck.exe[8352] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000727a1bda 2 bytes [7A, 72]

? C:\Windows\system32\mssprxy.dll [8352] entry point in ".rdata" section 0000000074d271e6

---- Devices - GMER 2.1 ----

Device \Driver\iaStor \Device\Dev_fffffa800dbb3050 fffffa8017bfe328

Device \Driver\USBSTOR -> DriverStartIo \Device\Dev_fffffa80103dd510 fffffa8017b6d9c4

Device \Driver\USBSTOR \Device\Dev_fffffa80103dd510 fffffa8017b7f578

---- Threads - GMER 2.1 ----

Thread System [4:6200] fffffa8017bf6b50

---- Processes - GMER 2.1 ----

Library E:\BIN\CFAgent.exe (*** suspicious ***) @ E:\BIN\CFAgent.exe [9240] 0000000000400000

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

Link to post
Share on other sites

Let's give this a shot:

For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Hi DFB - well unfortunately, I was unable to complete these steps - whenever I go into recovery, there is no OS listed and although the drives are listed, they say they need to be formatted.

I downloaded these drivers for Lenovo w510 in attempt to 'load drivers': http://support.lenovo.com/en_US/detail.page?LegacyDocID=MIGR-74430

But none of them made the OS show up.

Also, in multiple attempts to get between recovery and boot to windows to look for drivers, the computer blue screened and wouldn't boot to OS... it is now booting, but no luck on the above.

I'm thinking I just need to reinstall.

Link to post
Share on other sites

Did the bluescreen display a system file in the info? (i.e. somefile.sys or something like that)

If you're planning on reformatting/reinstalling, do you have a set of recovery disks that came with the computer?

One thing I'd suggest- check to make sure the hard drives are all connected properly... I recently had a computer where the hard drive wasn't recognized, but it turned out that the connection to it was just slightly loose.

Link to post
Share on other sites

The blue screen was very fast and happened about 3 times then 'fixed' itself and was able to boot. I don't have recovery disks - just will do a straight win7 install.

Hard drive was recently checked and re-seated so I think that's ok.

Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.