unname Posted May 20, 2013 ID:681878 Share Posted May 20, 2013 Hi there - comp was recently re-imaged due to MBR problem and had trend micro alert that some access to a website was blocked so installed malwarebytes to check it out, but came up empty.Malwarebytes is alerting that outgoing traffic is being blocked (e.g., IP-BLOCK 60.173.8.247 (Type: outgoing, Port: 137))Thanks for your assistance!DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16483Run by Ken at 10:38:00 on 2013-05-20Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16316.10483 [GMT -7:00].AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\ibmpmsvc.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\System32\WUDFHost.exeC:\Windows\system32\nvvsvc.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exeC:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k WbioSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\LENOVO\HOTKEY\TPHKSVC.exeC:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exeC:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\ProgramData\OfficeGuardianV2\UACProxy.exeC:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files (x86)\MaaS360\MaaS360 Visibility Service\EMSAgent.exeC:\Program Files\EVault Software\Agent\VVAgent.exeC:\Program Files\EVault Software\Agent\buagent.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files\Lenovo\Communications Utility\CAMMUTE.exeC:\Program Files\LENOVO\HOTKEY\MICMUTE.exeC:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exeC:\Program Files\LENOVO\VIRTSCRL\lvvsst.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exeC:\Windows\system32\taskhost.exeC:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exeC:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exeC:\Program Files\Lenovo\HOTKEY\TPONSCR.exeC:\Program Files\Lenovo\Zoom\TpScrex.exeC:\Windows\System32\TpShocks.exeC:\Program Files\Lenovo\Communications Utility\TPKNRRES.exeC:\Program Files\Logitech\SetPointP\SetPoint.exeC:\Program Files\Zune\ZuneLauncher.exeC:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exeC:\Program Files\Common Files\microsoft shared\ink\TabTip.exeC:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXEC:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exeC:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exeC:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exeC:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNTMon.exeC:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exeC:\Users\Ken\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exeC:\Program Files\EVault Software\Agent Assistant\Maestro.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\taskeng.exeC:\Program Files\Lenovo\SimpleTap\SimpleTap.exeC:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\Microsoft Office Communicator\communicator.exeC:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exeC:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exeC:\Windows\system32\rundll32.exeC:\Program Files\Lenovo\SimpleTap\GestureLauncher.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exeC:\ww\WallWatcher.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Lenovo\Client Security Solution\cssauth.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPcbt64.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exeC:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exeC:\Program Files\ThinkPad\Bluetooth Software\btwdins.exeC:\Windows\system32\svchost.exe -k HPServiceC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\svchost.exe -k HsfXAudioServiceC:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exec:\Program Files (x86)\Lenovo\System Update\SUService.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exeC:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXEC:\Windows\splwow64.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\FileZilla FTP Client\filezilla.exeC:\Program Files (x86)\FileZilla FTP Client\fzsftp.exeC:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exeC:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEC:\Program Files (x86)\iTunes\iTunes.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exeC:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exeC:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exeC:\Program Files (x86)\FileZilla FTP Client\filezilla.exeC:\Windows\system32\notepad.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\sysWow64\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.sodexousa.com/defaulthomeuDefault_Page_URL = hxxp://lenovo.msn.commWinlogon: Userinit = userinit.exeBHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dllBHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dlluRun: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostartuRun: [sacReminderHDDV2] C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exeuRun: [Amazon Cloud Player] C:\Users\Ken\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exemRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exemRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitormRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindowmRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkeymRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimizedmRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbyloginmRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AGENTA~1.LNK - C:\Program Files\EVault Software\Agent Assistant\Maestro.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PGPTRA~1.LNK - C:\Windows\Installer\{3F32670E-45AE-4B23-AE86-CB21FAF19DDF}\Icon6560581611.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WALLWA~1.LNK - C:\ww\WallWatcher.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: dontdisplaylastusername = dword:1IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htmIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htmIE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dllLSP: C:\Windows\System32\PGPlsp.dllTrusted Zone: MarketConnection.comTrusted Zone: MySodexho.comTrusted Zone: MySodexo.comTrusted Zone: Sodexo.comDPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - vpnweb.cabTCP: NameServer = 192.168.1.1TCP: Interfaces\{DB9C2C14-351E-4EA1-AE5B-53CE461ECF3F} : NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{DB9C2C14-351E-4EA1-AE5B-53CE461ECF3F} : DHCPNameServer = 192.168.1.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllAppInit_DLLs= PGPmapih.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLLSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina PGPpwfltmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dllx64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exex64-Run: [TpShocks] TpShocks.exex64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /tx64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exex64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exex64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchx64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGamingx64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htmx64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dllx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllx64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dllx64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLHosts: 107.21.133.199 example.sodexomyway.tahzoo.net================= FIREFOX ===================.FF - ProfilePath - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\20fk60vm.default\FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Ken\AppData\Roaming\Mozilla\plugins\npatgpc.dllFF - plugin: C:\Windows\System32\Wat\npWatWeb.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - ExtSQL: 2013-03-25 14:57; {F003DA68-8256-4b37-A6C4-350FA04494DF}; C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF - ExtSQL: 2013-04-27 18:51; fiddlerhook@fiddler2.com; C:\Program Files (x86)\Fiddler2\FiddlerHook.============= SERVICES / DRIVERS ===============.R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2011-2-25 30320]R0 pgpfs;PGP File Sharing;C:\Windows\System32\drivers\PGPfsfd.sys [2013-2-1 182632]R0 Pgpwdefs;Pgpwdefs;C:\Windows\System32\drivers\PGPwdefs.sys [2013-2-1 16320]R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2010-6-16 23664]R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2010-7-30 15400]R1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\System32\drivers\nm3.sys [2010-6-9 46392]R2 CFUACProxy_officeguardianv2;CFUACProxy_officeguardianv2;C:\ProgramData\OfficeGuardianV2\UACProxy.exe [2013-3-27 83824]R2 EMSAgent;Maas360 Visibility Service;C:\Program Files (x86)\MaaS360\MaaS360 Visibility Service\EMSAgent.exe [2011-2-17 378216]R2 EVault InfoStage Agent;EVault Software Agent;C:\Program Files\EVault Software\Agent\VVAgent.exe [2011-3-31 6488576]R2 EVault InfoStage BUAgent;EVault Software BUAgent;C:\Program Files\EVault Software\Agent\buagent.exe [2011-3-31 10013184]R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-2-25 50536]R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2010-7-30 45496]R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-2-25 74088]R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-7-30 93032]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-9 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-9 701512]R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2010-4-30 6237800]R2 PGP RDD Service;PGP RDD Service;C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [2013-2-1 1589528]R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2011-2-25 61952]R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]R2 svcGenericHost;Trend Micro Client/Server Security Agent;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2013-1-11 50208]R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2012-7-17 344376]R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys [2012-7-17 42808]R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2010-7-30 63928]R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-9-29 12728]R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-25 2533400]R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-9-9 475088]R3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2011-9-9 106408]R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2011-2-25 292864]R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2011-2-25 295088]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-2-25 56344]R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-1-3 79240]R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-1-3 15752]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-9 25928]R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]R3 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2013-3-17 65872]R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-8-8 918064]R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2009-10-8 41536]S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2011-2-25 163072]S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-2-25 35104]S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-2-25 164200]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2011-2-25 31152]S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-2-25 75112]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-17 59392]S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-9-29 126392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-16 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== File Associations ===============.FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1".=============== Created Last 30 ================.2013-05-18 07:41:15 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5741861F-D98B-483A-B16A-5FC9FD903EC3}\offreg.dll2013-05-17 16:46:45 -------- d-----w- C:\Program Files\iPod2013-05-17 16:46:44 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-05-17 16:46:44 -------- d-----w- C:\Program Files\iTunes2013-05-17 16:46:44 -------- d-----w- C:\Program Files (x86)\iTunes2013-05-17 16:40:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll2013-05-17 16:40:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll2013-05-17 16:40:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll2013-05-17 16:40:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll2013-05-17 16:40:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll2013-05-17 16:40:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll2013-05-17 16:40:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll2013-05-17 12:32:21 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5741861F-D98B-483A-B16A-5FC9FD903EC3}\mpengine.dll2013-05-15 19:06:12 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-05-15 19:06:12 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-05-15 18:02:20 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2013-05-15 18:02:20 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys2013-05-15 18:02:20 144384 ----a-w- C:\Windows\System32\cdd.dll2013-05-15 18:02:11 70144 ----a-w- C:\Windows\System32\appinfo.dll2013-05-15 18:02:11 1930752 ----a-w- C:\Windows\System32\authui.dll2013-05-15 18:02:11 1796096 ----a-w- C:\Windows\SysWow64\authui.dll2013-05-15 18:02:11 111448 ----a-w- C:\Windows\System32\consent.exe2013-05-15 18:01:43 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll2013-05-15 18:01:43 230400 ----a-w- C:\Windows\System32\wwansvc.dll2013-05-15 18:01:42 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-05-14 19:16:35 -------- d-----w- C:\Users\Ken\AppData\Local\Amazon Cloud Player2013-05-14 18:18:28 -------- d-----r- C:\Users\Ken\Podcasts2013-05-14 17:56:58 -------- d-----w- C:\Windows\System32\drivers\UMDF\zh-CN2013-05-14 17:56:56 -------- d-----w- C:\Windows\System32\drivers\UMDF\ja-JP2013-05-14 17:56:54 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-BR2013-05-14 17:56:52 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-PT2013-05-14 17:56:50 -------- d-----w- C:\Windows\System32\drivers\UMDF\nl-NL2013-05-14 17:56:48 -------- d-----w- C:\Windows\System32\drivers\UMDF\it-IT2013-05-14 17:56:46 -------- d-----w- C:\Windows\System32\drivers\UMDF\de-DE2013-05-14 17:56:44 -------- d-----w- C:\Windows\System32\drivers\UMDF\fr-FR2013-05-14 17:56:42 -------- d-----w- C:\Windows\System32\drivers\UMDF\es-ES2013-05-14 17:55:52 -------- d-----w- C:\Windows\System32\ms-MY2013-05-09 18:02:33 -------- d-----w- C:\Users\Ken\467D5E81834948929E81C3674ED8E451.TMP2013-05-09 17:10:04 -------- d-----w- C:\Users\Ken\AppData\Roaming\Malwarebytes2013-05-09 17:09:39 -------- d-----w- C:\ProgramData\Malwarebytes2013-05-09 17:09:35 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-05-09 17:09:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-05-09 17:09:22 -------- d-----w- C:\Users\Ken\AppData\Local\Programs2013-05-09 14:53:40 -------- d-----w- C:\ProgramData\HitmanPro2013-05-07 22:06:23 119808 ----a-r- C:\Users\Ken\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe2013-05-02 04:34:20 -------- d-----w- C:\Users\Ken\AppData\Local\gtk-2.02013-05-01 17:52:58 -------- d-----w- C:\Program Files\Microsoft Network Monitor 32013-04-30 17:59:28 -------- d-----w- C:\Users\Ken\AppData\Roaming\Wireshark2013-04-30 17:45:21 -------- d-----w- C:\Program Files (x86)\WinPcap2013-04-30 17:39:18 -------- d-----w- C:\Program Files\Wireshark2013-04-29 22:58:46 -------- d-----w- C:\Users\Ken\AppData\Local\Macromedia2013-04-28 01:51:30 -------- d-----w- C:\Program Files (x86)\Fiddler22013-04-24 17:34:59 -------- d-----w- C:\Users\Ken\AppData\Local\Mozilla2013-04-24 17:34:49 263064 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll2013-04-24 17:34:45 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe2013-04-24 17:10:43 -------- d-----w- C:\Program Files\PGP Corporation2013-04-24 16:29:47 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys2013-04-23 22:32:35 -------- d-----w- C:\Program Files\CPUID.==================== Find3M ====================.2013-05-02 09:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-04-29 22:57:27 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-04-29 22:57:27 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-04-24 17:10:55 135198 ----a-w- C:\Windows\SysWow64\PGPlspRollback.reg2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-03-26 16:35:41 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-03-26 16:35:41 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-03-25 21:57:56 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe2013-03-18 07:49:33 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll2013-03-18 07:49:32 175616 ----a-w- C:\Windows\System32\msclmd.dll.============= FINISH: 10:39:15.07 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1Install Date: 3/8/2011 9:42:04 AMSystem Uptime: 5/17/2013 10:09:59 AM (72 hours ago).Motherboard: LENOVO | | 43192RUProcessor: Intel® Core i7 CPU Q 820 @ 1.73GHz | None | 1734/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 287 GiB total, 102.129 GiB free.D: is CDROM ()F: is FIXED (FAT32) - 466 GiB total, 262.018 GiB free..==== Disabled Device Manager Items =============.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Officejet Pro L7600Device ID: ROOT\MULTIFUNCTION\0000Manufacturer: HPName: Officejet Pro L7600PNP Device ID: ROOT\MULTIFUNCTION\0000Service: .Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64Device ID: ROOT\NET\0000Manufacturer: Cisco SystemsName: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64PNP Device ID: ROOT\NET\0000Service: vpnva.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Cisco Systems VPN Adapter for 64-bit WindowsDevice ID: ROOT\NET\0001Manufacturer: Cisco SystemsName: Cisco Systems VPN Adapter for 64-bit WindowsPNP Device ID: ROOT\NET\0001Service: CVirtA.==== System Restore Points ===================.RP63: 5/14/2013 3:56:14 AM - Windows UpdateRP65: 5/14/2013 10:54:41 AM - Installed Zune 4.8RP66: 5/15/2013 12:03:11 PM - Windows Update.==== Installed Programs ======================.64 Bit HP CIO Components Installer7500_7600_7700_Help1Access HelpAdobe Acrobat 9 ProAdobe Acrobat 9.2.0 - CPSID_50026Adobe AIRAdobe Community HelpAdobe Creative Suite 5 Web PremiumAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Media PlayerAdobe Reader 9.2Amazon Cloud PlayerApple Application SupportApple Mobile Device SupportApple Software UpdateBing BarBing Rewards Client InstallerBonjourbpd_scan_CarrierBPDSoftwareBPDSoftware_IniBufferChmBurn.Now 4.5Cisco AnyConnect Secure Mobility ClientCisco AnyConnect Secure Mobility Client Cisco Systems VPN Client 5.0.07.0290Cisco WebEx MeetingsClient Security - Password ManagerConexant 20585 SmartAudio HDCorel Burn.Now Lenovo EditionCorel DVD MovieFactory 7Corel DVD MovieFactory Lenovo EditionCreate Recovery MediaD3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDirect DiscRecorderDisable AMT Profile Synchronization Pop-up for Windows Vista/7DropboxeRegEVault Software AgentExtend360 Enforcement AgentFiddlerFileZilla Client 3.6.0.2Google ChromeGoogle Update HelperHP OfficeJet L7300/L7500/7600/7700hueyPRO for Lenovo (Version 1.2.4.1)IE Block for 9 and 10Integrated Camera Driver Installer Package Ver.1.1.0.19Intel PROSet WirelessIntel® Control CenterIntel® Management Engine ComponentsIntel® PROSet/Wireless WiFi SoftwareIntel® Turbo Boost Technology MonitorInterVideo WinDVD 8iTunesJava 7 Update 17Java Auto Updaterjoin.meJunk Mail filter updateL7000_BasicLenovo Auto Scroll UtilityLenovo SimpleTapLenovo System Interface DriverLenovo ThinkVantage ToolboxLenovo Warranty InformationLenovo WelcomeLogitech SetPoint 6.52MaaS360 Software Uninstall UtilityMaaS360 Visibility ServiceMalwarebytes Anti-Malware version 1.75.0.1300Mesh RuntimeMessage Center PlusMicrosoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Network Monitor 3.4Microsoft Network Monitor: NetworkMonitor Parsers 3.4Microsoft Office 2010Microsoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Communicator 2007 R2Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Touch Pack for Windows 7Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft XNA Framework Redistributable 3.0Microsoft_VC80_ATL_x86Microsoft_VC80_ATL_x86_x64Microsoft_VC80_CRT_x86Microsoft_VC80_CRT_x86_x64Microsoft_VC80_MFC_x86Microsoft_VC80_MFC_x86_x64Microsoft_VC80_MFCLOC_x86Microsoft_VC80_MFCLOC_x86_x64Microsoft_VC90_ATL_x86Microsoft_VC90_ATL_x86_x64Microsoft_VC90_CRT_x86Microsoft_VC90_CRT_x86_x64Microsoft_VC90_MFC_x86Microsoft_VC90_MFC_x86_x64Mobile BroadbandMozilla Firefox 20.0.1 (x86 en-US)Mozilla Maintenance ServiceMozilla Thunderbird 17.0.5 (x86 en-US)MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NEC Electronics USB 3.0 Host Controller DriverNetwork64Notepad++NVIDIA Display Control PanelNVIDIA DriversNVIDIA Performance DriversOn Screen DisplayOpenDNS Updater 2.2.1PDF Settings CS5QuickTimeRegistry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7Rescue and RecoveryRICOH R5U230 Media Driver ver.2.06.02.02SafariScanSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit EditionSecurity Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft OneNote 2010 (KB2760600) 32-Bit EditionSecurity Update for Microsoft Publisher 2010 (KB2553147) 32-Bit EditionSecurity Update for Microsoft Visio 2010 (KB2810068) 32-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionSymantec Encryption DesktopSystem UpdateThinkPad Bluetooth with Enhanced Data Rate SoftwareThinkPad FullScreen MagnifierThinkPad Modem AdapterThinkPad Power Management DriverThinkPad Power ManagerThinkPad UltraNav DriverThinkPad UltraNav UtilityThinkVantage Access ConnectionsThinkVantage Active Protection SystemThinkVantage Communications UtilityThinkVantage Fingerprint SoftwareToolboxTrend Micro Client/Server Security AgentUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553092)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553378) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687503) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2767886) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2597090) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2598240) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionWallWatcherWebRegWindows 7 USB/DVD Download ToolWindows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)Windows Driver Package - Intel (e1kexpress) Net (06/22/2010 11.5.10.1012)Windows Driver Package - Intel (HECIx64) System (09/17/2009 6.0.0.1179)Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07)Windows Driver Package - Synaptics (SynTP) Mouse (04/22/2010 15.0.18.0)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Mobile Device Updater ComponentWinPcap 4.1.2Wireshark 1.8.6 (64-bit)ZuneZune Language Pack (CHS)Zune Language Pack (CHT)Zune Language Pack (CSY)Zune Language Pack (DAN)Zune Language Pack (DEU)Zune Language Pack (ELL)Zune Language Pack (ESP)Zune Language Pack (FIN)Zune Language Pack (FRA)Zune Language Pack (HUN)Zune Language Pack (IND)Zune Language Pack (ITA)Zune Language Pack (JPN)Zune Language Pack (KOR)Zune Language Pack (MSL)Zune Language Pack (NLD)Zune Language Pack (NOR)Zune Language Pack (PLK)Zune Language Pack (PTB)Zune Language Pack (PTG)Zune Language Pack (RUS)Zune Language Pack (SVE).==== Event Viewer Messages From Past Week ========.5/20/2013 6:56:42 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.5/17/2013 10:13:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.5/17/2013 10:11:26 AM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "0024D7910DD0" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. 5/15/2013 9:49:29 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.5/15/2013 9:41:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}5/15/2013 9:41:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}5/15/2013 9:40:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}5/15/2013 9:40:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}5/15/2013 9:40:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}5/15/2013 9:40:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}5/15/2013 9:40:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}5/15/2013 9:40:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}5/15/2013 9:37:12 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache lenovo.smi NetBIOS NetBT nm3 nsiproxy PGPsdkDriver Psched rdbss spldr tdx tmcomm tmtdi TPPWRIF vwififlt Wanarpv6 WfpLwf5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The Trend Micro Client/Server Security Agent service depends on the Network Connections service which failed to start because of the following error: The dependency service or group failed to start.5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The Trend Micro Client/Server Security Agent Listener service depends on the Network Connections service which failed to start because of the following error: The dependency service or group failed to start.5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.5/15/2013 6:17:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.5/15/2013 6:17:51 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.5/15/2013 6:17:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}5/15/2013 2:12:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.5/15/2013 2:11:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vpnagent service..==== End Of File =========================== Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 22, 2013 ID:682692 Share Posted May 22, 2013 Hello unname and welcome to Malwarebytes!I am D-FRED-BROWN and I will be helping you. Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.----------Step 1----------------Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it.To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.----------Step 2----------------Please download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt----------Step 3----------------Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:http://www.bleepingc...to-use-combofix***IMPORTANT: save ComboFix to your Desktop**** Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Please go here to see a list of programs that should be disabled.**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall** Please include the C:\ComboFix.txt in your next reply for further review.NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.----------Step 4----------------Please download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.----------Step 5----------------In your next reply, please include the following:TDSSKiller's logfileMBAR mbar-log.txt and system-log.txtComboFix's report (C:\ComboFix.txt)Security Check checkup.txtAfter that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Note:Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"-------> Your topic will be closed if you haven't replied within 3 days! <--------(If I don't respond within 24 hours, please send me a PM)-DFB Link to post Share on other sites More sharing options...
unname Posted May 23, 2013 Author ID:682822 Share Posted May 23, 2013 Hi DFB,Thanks for the welcome and thank you very much for evaluating the logs. I discovered during the scans that perhaps I am going to have to reinstall the OS - MBAR was unable to complete because corruption or encryption - I'm guessing the latter as the comp is running pgp.Then I couldn't turn off trend micro (pw req'd) so it alerted during combofix.If you think there's still an opportunity to proceed, I'll happily oblige. Otherwise I'd hate to use any further of your's and the community's time.Again, thanks for your help - even if ends here, I appreciate it. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 23, 2013 ID:682823 Share Posted May 23, 2013 Just because MBAR couldn't finish doesn't mean that TDSSKiller or ComboFix will do the same. Give those other programs a try, post their logs, and then we can re-evaluate once I get an idea of what we're facing. Link to post Share on other sites More sharing options...
unname Posted May 23, 2013 Author ID:682951 Share Posted May 23, 2013 Ok - thanks --- TDSS --- (no threats found)08:48:03.0774 7580 TDSS rootkit removing tool 2.8.17.0 Apr 11 2013 11:56:3408:48:04.0245 7580 ============================================================08:48:04.0245 7580 Current date / time: 2013/05/23 08:48:04.024508:48:04.0245 7580 SystemInfo:08:48:04.0245 7580 08:48:04.0245 7580 OS Version: 6.1.7601 ServicePack: 1.008:48:04.0245 7580 Product type: Workstation08:48:04.0245 7580 ComputerName: ESORKMASON08:48:04.0245 7580 UserName: Ken08:48:04.0245 7580 Windows directory: C:\Windows08:48:04.0245 7580 System windows directory: C:\Windows08:48:04.0245 7580 Running under WOW6408:48:04.0245 7580 Processor architecture: Intel x6408:48:04.0245 7580 Number of processors: 808:48:04.0245 7580 Page size: 0x100008:48:04.0245 7580 Boot type: Normal boot08:48:04.0245 7580 ============================================================08:48:04.0635 7580 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x0000004008:48:04.0644 7580 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'08:48:04.0649 7580 ============================================================08:48:04.0649 7580 \Device\Harddisk0\DR0:08:48:04.0649 7580 MBR partitions:08:48:04.0649 7580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x25800008:48:04.0649 7580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x23E4D7F808:48:04.0649 7580 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x240A6000, BlocksNum 0x138800008:48:04.0649 7580 \Device\Harddisk1\DR1:08:48:04.0650 7580 MBR partitions:08:48:04.0650 7580 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C0208:48:04.0650 7580 ============================================================08:48:04.0661 7580 F: <-> \Device\Harddisk1\DR1\Partition108:48:04.0661 7580 ============================================================08:48:04.0661 7580 Initialize success08:48:04.0661 7580 ============================================================08:48:06.0012 8092 ============================================================08:48:06.0012 8092 Scan started08:48:06.0012 8092 Mode: Manual; 08:48:06.0012 8092 ============================================================08:48:06.0061 8092 ================ Scan system memory ========================08:48:06.0061 8092 System memory - ok08:48:06.0061 8092 ================ Scan services =============================08:48:06.0096 8092 1394ohci - ok08:48:06.0115 8092 5U877 - ok08:48:06.0121 8092 ACPI - ok08:48:06.0124 8092 AcpiPmi - ok08:48:06.0144 8092 AcPrfMgrSvc - ok08:48:06.0174 8092 acsock - ok08:48:06.0211 8092 AcSvc - ok08:48:06.0251 8092 adp94xx - ok08:48:06.0256 8092 adpahci - ok08:48:06.0260 8092 adpu320 - ok08:48:06.0266 8092 AeLookupSvc - ok08:48:06.0289 8092 AFD - ok08:48:06.0293 8092 agp440 - ok08:48:06.0298 8092 ALG - ok08:48:06.0303 8092 aliide - ok08:48:06.0307 8092 amdide - ok08:48:06.0312 8092 AmdK8 - ok08:48:06.0317 8092 AmdPPM - ok08:48:06.0321 8092 amdsata - ok08:48:06.0326 8092 amdsbs - ok08:48:06.0329 8092 amdxata - ok08:48:06.0334 8092 AppID - ok08:48:06.0338 8092 AppIDSvc - ok08:48:06.0351 8092 Appinfo - ok08:48:06.0362 8092 Apple Mobile Device - ok08:48:06.0367 8092 AppMgmt - ok08:48:06.0485 8092 arc - ok08:48:06.0489 8092 arcsas - ok08:48:06.0497 8092 AsyncMac - ok08:48:06.0502 8092 atapi - ok08:48:06.0507 8092 AudioEndpointBuilder - ok08:48:06.0512 8092 AudioSrv - ok08:48:06.0523 8092 AxInstSV - ok08:48:06.0528 8092 b06bdrv - ok08:48:06.0532 8092 b57nd60a - ok08:48:06.0539 8092 BBSvc - ok08:48:06.0544 8092 BBUpdate - ok08:48:06.0549 8092 BDESVC - ok08:48:06.0553 8092 Beep - ok08:48:06.0567 8092 BESClient - ok08:48:06.0574 8092 BFE - ok08:48:06.0578 8092 BITS - ok08:48:06.0583 8092 blbdrive - ok08:48:06.0587 8092 Bonjour Service - ok08:48:06.0592 8092 bowser - ok08:48:06.0601 8092 BrFiltLo - ok08:48:06.0606 8092 BrFiltUp - ok08:48:06.0617 8092 BridgeMP - ok08:48:06.0622 8092 Browser - ok08:48:06.0627 8092 Brserid - ok08:48:06.0632 8092 BrSerWdm - ok08:48:06.0638 8092 BrUsbMdm - ok08:48:06.0642 8092 BrUsbSer - ok08:48:06.0647 8092 BthEnum - ok08:48:06.0651 8092 BTHMODEM - ok08:48:06.0655 8092 BthPan - ok08:48:06.0663 8092 BTHPORT - ok08:48:06.0667 8092 bthserv - ok08:48:06.0672 8092 BTHUSB - ok08:48:06.0683 8092 btwaudio - ok08:48:06.0696 8092 btwavdt - ok08:48:06.0706 8092 btwdins - ok08:48:06.0710 8092 btwl2cap - ok08:48:06.0714 8092 btwrchid - ok08:48:06.0717 8092 catchme - ok08:48:06.0728 8092 CAXHWAZL - ok08:48:06.0732 8092 cdfs - ok08:48:06.0746 8092 cdrom - ok08:48:06.0750 8092 CertPropSvc - ok08:48:06.0760 8092 CFUACProxy_officeguardianv2 - ok08:48:06.0779 8092 circlass - ok08:48:06.0783 8092 CLFS - ok08:48:06.0786 8092 clr_optimization_v2.0.50727_32 - ok08:48:06.0791 8092 clr_optimization_v2.0.50727_64 - ok08:48:06.0795 8092 clr_optimization_v4.0.30319_32 - ok08:48:06.0800 8092 clr_optimization_v4.0.30319_64 - ok08:48:06.0809 8092 CmBatt - ok08:48:06.0813 8092 cmdide - ok08:48:06.0816 8092 CNG - ok08:48:06.0820 8092 CnxtHdAudService - ok08:48:06.0825 8092 Compbatt - ok08:48:06.0828 8092 CompositeBus - ok08:48:06.0832 8092 COMSysApp - ok08:48:06.0836 8092 crcdisk - ok08:48:06.0841 8092 CryptSvc - ok08:48:06.0844 8092 CSC - ok08:48:06.0848 8092 CscService - ok08:48:06.0853 8092 CVirtA - ok08:48:06.0856 8092 CVPND - ok08:48:06.0869 8092 CVPNDRVA - ok08:48:06.0875 8092 DcomLaunch - ok08:48:06.0878 8092 defragsvc - ok08:48:06.0882 8092 DfsC - ok08:48:06.0886 8092 Dhcp - ok08:48:06.0890 8092 discache - ok08:48:06.0894 8092 Disk - ok08:48:06.0898 8092 DNE - ok08:48:06.0902 8092 Dnscache - ok08:48:06.0905 8092 dot3svc - ok08:48:06.0908 8092 DozeSvc - ok08:48:06.0912 8092 DPS - ok08:48:06.0917 8092 drmkaud - ok08:48:06.0920 8092 DXGKrnl - ok08:48:06.0924 8092 DzHDD64 - ok08:48:06.0942 8092 e1kexpress - ok08:48:06.0946 8092 EapHost - ok08:48:06.0950 8092 ebdrv - ok08:48:06.0953 8092 EFS - ok08:48:06.0956 8092 ehRecvr - ok08:48:06.0959 8092 ehSched - ok08:48:06.0963 8092 elxstor - ok08:48:06.0973 8092 EMSAgent - ok08:48:06.0976 8092 ErrDev - ok08:48:06.0986 8092 EVault InfoStage Agent - ok08:48:06.0991 8092 EVault InfoStage BUAgent - ok08:48:06.0995 8092 EventSystem - ok08:48:06.0999 8092 EvtEng - ok08:48:07.0003 8092 exfat - ok08:48:07.0006 8092 fastfat - ok08:48:07.0010 8092 Fax - ok08:48:07.0014 8092 fdc - ok08:48:07.0017 8092 fdPHost - ok08:48:07.0021 8092 FDResPub - ok08:48:07.0025 8092 FileInfo - ok08:48:07.0028 8092 Filetrace - ok08:48:07.0038 8092 FLEXnet Licensing Service - ok08:48:07.0043 8092 flpydisk - ok08:48:07.0046 8092 FltMgr - ok08:48:07.0050 8092 FontCache - ok08:48:07.0054 8092 FontCache3.0.0.0 - ok08:48:07.0058 8092 FsDepends - ok08:48:07.0062 8092 Fs_Rec - ok08:48:07.0065 8092 fvevol - ok08:48:07.0069 8092 gagp30kx - ok08:48:07.0073 8092 GEARAspiWDM - ok08:48:07.0077 8092 gpsvc - ok08:48:07.0081 8092 gupdate - ok08:48:07.0085 8092 gupdatem - ok08:48:07.0089 8092 hcw85cir - ok08:48:07.0103 8092 HdAudAddService - ok08:48:07.0111 8092 HDAudBus - ok08:48:07.0115 8092 HECIx64 - ok08:48:07.0119 8092 HidBatt - ok08:48:07.0123 8092 HidBth - ok08:48:07.0126 8092 HidIr - ok08:48:07.0130 8092 hidserv - ok08:48:07.0133 8092 HidUsb - ok08:48:07.0137 8092 hkmsvc - ok08:48:07.0141 8092 HomeGroupListener - ok08:48:07.0145 8092 HomeGroupProvider - ok08:48:07.0149 8092 HpSAMD - ok08:48:07.0153 8092 HPSLPSVC - ok08:48:07.0163 8092 HsfXAudioService - ok08:48:07.0166 8092 HSF_DPV - ok08:48:07.0170 8092 HTTP - ok08:48:07.0173 8092 hwpolicy - ok08:48:07.0180 8092 i8042prt - ok08:48:07.0183 8092 iaStor - ok08:48:07.0186 8092 iaStorV - ok08:48:07.0190 8092 IBMPMDRV - ok08:48:07.0193 8092 IBMPMSVC - ok08:48:07.0197 8092 idsvc - ok08:48:07.0200 8092 igfx - ok08:48:07.0204 8092 iirsp - ok08:48:07.0207 8092 IKEEXT - ok08:48:07.0212 8092 intelide - ok08:48:07.0224 8092 intelppm - ok08:48:07.0226 8092 IPBusEnum - ok08:48:07.0229 8092 IpFilterDriver - ok08:48:07.0232 8092 iphlpsvc - ok08:48:07.0236 8092 IPMIDRV - ok08:48:07.0239 8092 IPNAT - ok08:48:07.0242 8092 iPod Service - ok08:48:07.0245 8092 IRENUM - ok08:48:07.0248 8092 isapnp - ok08:48:07.0251 8092 iScsiPrt - ok08:48:07.0263 8092 IviRegMgr - ok08:48:07.0267 8092 kbdclass - ok08:48:07.0270 8092 kbdhid - ok08:48:07.0273 8092 KeyIso - ok08:48:07.0276 8092 KSecDD - ok08:48:07.0278 8092 KSecPkg - ok08:48:07.0281 8092 ksthunk - ok08:48:07.0287 8092 KtmRm - ok08:48:07.0295 8092 LanmanServer - ok08:48:07.0298 8092 LanmanWorkstation - ok08:48:07.0301 8092 LBTServ - ok08:48:07.0309 8092 LENOVO.CAMMUTE - ok08:48:07.0312 8092 LENOVO.MICMUTE - ok08:48:07.0315 8092 lenovo.smi - ok08:48:07.0318 8092 LENOVO.TPKNRSVC - ok08:48:07.0321 8092 Lenovo.VIRTSCRLSVC - ok08:48:07.0325 8092 LEqdUsb - ok08:48:07.0328 8092 LHidEqd - ok08:48:07.0331 8092 LHidFilt - ok08:48:07.0337 8092 lltdio - ok08:48:07.0341 8092 lltdsvc - ok08:48:07.0343 8092 lmhosts - ok08:48:07.0347 8092 LMouFilt - ok08:48:07.0350 8092 LMS - ok08:48:07.0364 8092 LSI_FC - ok08:48:07.0367 8092 LSI_SAS - ok08:48:07.0370 8092 LSI_SAS2 - ok08:48:07.0373 8092 LSI_SCSI - ok08:48:07.0376 8092 luafv - ok08:48:07.0390 8092 MBAMProtector - ok08:48:07.0399 8092 MBAMScheduler - ok08:48:07.0403 8092 MBAMService - ok08:48:07.0406 8092 Mcx2Svc - ok08:48:07.0409 8092 mdmxsdk - ok08:48:07.0411 8092 megasas - ok08:48:07.0415 8092 MegaSR - ok08:48:07.0417 8092 Microsoft SharePoint Workspace Audit Service - ok08:48:07.0427 8092 MMCSS - ok08:48:07.0430 8092 Modem - ok08:48:07.0433 8092 monitor - ok08:48:07.0435 8092 mouclass - ok08:48:07.0438 8092 mouhid - ok08:48:07.0442 8092 mountmgr - ok08:48:07.0445 8092 MozillaMaintenance - ok08:48:07.0448 8092 mpio - ok08:48:07.0451 8092 mpsdrv - ok08:48:07.0454 8092 MpsSvc - ok08:48:07.0457 8092 MRxDAV - ok08:48:07.0460 8092 mrxsmb - ok08:48:07.0462 8092 mrxsmb10 - ok08:48:07.0465 8092 mrxsmb20 - ok08:48:07.0468 8092 msahci - ok08:48:07.0471 8092 msdsm - ok08:48:07.0474 8092 MSDTC - ok08:48:07.0486 8092 Msfs - ok08:48:07.0489 8092 mshidkmdf - ok08:48:07.0492 8092 msisadrv - ok08:48:07.0495 8092 MSiSCSI - ok08:48:07.0498 8092 msiserver - ok08:48:07.0501 8092 MSKSSRV - ok08:48:07.0504 8092 MSPCLOCK - ok08:48:07.0507 8092 MSPQM - ok08:48:07.0510 8092 MsRPC - ok08:48:07.0515 8092 mssmbios - ok08:48:07.0517 8092 MSTEE - ok08:48:07.0523 8092 MTConfig - ok08:48:07.0526 8092 Mup - ok08:48:07.0529 8092 napagent - ok08:48:07.0532 8092 NativeWifiP - ok08:48:07.0535 8092 NDIS - ok08:48:07.0538 8092 NdisCap - ok08:48:07.0544 8092 NdisTapi - ok08:48:07.0547 8092 Ndisuio - ok08:48:07.0550 8092 NdisWan - ok08:48:07.0553 8092 NDProxy - ok08:48:07.0580 8092 Net Driver HPZ12 - ok08:48:07.0584 8092 NetBIOS - ok08:48:07.0588 8092 NetBT - ok08:48:07.0591 8092 Netlogon - ok08:48:07.0644 8092 Netman - ok08:48:07.0650 8092 netprofm - ok08:48:07.0653 8092 NetTcpPortSharing - ok08:48:07.0657 8092 netw5v64 - ok08:48:07.0660 8092 NETwNs64 - ok08:48:07.0663 8092 nfrd960 - ok08:48:07.0666 8092 NlaSvc - ok08:48:07.0710 8092 nm3 - ok08:48:07.0716 8092 NPF - ok08:48:07.0719 8092 Npfs - ok08:48:07.0722 8092 nsi - ok08:48:07.0725 8092 nsiproxy - ok08:48:07.0729 8092 Ntfs - ok08:48:07.0733 8092 ntrtscan - ok08:48:07.0736 8092 Null - ok08:48:07.0743 8092 nusb3hub - ok08:48:07.0746 8092 nusb3xhc - ok08:48:07.0758 8092 NVHDA - ok08:48:07.0762 8092 NVIDIA Performance Driver Service - ok08:48:07.0765 8092 nvlddmkm - ok08:48:07.0767 8092 nvraid - ok08:48:07.0770 8092 nvstor - ok08:48:07.0773 8092 nvsvc - ok08:48:07.0782 8092 nv_agp - ok08:48:07.0785 8092 ohci1394 - ok08:48:07.0796 8092 ose - ok08:48:07.0800 8092 osppsvc - ok08:48:07.0805 8092 p2pimsvc - ok08:48:07.0807 8092 p2psvc - ok08:48:07.0810 8092 Parport - ok08:48:07.0813 8092 partmgr - ok08:48:07.0816 8092 PcaSvc - ok08:48:07.0819 8092 pci - ok08:48:07.0821 8092 pciide - ok08:48:07.0824 8092 pcmcia - ok08:48:07.0827 8092 pcw - ok08:48:07.0830 8092 PEAUTH - ok08:48:07.0833 8092 PeerDistSvc - ok08:48:07.0838 8092 PerfHost - ok08:48:07.0847 8092 PGP RDD Service - ok08:48:07.0853 8092 PGPdisk - ok08:48:07.0856 8092 pgpfs - ok08:48:07.0861 8092 PGPsdkDriver - ok08:48:07.0864 8092 PGPwded - ok08:48:07.0868 8092 Pgpwdefs - ok08:48:07.0871 8092 pla - ok08:48:07.0879 8092 PlugPlay - ok08:48:07.0883 8092 Pml Driver HPZ12 - ok08:48:07.0892 8092 pmxdrv - ok08:48:07.0895 8092 PNRPAutoReg - ok08:48:07.0898 8092 PNRPsvc - ok08:48:07.0901 8092 PolicyAgent - ok08:48:07.0905 8092 Power - ok08:48:07.0911 8092 Power Manager DBC Service - ok08:48:07.0914 8092 PptpMiniport - ok08:48:07.0917 8092 Processor - ok08:48:07.0920 8092 ProfSvc - ok08:48:07.0924 8092 ProtectedStorage - ok08:48:07.0927 8092 psadd - ok08:48:07.0963 8092 Psched - ok08:48:07.0966 8092 ql2300 - ok08:48:07.0969 8092 ql40xx - ok08:48:07.0973 8092 QWAVE - ok08:48:07.0976 8092 QWAVEdrv - ok08:48:07.0979 8092 RasAcd - ok08:48:08.0012 8092 RasAgileVpn - ok08:48:08.0020 8092 RasAuto - ok08:48:08.0025 8092 Rasl2tp - ok08:48:08.0034 8092 RasMan - ok08:48:08.0040 8092 RasPppoe - ok08:48:08.0043 8092 RasSstp - ok08:48:08.0046 8092 rdbss - ok08:48:08.0049 8092 rdpbus - ok08:48:08.0052 8092 RDPCDD - ok08:48:08.0056 8092 RDPDR - ok08:48:08.0081 8092 RDPENCDD - ok08:48:08.0086 8092 RDPREFMP - ok08:48:08.0089 8092 RDPWD - ok08:48:08.0092 8092 rdyboost - ok08:48:08.0131 8092 RegSrvc - ok08:48:08.0135 8092 RemoteAccess - ok08:48:08.0139 8092 RemoteRegistry - ok08:48:08.0144 8092 RFCOMM - ok08:48:08.0151 8092 rimspci - ok08:48:08.0167 8092 rpcapd - ok08:48:08.0184 8092 RpcEptMapper - ok08:48:08.0188 8092 RpcLocator - ok08:48:08.0191 8092 RpcSs - ok08:48:08.0194 8092 rspndr - ok08:48:08.0197 8092 s3cap - ok08:48:08.0200 8092 SamSs - ok08:48:08.0202 8092 sbp2port - ok08:48:08.0205 8092 SCardSvr - ok08:48:08.0208 8092 scfilter - ok08:48:08.0211 8092 Schedule - ok08:48:08.0214 8092 SCPolicySvc - ok08:48:08.0217 8092 sdbus - ok08:48:08.0220 8092 SDRSVC - ok08:48:08.0222 8092 secdrv - ok08:48:08.0225 8092 seclogon - ok08:48:08.0234 8092 SENS - ok08:48:08.0243 8092 SensrSvc - ok08:48:08.0249 8092 Serenum - ok08:48:08.0252 8092 Serial - ok08:48:08.0256 8092 sermouse - ok08:48:08.0263 8092 SessionEnv - ok08:48:08.0268 8092 sffdisk - ok08:48:08.0271 8092 sffp_mmc - ok08:48:08.0274 8092 sffp_sd - ok08:48:08.0277 8092 sfloppy - ok08:48:08.0289 8092 SharedAccess - ok08:48:08.0292 8092 ShellHWDetection - ok08:48:08.0295 8092 Shockprf - ok08:48:08.0304 8092 SiSRaid2 - ok08:48:08.0307 8092 SiSRaid4 - ok08:48:08.0310 8092 Smb - ok08:48:08.0313 8092 smihlp - ok08:48:08.0320 8092 SNMPTRAP - ok08:48:08.0322 8092 spldr - ok08:48:08.0325 8092 Spooler - ok08:48:08.0328 8092 sppsvc - ok08:48:08.0332 8092 sppuinotify - ok08:48:08.0334 8092 srv - ok08:48:08.0337 8092 srv2 - ok08:48:08.0344 8092 SrvHsfHDA - ok08:48:08.0347 8092 SrvHsfV92 - ok08:48:08.0350 8092 SrvHsfWinac - ok08:48:08.0352 8092 srvnet - ok08:48:08.0355 8092 SSDPSRV - ok08:48:08.0358 8092 SstpSvc - ok08:48:08.0361 8092 stexstor - ok08:48:08.0364 8092 StillCam - ok08:48:08.0367 8092 stisvc - ok08:48:08.0370 8092 storflt - ok08:48:08.0372 8092 StorSvc - ok08:48:08.0375 8092 storvsc - ok08:48:08.0378 8092 SUService - ok08:48:08.0384 8092 svcGenericHost - ok08:48:08.0387 8092 swenum - ok08:48:08.0391 8092 SwitchBoard - ok08:48:08.0394 8092 swprv - ok08:48:08.0397 8092 SynTP - ok08:48:08.0400 8092 SysMain - ok08:48:08.0403 8092 TabletInputService - ok08:48:08.0406 8092 TapiSrv - ok08:48:08.0409 8092 TBS - ok08:48:08.0412 8092 Tcpip - ok08:48:08.0415 8092 TCPIP6 - ok08:48:08.0419 8092 tcpipreg - ok08:48:08.0424 8092 TDPIPE - ok08:48:08.0427 8092 TDTCP - ok08:48:08.0431 8092 tdx - ok08:48:08.0435 8092 TermDD - ok08:48:08.0438 8092 TermService - ok08:48:08.0442 8092 Themes - ok08:48:08.0446 8092 ThinkVantage Registry Monitor Service - ok08:48:08.0450 8092 THREADORDER - ok08:48:08.0453 8092 tmactmon - ok08:48:08.0460 8092 TMBMServer - ok08:48:08.0463 8092 tmcomm - ok08:48:08.0467 8092 tmevtmgr - ok08:48:08.0478 8092 TmFilter - ok08:48:08.0481 8092 tmlisten - ok08:48:08.0499 8092 TmPreFilter - ok08:48:08.0503 8092 TmProxy - ok08:48:08.0506 8092 tmtdi - ok08:48:08.0518 8092 TPDIGIMN - ok08:48:08.0520 8092 TPHDEXLGSVC - ok08:48:08.0523 8092 TPHKSVC - ok08:48:08.0535 8092 TPM - ok08:48:08.0538 8092 TPPWRIF - ok08:48:08.0541 8092 TrkWks - ok08:48:08.0544 8092 TrustedInstaller - ok08:48:08.0548 8092 tssecsrv - ok08:48:08.0552 8092 TsUsbFlt - ok08:48:08.0568 8092 tunnel - ok08:48:08.0571 8092 TurboB - ok08:48:08.0574 8092 TurboBoost - ok08:48:08.0577 8092 TVT Backup Service - ok08:48:08.0580 8092 TVTI2C - ok08:48:08.0583 8092 uagp35 - ok08:48:08.0586 8092 udfs - ok08:48:08.0591 8092 UI0Detect - ok08:48:08.0595 8092 UleadBurningHelper - ok08:48:08.0608 8092 uliagpkx - ok08:48:08.0611 8092 umbus - ok08:48:08.0614 8092 UmPass - ok08:48:08.0617 8092 UmRdpService - ok08:48:08.0619 8092 UNS - ok08:48:08.0623 8092 upnphost - ok08:48:08.0630 8092 USBAAPL64 - ok08:48:08.0633 8092 usbccgp - ok08:48:08.0636 8092 usbcir - ok08:48:08.0639 8092 usbehci - ok08:48:08.0642 8092 usbhub - ok08:48:08.0646 8092 usbohci - ok08:48:08.0648 8092 usbprint - ok08:48:08.0651 8092 USBSTOR - ok08:48:08.0654 8092 usbuhci - ok08:48:08.0665 8092 usbvideo - ok08:48:08.0668 8092 UxSms - ok08:48:08.0670 8092 VaultSvc - ok08:48:08.0680 8092 vdrvroot - ok08:48:08.0685 8092 vds - ok08:48:08.0689 8092 vga - ok08:48:08.0693 8092 VgaSave - ok08:48:08.0697 8092 vhdmp - ok08:48:08.0701 8092 viaide - ok08:48:08.0704 8092 vmbus - ok08:48:08.0708 8092 VMBusHID - ok08:48:08.0712 8092 volmgr - ok08:48:08.0716 8092 volmgrx - ok08:48:08.0720 8092 volsnap - ok08:48:08.0725 8092 vpnagent - ok08:48:08.0730 8092 vpnva - ok08:48:08.0733 8092 VSApiNt - ok08:48:08.0738 8092 vsmraid - ok08:48:08.0742 8092 VSS - ok08:48:08.0746 8092 vwifibus - ok08:48:08.0755 8092 vwififlt - ok08:48:08.0759 8092 W32Time - ok08:48:08.0764 8092 WacomPen - ok08:48:08.0768 8092 WANARP - ok08:48:08.0779 8092 Wanarpv6 - ok08:48:08.0787 8092 WatAdminSvc - ok08:48:08.0791 8092 wbengine - ok08:48:08.0795 8092 WbioSrvc - ok08:48:08.0798 8092 wcncsvc - ok08:48:08.0802 8092 WcsPlugInService - ok08:48:08.0806 8092 Wd - ok08:48:08.0810 8092 Wdf01000 - ok08:48:08.0814 8092 WdiServiceHost - ok08:48:08.0818 8092 WdiSystemHost - ok08:48:08.0821 8092 WebClient - ok08:48:08.0825 8092 Wecsvc - ok08:48:08.0829 8092 wercplsupport - ok08:48:08.0839 8092 WerSvc - ok08:48:08.0843 8092 WfpLwf - ok08:48:08.0847 8092 WIMMount - ok08:48:08.0851 8092 winachsf - ok08:48:08.0855 8092 WinDefend - ok08:48:08.0861 8092 WinHttpAutoProxySvc - ok08:48:08.0865 8092 Winmgmt - ok08:48:08.0868 8092 WinRing0_1_2_0 - ok08:48:08.0873 8092 WinRM - ok08:48:08.0880 8092 WinUsb - ok08:48:08.0884 8092 Wlansvc - ok08:48:08.0888 8092 wlcrasvc - ok08:48:08.0891 8092 wlidsvc - ok08:48:08.0896 8092 WmiAcpi - ok08:48:08.0901 8092 wmiApSrv - ok08:48:08.0905 8092 WMPNetworkSvc - ok08:48:08.0941 8092 WMZuneComm - ok08:48:08.0948 8092 WPCSvc - ok08:48:08.0954 8092 WPDBusEnum - ok08:48:08.0960 8092 ws2ifsl - ok08:48:08.0969 8092 wscsvc - ok08:48:08.0973 8092 WSearch - ok08:48:08.0978 8092 wuauserv - ok08:48:08.0981 8092 WudfPf - ok08:48:08.0984 8092 WUDFRd - ok08:48:08.0987 8092 wudfsvc - ok08:48:08.0990 8092 WwanSvc - ok08:48:08.0993 8092 XAudio - ok08:48:08.0998 8092 ZuneNetworkSvc - ok08:48:09.0001 8092 ZuneWlanCfgSvc - ok08:48:09.0037 8092 ================ Scan global ===============================08:48:09.0038 8092 [Global] - ok08:48:09.0039 8092 ================ Scan MBR ==================================08:48:09.0060 8092 [ CDAD75D3EC5E1B28A473CCFC6744F488 ] \Device\Harddisk0\DR008:48:09.0202 8092 \Device\Harddisk0\DR0 - ok08:48:09.0207 8092 [ 8464D19686910A2E5D0E5C28C70A95AB ] \Device\Harddisk1\DR108:48:09.0215 8092 \Device\Harddisk1\DR1 - ok08:48:09.0216 8092 ================ Scan VBR ==================================08:48:09.0230 8092 [ FE19E7DA9B62030FC3AFD08FA6B0AF8B ] \Device\Harddisk0\DR0\Partition108:48:09.0230 8092 \Device\Harddisk0\DR0\Partition1 - ok08:48:09.0244 8092 [ 405733900A3B9D5FE0A587752BB69B6E ] \Device\Harddisk0\DR0\Partition208:48:09.0244 8092 \Device\Harddisk0\DR0\Partition2 - ok08:48:09.0274 8092 [ 6E867FD1EBEA65EEE887B8FFE2138BC7 ] \Device\Harddisk0\DR0\Partition308:48:09.0275 8092 \Device\Harddisk0\DR0\Partition3 - ok08:48:09.0280 8092 [ 27A125B82848D7DE4BC0F6772A187D22 ] \Device\Harddisk1\DR1\Partition108:48:09.0282 8092 \Device\Harddisk1\DR1\Partition1 - ok08:48:09.0283 8092 ============================================================08:48:09.0283 8092 Scan finished08:48:09.0283 8092 ============================================================08:48:09.0302 8224 Detected object count: 008:48:09.0302 8224 Actual detected object count: 008:48:03.0774 7580 TDSS rootkit removing tool 2.8.17.0 Apr 11 2013 11:56:3408:48:04.0245 7580 ============================================================08:48:04.0245 7580 Current date / time: 2013/05/23 08:48:04.024508:48:04.0245 7580 SystemInfo:08:48:04.0245 7580 08:48:04.0245 7580 OS Version: 6.1.7601 ServicePack: 1.008:48:04.0245 7580 Product type: Workstation08:48:04.0245 7580 ComputerName: ESORKMASON08:48:04.0245 7580 UserName: Ken08:48:04.0245 7580 Windows directory: C:\Windows08:48:04.0245 7580 System windows directory: C:\Windows08:48:04.0245 7580 Running under WOW6408:48:04.0245 7580 Processor architecture: Intel x6408:48:04.0245 7580 Number of processors: 808:48:04.0245 7580 Page size: 0x100008:48:04.0245 7580 Boot type: Normal boot08:48:04.0245 7580 ============================================================08:48:04.0635 7580 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x0000004008:48:04.0644 7580 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'08:48:04.0649 7580 ============================================================08:48:04.0649 7580 \Device\Harddisk0\DR0:08:48:04.0649 7580 MBR partitions:08:48:04.0649 7580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x25800008:48:04.0649 7580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x23E4D7F808:48:04.0649 7580 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x240A6000, BlocksNum 0x138800008:48:04.0649 7580 \Device\Harddisk1\DR1:08:48:04.0650 7580 MBR partitions:08:48:04.0650 7580 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C0208:48:04.0650 7580 ============================================================08:48:04.0661 7580 F: <-> \Device\Harddisk1\DR1\Partition108:48:04.0661 7580 ============================================================08:48:04.0661 7580 Initialize success08:48:04.0661 7580 ============================================================08:48:06.0012 8092 ============================================================08:48:06.0012 8092 Scan started08:48:06.0012 8092 Mode: Manual; 08:48:06.0012 8092 ============================================================08:48:06.0061 8092 ================ Scan system memory ========================08:48:06.0061 8092 System memory - ok08:48:06.0061 8092 ================ Scan services =============================08:48:06.0096 8092 1394ohci - ok08:48:06.0115 8092 5U877 - ok08:48:06.0121 8092 ACPI - ok08:48:06.0124 8092 AcpiPmi - ok08:48:06.0144 8092 AcPrfMgrSvc - ok08:48:06.0174 8092 acsock - ok08:48:06.0211 8092 AcSvc - ok08:48:06.0251 8092 adp94xx - ok08:48:06.0256 8092 adpahci - ok08:48:06.0260 8092 adpu320 - ok08:48:06.0266 8092 AeLookupSvc - ok08:48:06.0289 8092 AFD - ok08:48:06.0293 8092 agp440 - ok08:48:06.0298 8092 ALG - ok08:48:06.0303 8092 aliide - ok08:48:06.0307 8092 amdide - ok08:48:06.0312 8092 AmdK8 - ok08:48:06.0317 8092 AmdPPM - ok08:48:06.0321 8092 amdsata - ok08:48:06.0326 8092 amdsbs - ok08:48:06.0329 8092 amdxata - ok08:48:06.0334 8092 AppID - ok08:48:06.0338 8092 AppIDSvc - ok08:48:06.0351 8092 Appinfo - ok08:48:06.0362 8092 Apple Mobile Device - ok08:48:06.0367 8092 AppMgmt - ok08:48:06.0485 8092 arc - ok08:48:06.0489 8092 arcsas - ok08:48:06.0497 8092 AsyncMac - ok08:48:06.0502 8092 atapi - ok08:48:06.0507 8092 AudioEndpointBuilder - ok08:48:06.0512 8092 AudioSrv - ok08:48:06.0523 8092 AxInstSV - ok08:48:06.0528 8092 b06bdrv - ok08:48:06.0532 8092 b57nd60a - ok08:48:06.0539 8092 BBSvc - ok08:48:06.0544 8092 BBUpdate - ok08:48:06.0549 8092 BDESVC - ok08:48:06.0553 8092 Beep - ok08:48:06.0567 8092 BESClient - ok08:48:06.0574 8092 BFE - ok08:48:06.0578 8092 BITS - ok08:48:06.0583 8092 blbdrive - ok08:48:06.0587 8092 Bonjour Service - ok08:48:06.0592 8092 bowser - ok08:48:06.0601 8092 BrFiltLo - ok08:48:06.0606 8092 BrFiltUp - ok08:48:06.0617 8092 BridgeMP - ok08:48:06.0622 8092 Browser - ok08:48:06.0627 8092 Brserid - ok08:48:06.0632 8092 BrSerWdm - ok08:48:06.0638 8092 BrUsbMdm - ok08:48:06.0642 8092 BrUsbSer - ok08:48:06.0647 8092 BthEnum - ok08:48:06.0651 8092 BTHMODEM - ok08:48:06.0655 8092 BthPan - ok08:48:06.0663 8092 BTHPORT - ok08:48:06.0667 8092 bthserv - ok08:48:06.0672 8092 BTHUSB - ok08:48:06.0683 8092 btwaudio - ok08:48:06.0696 8092 btwavdt - ok08:48:06.0706 8092 btwdins - ok08:48:06.0710 8092 btwl2cap - ok08:48:06.0714 8092 btwrchid - ok08:48:06.0717 8092 catchme - ok08:48:06.0728 8092 CAXHWAZL - ok08:48:06.0732 8092 cdfs - ok08:48:06.0746 8092 cdrom - ok08:48:06.0750 8092 CertPropSvc - ok08:48:06.0760 8092 CFUACProxy_officeguardianv2 - ok08:48:06.0779 8092 circlass - ok08:48:06.0783 8092 CLFS - ok08:48:06.0786 8092 clr_optimization_v2.0.50727_32 - ok08:48:06.0791 8092 clr_optimization_v2.0.50727_64 - ok08:48:06.0795 8092 clr_optimization_v4.0.30319_32 - ok08:48:06.0800 8092 clr_optimization_v4.0.30319_64 - ok08:48:06.0809 8092 CmBatt - ok08:48:06.0813 8092 cmdide - ok08:48:06.0816 8092 CNG - ok08:48:06.0820 8092 CnxtHdAudService - ok08:48:06.0825 8092 Compbatt - ok08:48:06.0828 8092 CompositeBus - ok08:48:06.0832 8092 COMSysApp - ok08:48:06.0836 8092 crcdisk - ok08:48:06.0841 8092 CryptSvc - ok08:48:06.0844 8092 CSC - ok08:48:06.0848 8092 CscService - ok08:48:06.0853 8092 CVirtA - ok08:48:06.0856 8092 CVPND - ok08:48:06.0869 8092 CVPNDRVA - ok08:48:06.0875 8092 DcomLaunch - ok08:48:06.0878 8092 defragsvc - ok08:48:06.0882 8092 DfsC - ok08:48:06.0886 8092 Dhcp - ok08:48:06.0890 8092 discache - ok08:48:06.0894 8092 Disk - ok08:48:06.0898 8092 DNE - ok08:48:06.0902 8092 Dnscache - ok08:48:06.0905 8092 dot3svc - ok08:48:06.0908 8092 DozeSvc - ok08:48:06.0912 8092 DPS - ok08:48:06.0917 8092 drmkaud - ok08:48:06.0920 8092 DXGKrnl - ok08:48:06.0924 8092 DzHDD64 - ok08:48:06.0942 8092 e1kexpress - ok08:48:06.0946 8092 EapHost - ok08:48:06.0950 8092 ebdrv - ok08:48:06.0953 8092 EFS - ok08:48:06.0956 8092 ehRecvr - ok08:48:06.0959 8092 ehSched - ok08:48:06.0963 8092 elxstor - ok08:48:06.0973 8092 EMSAgent - ok08:48:06.0976 8092 ErrDev - ok08:48:06.0986 8092 EVault InfoStage Agent - ok08:48:06.0991 8092 EVault InfoStage BUAgent - ok08:48:06.0995 8092 EventSystem - ok08:48:06.0999 8092 EvtEng - ok08:48:07.0003 8092 exfat - ok08:48:07.0006 8092 fastfat - ok08:48:07.0010 8092 Fax - ok08:48:07.0014 8092 fdc - ok08:48:07.0017 8092 fdPHost - ok08:48:07.0021 8092 FDResPub - ok08:48:07.0025 8092 FileInfo - ok08:48:07.0028 8092 Filetrace - ok08:48:07.0038 8092 FLEXnet Licensing Service - ok08:48:07.0043 8092 flpydisk - ok08:48:07.0046 8092 FltMgr - ok08:48:07.0050 8092 FontCache - ok08:48:07.0054 8092 FontCache3.0.0.0 - ok08:48:07.0058 8092 FsDepends - ok08:48:07.0062 8092 Fs_Rec - ok08:48:07.0065 8092 fvevol - ok08:48:07.0069 8092 gagp30kx - ok08:48:07.0073 8092 GEARAspiWDM - ok08:48:07.0077 8092 gpsvc - ok08:48:07.0081 8092 gupdate - ok08:48:07.0085 8092 gupdatem - ok08:48:07.0089 8092 hcw85cir - ok08:48:07.0103 8092 HdAudAddService - ok08:48:07.0111 8092 HDAudBus - ok08:48:07.0115 8092 HECIx64 - ok08:48:07.0119 8092 HidBatt - ok08:48:07.0123 8092 HidBth - ok08:48:07.0126 8092 HidIr - ok08:48:07.0130 8092 hidserv - ok08:48:07.0133 8092 HidUsb - ok08:48:07.0137 8092 hkmsvc - ok08:48:07.0141 8092 HomeGroupListener - ok08:48:07.0145 8092 HomeGroupProvider - ok08:48:07.0149 8092 HpSAMD - ok08:48:07.0153 8092 HPSLPSVC - ok08:48:07.0163 8092 HsfXAudioService - ok08:48:07.0166 8092 HSF_DPV - ok08:48:07.0170 8092 HTTP - ok08:48:07.0173 8092 hwpolicy - ok08:48:07.0180 8092 i8042prt - ok08:48:07.0183 8092 iaStor - ok08:48:07.0186 8092 iaStorV - ok08:48:07.0190 8092 IBMPMDRV - ok08:48:07.0193 8092 IBMPMSVC - ok08:48:07.0197 8092 idsvc - ok08:48:07.0200 8092 igfx - ok08:48:07.0204 8092 iirsp - ok08:48:07.0207 8092 IKEEXT - ok08:48:07.0212 8092 intelide - ok08:48:07.0224 8092 intelppm - ok08:48:07.0226 8092 IPBusEnum - ok08:48:07.0229 8092 IpFilterDriver - ok08:48:07.0232 8092 iphlpsvc - ok08:48:07.0236 8092 IPMIDRV - ok08:48:07.0239 8092 IPNAT - ok08:48:07.0242 8092 iPod Service - ok08:48:07.0245 8092 IRENUM - ok08:48:07.0248 8092 isapnp - ok08:48:07.0251 8092 iScsiPrt - ok08:48:07.0263 8092 IviRegMgr - ok08:48:07.0267 8092 kbdclass - ok08:48:07.0270 8092 kbdhid - ok08:48:07.0273 8092 KeyIso - ok08:48:07.0276 8092 KSecDD - ok08:48:07.0278 8092 KSecPkg - ok08:48:07.0281 8092 ksthunk - ok08:48:07.0287 8092 KtmRm - ok08:48:07.0295 8092 LanmanServer - ok08:48:07.0298 8092 LanmanWorkstation - ok08:48:07.0301 8092 LBTServ - ok08:48:07.0309 8092 LENOVO.CAMMUTE - ok08:48:07.0312 8092 LENOVO.MICMUTE - ok08:48:07.0315 8092 lenovo.smi - ok08:48:07.0318 8092 LENOVO.TPKNRSVC - ok08:48:07.0321 8092 Lenovo.VIRTSCRLSVC - ok08:48:07.0325 8092 LEqdUsb - ok08:48:07.0328 8092 LHidEqd - ok08:48:07.0331 8092 LHidFilt - ok08:48:07.0337 8092 lltdio - ok08:48:07.0341 8092 lltdsvc - ok08:48:07.0343 8092 lmhosts - ok08:48:07.0347 8092 LMouFilt - ok08:48:07.0350 8092 LMS - ok08:48:07.0364 8092 LSI_FC - ok08:48:07.0367 8092 LSI_SAS - ok08:48:07.0370 8092 LSI_SAS2 - ok08:48:07.0373 8092 LSI_SCSI - ok08:48:07.0376 8092 luafv - ok08:48:07.0390 8092 MBAMProtector - ok08:48:07.0399 8092 MBAMScheduler - ok08:48:07.0403 8092 MBAMService - ok08:48:07.0406 8092 Mcx2Svc - ok08:48:07.0409 8092 mdmxsdk - ok08:48:07.0411 8092 megasas - ok08:48:07.0415 8092 MegaSR - ok08:48:07.0417 8092 Microsoft SharePoint Workspace Audit Service - ok08:48:07.0427 8092 MMCSS - ok08:48:07.0430 8092 Modem - ok08:48:07.0433 8092 monitor - ok08:48:07.0435 8092 mouclass - ok08:48:07.0438 8092 mouhid - ok08:48:07.0442 8092 mountmgr - ok08:48:07.0445 8092 MozillaMaintenance - ok08:48:07.0448 8092 mpio - ok08:48:07.0451 8092 mpsdrv - ok08:48:07.0454 8092 MpsSvc - ok08:48:07.0457 8092 MRxDAV - ok08:48:07.0460 8092 mrxsmb - ok08:48:07.0462 8092 mrxsmb10 - ok08:48:07.0465 8092 mrxsmb20 - ok08:48:07.0468 8092 msahci - ok08:48:07.0471 8092 msdsm - ok08:48:07.0474 8092 MSDTC - ok08:48:07.0486 8092 Msfs - ok08:48:07.0489 8092 mshidkmdf - ok08:48:07.0492 8092 msisadrv - ok08:48:07.0495 8092 MSiSCSI - ok08:48:07.0498 8092 msiserver - ok08:48:07.0501 8092 MSKSSRV - ok08:48:07.0504 8092 MSPCLOCK - ok08:48:07.0507 8092 MSPQM - ok08:48:07.0510 8092 MsRPC - ok08:48:07.0515 8092 mssmbios - ok08:48:07.0517 8092 MSTEE - ok08:48:07.0523 8092 MTConfig - ok08:48:07.0526 8092 Mup - ok08:48:07.0529 8092 napagent - ok08:48:07.0532 8092 NativeWifiP - ok08:48:07.0535 8092 NDIS - ok08:48:07.0538 8092 NdisCap - ok08:48:07.0544 8092 NdisTapi - ok08:48:07.0547 8092 Ndisuio - ok08:48:07.0550 8092 NdisWan - ok08:48:07.0553 8092 NDProxy - ok08:48:07.0580 8092 Net Driver HPZ12 - ok08:48:07.0584 8092 NetBIOS - ok08:48:07.0588 8092 NetBT - ok08:48:07.0591 8092 Netlogon - ok08:48:07.0644 8092 Netman - ok08:48:07.0650 8092 netprofm - ok08:48:07.0653 8092 NetTcpPortSharing - ok08:48:07.0657 8092 netw5v64 - ok08:48:07.0660 8092 NETwNs64 - ok08:48:07.0663 8092 nfrd960 - ok08:48:07.0666 8092 NlaSvc - ok08:48:07.0710 8092 nm3 - ok08:48:07.0716 8092 NPF - ok08:48:07.0719 8092 Npfs - ok08:48:07.0722 8092 nsi - ok08:48:07.0725 8092 nsiproxy - ok08:48:07.0729 8092 Ntfs - ok08:48:07.0733 8092 ntrtscan - ok08:48:07.0736 8092 Null - ok08:48:07.0743 8092 nusb3hub - ok08:48:07.0746 8092 nusb3xhc - ok08:48:07.0758 8092 NVHDA - ok08:48:07.0762 8092 NVIDIA Performance Driver Service - ok08:48:07.0765 8092 nvlddmkm - ok08:48:07.0767 8092 nvraid - ok08:48:07.0770 8092 nvstor - ok08:48:07.0773 8092 nvsvc - ok08:48:07.0782 8092 nv_agp - ok08:48:07.0785 8092 ohci1394 - ok08:48:07.0796 8092 ose - ok08:48:07.0800 8092 osppsvc - ok08:48:07.0805 8092 p2pimsvc - ok08:48:07.0807 8092 p2psvc - ok08:48:07.0810 8092 Parport - ok08:48:07.0813 8092 partmgr - ok08:48:07.0816 8092 PcaSvc - ok08:48:07.0819 8092 pci - ok08:48:07.0821 8092 pciide - ok08:48:07.0824 8092 pcmcia - ok08:48:07.0827 8092 pcw - ok08:48:07.0830 8092 PEAUTH - ok08:48:07.0833 8092 PeerDistSvc - ok08:48:07.0838 8092 PerfHost - ok08:48:07.0847 8092 PGP RDD Service - ok08:48:07.0853 8092 PGPdisk - ok08:48:07.0856 8092 pgpfs - ok08:48:07.0861 8092 PGPsdkDriver - ok08:48:07.0864 8092 PGPwded - ok08:48:07.0868 8092 Pgpwdefs - ok08:48:07.0871 8092 pla - ok08:48:07.0879 8092 PlugPlay - ok08:48:07.0883 8092 Pml Driver HPZ12 - ok08:48:07.0892 8092 pmxdrv - ok08:48:07.0895 8092 PNRPAutoReg - ok08:48:07.0898 8092 PNRPsvc - ok08:48:07.0901 8092 PolicyAgent - ok08:48:07.0905 8092 Power - ok08:48:07.0911 8092 Power Manager DBC Service - ok08:48:07.0914 8092 PptpMiniport - ok08:48:07.0917 8092 Processor - ok08:48:07.0920 8092 ProfSvc - ok08:48:07.0924 8092 ProtectedStorage - ok08:48:07.0927 8092 psadd - ok08:48:07.0963 8092 Psched - ok08:48:07.0966 8092 ql2300 - ok08:48:07.0969 8092 ql40xx - ok08:48:07.0973 8092 QWAVE - ok08:48:07.0976 8092 QWAVEdrv - ok08:48:07.0979 8092 RasAcd - ok08:48:08.0012 8092 RasAgileVpn - ok08:48:08.0020 8092 RasAuto - ok08:48:08.0025 8092 Rasl2tp - ok08:48:08.0034 8092 RasMan - ok08:48:08.0040 8092 RasPppoe - ok08:48:08.0043 8092 RasSstp - ok08:48:08.0046 8092 rdbss - ok08:48:08.0049 8092 rdpbus - ok08:48:08.0052 8092 RDPCDD - ok08:48:08.0056 8092 RDPDR - ok08:48:08.0081 8092 RDPENCDD - ok08:48:08.0086 8092 RDPREFMP - ok08:48:08.0089 8092 RDPWD - ok08:48:08.0092 8092 rdyboost - ok08:48:08.0131 8092 RegSrvc - ok08:48:08.0135 8092 RemoteAccess - ok08:48:08.0139 8092 RemoteRegistry - ok08:48:08.0144 8092 RFCOMM - ok08:48:08.0151 8092 rimspci - ok08:48:08.0167 8092 rpcapd - ok08:48:08.0184 8092 RpcEptMapper - ok08:48:08.0188 8092 RpcLocator - ok08:48:08.0191 8092 RpcSs - ok08:48:08.0194 8092 rspndr - ok08:48:08.0197 8092 s3cap - ok08:48:08.0200 8092 SamSs - ok08:48:08.0202 8092 sbp2port - ok08:48:08.0205 8092 SCardSvr - ok08:48:08.0208 8092 scfilter - ok08:48:08.0211 8092 Schedule - ok08:48:08.0214 8092 SCPolicySvc - ok08:48:08.0217 8092 sdbus - ok08:48:08.0220 8092 SDRSVC - ok08:48:08.0222 8092 secdrv - ok08:48:08.0225 8092 seclogon - ok08:48:08.0234 8092 SENS - ok08:48:08.0243 8092 SensrSvc - ok08:48:08.0249 8092 Serenum - ok08:48:08.0252 8092 Serial - ok08:48:08.0256 8092 sermouse - ok08:48:08.0263 8092 SessionEnv - ok08:48:08.0268 8092 sffdisk - ok08:48:08.0271 8092 sffp_mmc - ok08:48:08.0274 8092 sffp_sd - ok08:48:08.0277 8092 sfloppy - ok08:48:08.0289 8092 SharedAccess - ok08:48:08.0292 8092 ShellHWDetection - ok08:48:08.0295 8092 Shockprf - ok08:48:08.0304 8092 SiSRaid2 - ok08:48:08.0307 8092 SiSRaid4 - ok08:48:08.0310 8092 Smb - ok08:48:08.0313 8092 smihlp - ok08:48:08.0320 8092 SNMPTRAP - ok08:48:08.0322 8092 spldr - ok08:48:08.0325 8092 Spooler - ok08:48:08.0328 8092 sppsvc - ok08:48:08.0332 8092 sppuinotify - ok08:48:08.0334 8092 srv - ok08:48:08.0337 8092 srv2 - ok08:48:08.0344 8092 SrvHsfHDA - ok08:48:08.0347 8092 SrvHsfV92 - ok08:48:08.0350 8092 SrvHsfWinac - ok08:48:08.0352 8092 srvnet - ok08:48:08.0355 8092 SSDPSRV - ok08:48:08.0358 8092 SstpSvc - ok08:48:08.0361 8092 stexstor - ok08:48:08.0364 8092 StillCam - ok08:48:08.0367 8092 stisvc - ok08:48:08.0370 8092 storflt - ok08:48:08.0372 8092 StorSvc - ok08:48:08.0375 8092 storvsc - ok08:48:08.0378 8092 SUService - ok08:48:08.0384 8092 svcGenericHost - ok08:48:08.0387 8092 swenum - ok08:48:08.0391 8092 SwitchBoard - ok08:48:08.0394 8092 swprv - ok08:48:08.0397 8092 SynTP - ok08:48:08.0400 8092 SysMain - ok08:48:08.0403 8092 TabletInputService - ok08:48:08.0406 8092 TapiSrv - ok08:48:08.0409 8092 TBS - ok08:48:08.0412 8092 Tcpip - ok08:48:08.0415 8092 TCPIP6 - ok08:48:08.0419 8092 tcpipreg - ok08:48:08.0424 8092 TDPIPE - ok08:48:08.0427 8092 TDTCP - ok08:48:08.0431 8092 tdx - ok08:48:08.0435 8092 TermDD - ok08:48:08.0438 8092 TermService - ok08:48:08.0442 8092 Themes - ok08:48:08.0446 8092 ThinkVantage Registry Monitor Service - ok08:48:08.0450 8092 THREADORDER - ok08:48:08.0453 8092 tmactmon - ok08:48:08.0460 8092 TMBMServer - ok08:48:08.0463 8092 tmcomm - ok08:48:08.0467 8092 tmevtmgr - ok08:48:08.0478 8092 TmFilter - ok08:48:08.0481 8092 tmlisten - ok08:48:08.0499 8092 TmPreFilter - ok08:48:08.0503 8092 TmProxy - ok08:48:08.0506 8092 tmtdi - ok08:48:08.0518 8092 TPDIGIMN - ok08:48:08.0520 8092 TPHDEXLGSVC - ok08:48:08.0523 8092 TPHKSVC - ok08:48:08.0535 8092 TPM - ok08:48:08.0538 8092 TPPWRIF - ok08:48:08.0541 8092 TrkWks - ok08:48:08.0544 8092 TrustedInstaller - ok08:48:08.0548 8092 tssecsrv - ok08:48:08.0552 8092 TsUsbFlt - ok08:48:08.0568 8092 tunnel - ok08:48:08.0571 8092 TurboB - ok08:48:08.0574 8092 TurboBoost - ok08:48:08.0577 8092 TVT Backup Service - ok08:48:08.0580 8092 TVTI2C - ok08:48:08.0583 8092 uagp35 - ok08:48:08.0586 8092 udfs - ok08:48:08.0591 8092 UI0Detect - ok08:48:08.0595 8092 UleadBurningHelper - ok08:48:08.0608 8092 uliagpkx - ok08:48:08.0611 8092 umbus - ok08:48:08.0614 8092 UmPass - ok08:48:08.0617 8092 UmRdpService - ok08:48:08.0619 8092 UNS - ok08:48:08.0623 8092 upnphost - ok08:48:08.0630 8092 USBAAPL64 - ok08:48:08.0633 8092 usbccgp - ok08:48:08.0636 8092 usbcir - ok08:48:08.0639 8092 usbehci - ok08:48:08.0642 8092 usbhub - ok08:48:08.0646 8092 usbohci - ok08:48:08.0648 8092 usbprint - ok08:48:08.0651 8092 USBSTOR - ok08:48:08.0654 8092 usbuhci - ok08:48:08.0665 8092 usbvideo - ok08:48:08.0668 8092 UxSms - ok08:48:08.0670 8092 VaultSvc - ok08:48:08.0680 8092 vdrvroot - ok08:48:08.0685 8092 vds - ok08:48:08.0689 8092 vga - ok08:48:08.0693 8092 VgaSave - ok08:48:08.0697 8092 vhdmp - ok08:48:08.0701 8092 viaide - ok08:48:08.0704 8092 vmbus - ok08:48:08.0708 8092 VMBusHID - ok08:48:08.0712 8092 volmgr - ok08:48:08.0716 8092 volmgrx - ok08:48:08.0720 8092 volsnap - ok08:48:08.0725 8092 vpnagent - ok08:48:08.0730 8092 vpnva - ok08:48:08.0733 8092 VSApiNt - ok08:48:08.0738 8092 vsmraid - ok08:48:08.0742 8092 VSS - ok08:48:08.0746 8092 vwifibus - ok08:48:08.0755 8092 vwififlt - ok08:48:08.0759 8092 W32Time - ok08:48:08.0764 8092 WacomPen - ok08:48:08.0768 8092 WANARP - ok08:48:08.0779 8092 Wanarpv6 - ok08:48:08.0787 8092 WatAdminSvc - ok08:48:08.0791 8092 wbengine - ok08:48:08.0795 8092 WbioSrvc - ok08:48:08.0798 8092 wcncsvc - ok08:48:08.0802 8092 WcsPlugInService - ok08:48:08.0806 8092 Wd - ok08:48:08.0810 8092 Wdf01000 - ok08:48:08.0814 8092 WdiServiceHost - ok08:48:08.0818 8092 WdiSystemHost - ok08:48:08.0821 8092 WebClient - ok08:48:08.0825 8092 Wecsvc - ok08:48:08.0829 8092 wercplsupport - ok08:48:08.0839 8092 WerSvc - ok08:48:08.0843 8092 WfpLwf - ok08:48:08.0847 8092 WIMMount - ok08:48:08.0851 8092 winachsf - ok08:48:08.0855 8092 WinDefend - ok08:48:08.0861 8092 WinHttpAutoProxySvc - ok08:48:08.0865 8092 Winmgmt - ok08:48:08.0868 8092 WinRing0_1_2_0 - ok08:48:08.0873 8092 WinRM - ok08:48:08.0880 8092 WinUsb - ok08:48:08.0884 8092 Wlansvc - ok08:48:08.0888 8092 wlcrasvc - ok08:48:08.0891 8092 wlidsvc - ok08:48:08.0896 8092 WmiAcpi - ok08:48:08.0901 8092 wmiApSrv - ok08:48:08.0905 8092 WMPNetworkSvc - ok08:48:08.0941 8092 WMZuneComm - ok08:48:08.0948 8092 WPCSvc - ok08:48:08.0954 8092 WPDBusEnum - ok08:48:08.0960 8092 ws2ifsl - ok08:48:08.0969 8092 wscsvc - ok08:48:08.0973 8092 WSearch - ok08:48:08.0978 8092 wuauserv - ok08:48:08.0981 8092 WudfPf - ok08:48:08.0984 8092 WUDFRd - ok08:48:08.0987 8092 wudfsvc - ok08:48:08.0990 8092 WwanSvc - ok08:48:08.0993 8092 XAudio - ok08:48:08.0998 8092 ZuneNetworkSvc - ok08:48:09.0001 8092 ZuneWlanCfgSvc - ok08:48:09.0037 8092 ================ Scan global ===============================08:48:09.0038 8092 [Global] - ok08:48:09.0039 8092 ================ Scan MBR ==================================08:48:09.0060 8092 [ CDAD75D3EC5E1B28A473CCFC6744F488 ] \Device\Harddisk0\DR008:48:09.0202 8092 \Device\Harddisk0\DR0 - ok08:48:09.0207 8092 [ 8464D19686910A2E5D0E5C28C70A95AB ] \Device\Harddisk1\DR108:48:09.0215 8092 \Device\Harddisk1\DR1 - ok08:48:09.0216 8092 ================ Scan VBR ==================================08:48:09.0230 8092 [ FE19E7DA9B62030FC3AFD08FA6B0AF8B ] \Device\Harddisk0\DR0\Partition108:48:09.0230 8092 \Device\Harddisk0\DR0\Partition1 - ok08:48:09.0244 8092 [ 405733900A3B9D5FE0A587752BB69B6E ] \Device\Harddisk0\DR0\Partition208:48:09.0244 8092 \Device\Harddisk0\DR0\Partition2 - ok08:48:09.0274 8092 [ 6E867FD1EBEA65EEE887B8FFE2138BC7 ] \Device\Harddisk0\DR0\Partition308:48:09.0275 8092 \Device\Harddisk0\DR0\Partition3 - ok08:48:09.0280 8092 [ 27A125B82848D7DE4BC0F6772A187D22 ] \Device\Harddisk1\DR1\Partition108:48:09.0282 8092 \Device\Harddisk1\DR1\Partition1 - ok08:48:09.0283 8092 ============================================================08:48:09.0283 8092 Scan finished08:48:09.0283 8092 ============================================================08:48:09.0302 8224 Detected object count: 008:48:09.0302 8224 Actual detected object count: 0---COMBOFIX---ComboFix 13-05-22.01 - Ken 05/22/2013 21:53:16.2.8 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16316.13440 [GMT -7:00]Running from: c:\users\Ken\Desktop\ComboFix.exeAV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Resident AV is active...((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\Installer\{3F32670E-45AE-4B23-AE86-CB21FAF19DDF}\Icon6560581611.exe..((((((((((((((((((((((((( Files Created from 2013-04-23 to 2013-05-23 )))))))))))))))))))))))))))))))..2013-05-23 05:12 . 2013-05-23 05:12 -------- d-----w- c:\users\Sodexo\AppData\Local\temp2013-05-23 05:12 . 2013-05-23 05:12 -------- d-----w- c:\users\Default\AppData\Local\temp2013-05-23 04:55 . 2013-05-23 04:55 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FC2F7BB-844B-4475-A04F-90803C6E8D66}\offreg.dll2013-05-22 20:11 . 2013-05-22 20:11 -------- d-----w- c:\program files (x86)\7-Zip2013-05-21 10:02 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FC2F7BB-844B-4475-A04F-90803C6E8D66}\mpengine.dll2013-05-17 16:46 . 2013-05-17 16:46 -------- d-----w- c:\program files\iPod2013-05-17 16:46 . 2013-05-17 16:47 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692013-05-17 16:46 . 2013-05-17 16:47 -------- d-----w- c:\program files\iTunes2013-05-17 16:46 . 2013-05-17 16:47 -------- d-----w- c:\program files (x86)\iTunes2013-05-17 16:40 . 2013-05-17 16:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll2013-05-17 16:40 . 2013-05-17 16:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll2013-05-17 16:40 . 2013-05-17 16:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll2013-05-17 16:40 . 2013-05-17 16:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll2013-05-17 16:40 . 2013-05-17 16:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll2013-05-17 16:40 . 2013-05-17 16:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll2013-05-17 16:40 . 2013-05-17 16:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll2013-05-17 16:40 . 2013-05-17 16:40 -------- d-----w- c:\program files (x86)\QuickTime2013-05-15 19:06 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll2013-05-15 19:06 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb2013-05-15 19:06 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-05-15 18:02 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-05-15 18:02 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-05-15 18:02 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll2013-05-15 18:02 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe2013-05-15 18:02 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll2013-05-15 18:02 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll2013-05-15 18:02 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll2013-05-15 18:02 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll2013-05-15 18:02 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll2013-05-15 18:01 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll2013-05-15 18:01 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll2013-05-15 18:01 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys2013-05-14 19:16 . 2013-05-14 19:17 -------- d-----w- c:\users\Ken\AppData\Local\Amazon Cloud Player2013-05-14 18:18 . 2013-05-15 19:46 -------- d-----r- c:\users\Ken\Podcasts2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\zh-CN2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-BR2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES2013-05-14 17:55 . 2013-05-14 17:55 -------- d-----w- c:\windows\system32\ms-MY2013-05-14 17:55 . 2013-05-14 17:57 -------- d-----w- c:\program files\Zune2013-05-09 18:02 . 2013-05-09 18:02 -------- d-----w- c:\users\Ken\467D5E81834948929E81C3674ED8E451.TMP2013-05-09 17:10 . 2013-05-09 17:10 -------- d-----w- c:\users\Ken\AppData\Roaming\Malwarebytes2013-05-09 17:09 . 2013-05-09 17:09 -------- d-----w- c:\programdata\Malwarebytes2013-05-09 17:09 . 2013-05-09 17:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-05-09 17:09 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-05-09 17:09 . 2013-05-09 17:09 -------- d-----w- c:\users\Ken\AppData\Local\Programs2013-05-09 14:53 . 2013-05-09 15:06 -------- d-----w- c:\programdata\HitmanPro2013-05-07 22:06 . 2013-05-07 22:06 119808 ----a-r- c:\users\Ken\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe2013-05-02 04:34 . 2013-05-10 20:56 -------- d-----w- c:\users\Ken\AppData\Local\gtk-2.02013-05-01 17:52 . 2013-05-01 17:52 -------- d-----w- c:\program files\Microsoft Network Monitor 32013-04-30 17:59 . 2013-05-09 22:27 -------- d-----w- c:\users\Ken\AppData\Roaming\Wireshark2013-04-30 17:45 . 2013-04-30 17:45 -------- d-----w- c:\program files (x86)\WinPcap2013-04-30 17:39 . 2013-04-30 17:45 -------- d-----w- c:\program files\Wireshark2013-04-29 22:58 . 2013-04-29 22:58 -------- d-----w- c:\users\Ken\AppData\Local\Macromedia2013-04-28 01:51 . 2013-04-28 01:51 -------- d-----w- c:\program files (x86)\Fiddler22013-04-25 18:51 . 2013-04-25 19:01 -------- d-----w- c:\users\Ken\AppData\Roaming\Notepad++2013-04-25 18:51 . 2013-04-25 18:51 -------- d-----w- c:\program files (x86)\Notepad++2013-04-24 17:34 . 2013-04-24 17:34 -------- d-----w- c:\users\Ken\AppData\Local\Mozilla2013-04-24 17:34 . 2013-04-10 06:58 263064 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll2013-04-24 17:34 . 2013-04-10 06:58 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe2013-04-24 17:10 . 2013-04-24 17:10 -------- d-----w- c:\program files\PGP Corporation2013-04-24 16:29 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys2013-04-23 22:32 . 2013-04-23 22:32 -------- d-----w- c:\program files\CPUID...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-05-17 17:12 . 2010-06-24 19:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-05-15 19:13 . 2013-03-16 13:57 75016696 ----a-w- c:\windows\system32\MRT.exe2013-05-02 09:06 . 2013-03-16 05:51 278800 ------w- c:\windows\system32\MpSigStub.exe2013-04-29 22:57 . 2013-04-19 02:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-04-29 22:57 . 2013-04-19 02:55 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-04-24 17:10 . 2013-03-16 15:49 135198 ----a-w- c:\windows\SysWow64\PGPlspRollback.reg2013-04-13 05:49 . 2013-05-15 18:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49 . 2013-05-15 18:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49 . 2013-05-15 18:02 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49 . 2013-05-15 18:02 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45 . 2013-05-15 18:02 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45 . 2013-05-15 18:02 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-03-26 16:35 . 2013-03-26 16:36 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-03-26 16:35 . 2013-03-26 16:36 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-03-25 21:58 . 2013-03-25 21:58 53248 ----a-r- c:\users\Ken\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe2013-03-25 21:57 . 2013-03-25 21:57 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys2013-03-19 06:04 . 2013-04-10 08:07 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe2013-03-19 05:46 . 2013-04-10 08:07 43520 ----a-w- c:\windows\system32\csrsrv.dll2013-03-19 05:04 . 2013-04-10 08:07 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-03-19 05:04 . 2013-04-10 08:07 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-03-19 04:47 . 2013-04-10 08:07 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll2013-03-19 03:06 . 2013-04-10 08:07 112640 ----a-w- c:\windows\system32\smss.exe2013-03-18 07:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll2013-03-18 07:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll2013-03-16 06:31 . 2013-03-16 06:31 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-03-16 06:31 . 2013-03-16 06:31 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-03-16 06:31 . 2013-03-16 06:31 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-03-16 06:31 . 2013-03-16 06:31 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-03-16 06:31 . 2013-03-16 06:31 74752 ----a-w- c:\windows\SysWow64\iesetup.dll2013-03-16 06:31 . 2013-03-16 06:31 65024 ----a-w- c:\windows\system32\pngfilt.dll2013-03-16 06:31 . 2013-03-16 06:31 63488 ----a-w- c:\windows\SysWow64\tdc.ocx2013-03-16 06:31 . 2013-03-16 06:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-03-16 06:31 . 2013-03-16 06:31 367104 ----a-w- c:\windows\SysWow64\html.iec2013-03-16 06:31 . 2013-03-16 06:31 35840 ----a-w- c:\windows\SysWow64\imgutil.dll2013-03-16 06:31 . 2013-03-16 06:31 267776 ----a-w- c:\windows\system32\ieaksie.dll2013-03-16 06:31 . 2013-03-16 06:31 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-03-16 06:31 . 2013-03-16 06:31 222208 ----a-w- c:\windows\system32\msls31.dll2013-03-16 06:31 . 2013-03-16 06:31 197120 ----a-w- c:\windows\system32\msrating.dll2013-03-16 06:31 . 2013-03-16 06:31 163840 ----a-w- c:\windows\system32\ieakui.dll2013-03-16 06:31 . 2013-03-16 06:31 161792 ----a-w- c:\windows\SysWow64\msls31.dll2013-03-16 06:31 . 2013-03-16 06:31 152064 ----a-w- c:\windows\SysWow64\wextract.exe2013-03-16 06:31 . 2013-03-16 06:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe2013-03-16 06:31 . 2013-03-16 06:31 149504 ----a-w- c:\windows\system32\occache.dll2013-03-16 06:31 . 2013-03-16 06:31 12288 ----a-w- c:\windows\system32\mshta.exe2013-03-16 06:31 . 2013-03-16 06:31 11776 ----a-w- c:\windows\SysWow64\mshta.exe2013-03-16 06:31 . 2013-03-16 06:31 114176 ----a-w- c:\windows\system32\admparse.dll2013-03-16 06:31 . 2013-03-16 06:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-03-16 06:31 . 2013-03-16 06:31 101888 ----a-w- c:\windows\SysWow64\admparse.dll2013-03-16 06:31 . 2013-03-16 06:31 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-03-16 06:31 . 2013-03-16 06:31 89088 ----a-w- c:\windows\system32\ie4uinit.exe2013-03-16 06:31 . 2013-03-16 06:31 85504 ----a-w- c:\windows\system32\iesetup.dll2013-03-16 06:31 . 2013-03-16 06:31 82432 ----a-w- c:\windows\system32\icardie.dll2013-03-16 06:31 . 2013-03-16 06:31 76800 ----a-w- c:\windows\system32\tdc.ocx2013-03-16 06:31 . 2013-03-16 06:31 55296 ----a-w- c:\windows\system32\msfeedsbs.dll2013-03-16 06:31 . 2013-03-16 06:31 534528 ----a-w- c:\windows\system32\ieapfltr.dll2013-03-16 06:31 . 2013-03-16 06:31 49664 ----a-w- c:\windows\system32\imgutil.dll2013-03-16 06:31 . 2013-03-16 06:31 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-03-16 06:31 . 2013-03-16 06:31 452608 ----a-w- c:\windows\system32\dxtmsft.dll2013-03-16 06:31 . 2013-03-16 06:31 448512 ----a-w- c:\windows\system32\html.iec2013-03-16 06:31 . 2013-03-16 06:31 403248 ----a-w- c:\windows\system32\iedkcs32.dll2013-03-16 06:31 . 2013-03-16 06:31 39936 ----a-w- c:\windows\system32\iernonce.dll2013-03-16 06:31 . 2013-03-16 06:31 3695416 ----a-w- c:\windows\system32\ieapfltr.dat2013-03-16 06:31 . 2013-03-16 06:31 30720 ----a-w- c:\windows\system32\licmgr10.dll2013-03-16 06:31 . 2013-03-16 06:31 282112 ----a-w- c:\windows\system32\dxtrans.dll2013-03-16 06:31 . 2013-03-16 06:31 249344 ----a-w- c:\windows\system32\webcheck.dll2013-03-16 06:31 . 2013-03-16 06:31 165888 ----a-w- c:\windows\system32\iexpress.exe2013-03-16 06:31 . 2013-03-16 06:31 160256 ----a-w- c:\windows\system32\wextract.exe2013-03-16 06:31 . 2013-03-16 06:31 160256 ----a-w- c:\windows\system32\ieakeng.dll2013-03-16 06:31 . 2013-03-16 06:31 145920 ----a-w- c:\windows\system32\iepeers.dll2013-03-16 06:31 . 2013-03-16 06:31 135168 ----a-w- c:\windows\system32\IEAdvpack.dll2013-03-16 06:31 . 2013-03-16 06:31 111616 ----a-w- c:\windows\system32\iesysprep.dll2013-03-16 06:31 . 2013-03-16 06:31 10752 ----a-w- c:\windows\system32\msfeedssync.exe2013-03-16 06:31 . 2013-03-16 06:31 103936 ----a-w- c:\windows\system32\inseng.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IconOverlayHandlerAccessible]@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]2013-02-02 00:18 1196640 ----a-w- c:\windows\SysWOW64\PGPfsshl.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 130736 ----a-w- c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 130736 ----a-w- c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 130736 ----a-w- c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SacReminderHDDV2"="c:\programdata\OfficeGuardianV2\reminder\SacReminder.exe" [2012-06-28 464752]"OpenDNS Updater"="c:\program files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]"Amazon Cloud Player"="c:\users\Ken\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-05-10 3086656].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-08-24 1129832]"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2013-03-19 2112536]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-05-03 112152]"Communicator"="c:\program files (x86)\Microsoft Office Communicator\communicator.exe" [2013-04-10 5164712]"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-09-09 523216]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Agent Assistant.lnk - c:\program files\EVault Software\Agent Assistant\Maestro.exe [2011-2-17 286720]PGP Tray.lnk - c:\windows\Installer\{3F32670E-45AE-4B23-AE86-CB21FAF19DDF}\Icon6560581611.exe [N/A]Wall Watcher.lnk - c:\ww\WallWatcher.exe [2013-3-17 476160].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]R2 CFUACProxy_officeguardianv2;CFUACProxy_officeguardianv2;c:\programdata\OfficeGuardianV2\UACProxy.exe [2012-06-28 83824]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-12-15 163072]R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-08-24 164200]R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-02-26 31152]R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-08-24 75112]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 126392]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-16 1255736]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Ken\Downloads\RealTemp_370\WinRing0x64.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2010-08-24 30320]S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [2013-02-02 182632]S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys [2013-02-02 16320]S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2010-06-16 23664]S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [2010-06-10 46392]S2 EMSAgent;Maas360 Visibility Service;c:\program files (x86)\MaaS360\MaaS360 Visibility Service\EMSAgent.exe [2011-02-18 378216]S2 EVault InfoStage Agent;EVault Software Agent;c:\program files\EVault Software\Agent\VVAgent.exe [2011-04-01 6488576]S2 EVault InfoStage BUAgent;EVault Software BUAgent;c:\program files\EVault Software\Agent\buagent.exe [2011-04-01 10013184]S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536]S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088]S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2010-04-30 6237800]S2 PGP RDD Service;PGP RDD Service;c:\program files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [2013-02-02 1589528]S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2013-01-11 50208]S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2012-07-17 344376]S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2012-07-17 42808]S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-30 12728]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-09-09 475088]S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2011-09-09 106408]S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-30 292864]S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-06-22 295088]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2013-01-03 79240]S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2013-01-03 15752]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]S3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2012-10-30 65872]S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-08-09 918064]S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 41536]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-05-21 18:17 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.93\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19 20:05].2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19 20:05].2013-05-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job- c:\program files\PC-Doctor\uaclauncher.exe [2010-11-12 01:34].2013-05-23 c:\windows\Tasks\SystemToolsDailyTest.job- c:\program files\PC-Doctor\pcdrcui.exe [2010-11-12 01:34]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IconOverlayHandlerAccessible]@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]2013-02-02 00:19 1983024 ----a-w- c:\windows\System32\PGPfsshl.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]"TpShocks"="TpShocks.exe" [2010-07-02 380776]"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-15 307768]"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312]"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-18 31592].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.sodexousa.com/defaulthomemLocal Page = c:\windows\SysWOW64\blank.htmIE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htmLSP: c:\windows\system32\PGPlsp.dllTrusted Zone: MarketConnection.comTrusted Zone: MarketConnection.com\wwwTrusted Zone: MySodexho.comTrusted Zone: MySodexho.com\wwwTrusted Zone: MySodexo.comTrusted Zone: MySodexo.com\wwwTrusted Zone: Sodexo.comTrusted Zone: Sodexo.com\wwwTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{DB9C2C14-351E-4EA1-AE5B-53CE461ECF3F}: NameServer = 8.8.8.8,8.8.4.4DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - vpnweb.cabFF - ProfilePath - c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\20fk60vm.default\FF - ExtSQL: 2013-03-25 14:57; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\Logitech\SetPointP\LogiSmoothFirefoxExtFF - ExtSQL: 2013-04-27 18:51; fiddlerhook@fiddler2.com; c:\program files (x86)\Fiddler2\FiddlerHook.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKLM-Run-<NO NAME> - (no file)HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-05-22 22:38:35ComboFix-quarantined-files.txt 2013-05-23 05:38ComboFix2.txt 2013-05-23 04:29.Pre-Run: 112,818,311,168 bytes freePost-Run: 112,736,075,776 bytes free.- - End Of File - - EEF08E3A9F09CBB82076FED08D748DFE Link to post Share on other sites More sharing options...
unname Posted May 23, 2013 Author ID:682953 Share Posted May 23, 2013 Shoot, sorry - just noticed there were two TDSS in there and don't see a way to edit the post. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 23, 2013 ID:682999 Share Posted May 23, 2013 No worries. Please do the following: We need to create a New FULL OTL ReportPlease download OTL from here if you have not done so already:Main Mirror[*]Save it to your desktop.[*]Double click on the icon on your desktop.[*]Click the "Scan All Users" checkbox.[*]Change the "Extra Registry" option to "SafeList"[*]Push the button.[*]Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedHow is your computer running now? Link to post Share on other sites More sharing options...
unname Posted May 23, 2013 Author ID:683040 Share Posted May 23, 2013 Computer seems to be running fine - still have those ip block alerts - although mb said trial is over so maybe that protection is no longer happening.OTL logfile created on: 5/23/2013 11:29:53 AM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ken\Desktop64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy15.93 Gb Total Physical Memory | 11.62 Gb Available Physical Memory | 72.93% Memory free31.86 Gb Paging File | 26.97 Gb Available in Paging File | 84.63% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 287.15 Gb Total Space | 104.83 Gb Free Space | 36.51% Space Free | Partition Type: NTFSDrive F: | 465.65 Gb Total Space | 275.39 Gb Free Space | 59.14% Space Free | Partition Type: FAT32Computer Name: ESORKMASON | User Name: Ken | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2013/05/23 11:26:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exePRC - [2013/05/23 08:43:11 | 000,890,902 | ---- | M] () -- C:\Users\Ken\Desktop\SecurityCheck.exePRC - [2013/05/17 14:35:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exePRC - [2013/04/10 14:44:20 | 005,164,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office Communicator\communicator.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2013/02/01 17:19:08 | 001,589,528 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exePRC - [2013/02/01 17:19:04 | 004,195,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exePRC - [2013/01/11 15:31:14 | 000,050,208 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exePRC - [2013/01/11 15:29:18 | 000,024,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exePRC - [2012/11/29 14:59:32 | 008,212,480 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla FTP Client\filezilla.exePRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXEPRC - [2011/09/09 10:08:56 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exePRC - [2011/02/17 22:34:26 | 000,378,216 | ---- | M] (Fiberlink Communications Corp.) -- C:\Program Files (x86)\MaaS360\MaaS360 Visibility Service\EMSAgent.exePRC - [2010/12/23 00:35:38 | 000,476,160 | ---- | M] (DMT and Associates) -- C:\ww\WallWatcher.exePRC - [2010/09/17 18:51:10 | 000,357,736 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exePRC - [2010/09/17 18:50:54 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exePRC - [2010/09/17 18:50:48 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exePRC - [2010/07/30 00:07:50 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exePRC - [2010/07/27 14:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exePRC - [2010/07/27 14:51:54 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exePRC - [2010/07/27 14:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exePRC - [2010/07/27 01:05:02 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exePRC - [2010/06/16 14:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exePRC - [2010/05/02 20:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2010/05/02 20:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2010/04/25 21:46:34 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exePRC - [2010/04/06 22:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exePRC - [2010/04/06 22:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exePRC - [2010/04/06 20:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exePRC - [2010/04/02 01:40:18 | 015,946,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exePRC - [2010/03/31 22:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exePRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exePRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exePRC - [2010/02/22 13:49:08 | 002,370,632 | ---- | M] (BigFix Inc.) -- C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exePRC - [2010/02/22 04:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exePRC - [2010/02/10 16:40:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exePRC - [2009/11/23 21:51:20 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exePRC - [2009/10/02 23:32:51 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exePRC - [2009/08/28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exePRC - [2009/03/05 00:28:28 | 000,059,760 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exePRC - [2008/01/10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exePRC - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe========== Modules (No Company Name) ==========MOD - [2013/05/23 08:43:11 | 000,890,902 | ---- | M] () -- C:\Users\Ken\Desktop\SecurityCheck.exeMOD - [2013/05/17 14:35:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ppgooglenaclpluginchrome.dllMOD - [2013/05/17 14:35:41 | 013,136,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\PepperFlash\pepflashplayer.dllMOD - [2013/05/17 14:35:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\pdf.dllMOD - [2013/05/17 14:34:47 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\libglesv2.dllMOD - [2013/05/17 14:34:47 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\libegl.dllMOD - [2013/05/17 14:34:45 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ffmpegsumo.dllMOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2012/11/29 14:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dllMOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODFMOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dllMOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dllMOD - [2010/06/16 14:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exeMOD - [2010/04/02 01:41:58 | 000,568,768 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\configuration\KnowledgeEngines\PHP_KnowledgeEngine.dllMOD - [2010/04/02 01:41:56 | 000,649,152 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\configuration\KnowledgeEngines\JS_KnowledgeEngine.dllMOD - [2010/04/02 01:41:12 | 005,014,464 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\configuration\flash player\authplay.dllMOD - [2010/04/02 01:41:06 | 004,350,912 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\configuration\browsers\webkit\WebKit.dllMOD - [2010/04/02 01:40:56 | 000,823,744 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Workspace.dllMOD - [2010/04/02 01:40:50 | 000,165,312 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\ssleay32.dllMOD - [2010/04/02 01:40:36 | 000,849,344 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\libeay32.dllMOD - [2010/02/22 04:50:20 | 000,060,416 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\zlib1.dllMOD - [2010/01/02 07:42:28 | 000,018,207 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\mingwm10.dllMOD - [2003/01/02 23:32:06 | 000,020,480 | ---- | M] () -- C:\ww\NetUtils.dll========== Services (SafeList) ==========SRV:64bit: - [2013/02/08 11:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)SRV:64bit: - [2011/03/31 22:58:12 | 006,488,576 | ---- | M] () [Auto | Running] -- C:\Program Files\EVault Software\Agent\VVAgent.exe -- (EVault InfoStage Agent)SRV:64bit: - [2011/03/31 22:43:20 | 010,013,184 | ---- | M] () [Auto | Running] -- C:\Program Files\EVault Software\Agent\buagent.exe -- (EVault InfoStage BUAgent)SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2010/07/27 14:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)SRV:64bit: - [2010/07/27 14:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)SRV:64bit: - [2010/07/19 19:08:30 | 001,429,776 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)SRV:64bit: - [2010/07/19 18:46:54 | 000,838,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)SRV:64bit: - [2010/06/16 14:44:38 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)SRV:64bit: - [2010/04/30 07:52:50 | 006,237,800 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)SRV:64bit: - [2010/04/06 22:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)SRV:64bit: - [2010/04/06 22:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)SRV:64bit: - [2010/04/06 20:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)SRV:64bit: - [2009/11/17 22:04:24 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)SRV:64bit: - [2009/09/29 18:25:48 | 000,126,392 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)SRV:64bit: - [2009/08/11 17:59:38 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)SRV - [2013/04/09 23:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2013/03/18 11:57:50 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)SRV - [2013/03/17 21:50:20 | 002,060,904 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten)SRV - [2013/03/17 21:46:32 | 001,824,800 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe -- (ntrtscan)SRV - [2013/03/13 01:24:26 | 000,571,928 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)SRV - [2013/02/01 17:19:08 | 001,589,528 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service)SRV - [2013/01/11 15:31:14 | 000,050,208 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)SRV - [2012/08/08 18:26:42 | 000,918,064 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)SRV - [2012/06/28 05:33:47 | 000,083,824 | R--- | M] (Storage Appliance Corp.) [Auto | Stopped] -- C:\ProgramData\OfficeGuardianV2\UACProxy.exe -- (CFUACProxy_officeguardianv2)SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)SRV - [2011/09/09 10:08:56 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)SRV - [2011/02/17 22:34:26 | 000,378,216 | ---- | M] (Fiberlink Communications Corp.) [Auto | Running] -- C:\Program Files (x86)\MaaS360\MaaS360 Visibility Service\EMSAgent.exe -- (EMSAgent)SRV - [2010/09/17 18:50:54 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)SRV - [2010/09/17 18:50:48 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)SRV - [2010/08/24 11:30:00 | 000,164,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)SRV - [2010/08/24 11:30:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)SRV - [2010/05/28 03:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)SRV - [2010/05/02 20:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2010/05/02 20:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2010/02/22 13:49:08 | 002,370,632 | ---- | M] (BigFix Inc.) [On_Demand | Running] -- C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient)SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)SRV - [2010/02/10 16:40:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)SRV - [2009/08/28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)SRV - [2009/04/28 19:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)SRV - [2008/01/10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)SRV - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)========== Driver Services (SafeList) ==========DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2013/02/01 17:19:22 | 000,378,832 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PGPwded.sys -- (PGPwded)DRV:64bit: - [2013/02/01 17:19:22 | 000,016,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\PGPwdefs.sys -- (Pgpwdefs)DRV:64bit: - [2013/02/01 17:19:18 | 000,052,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PGPsdk.sys -- (PGPsdkDriver)DRV:64bit: - [2013/02/01 17:19:10 | 000,274,320 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PGPdisk.sys -- (PGPdisk)DRV:64bit: - [2013/02/01 17:19:10 | 000,182,632 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\PGPfsfd.sys -- (pgpfs)DRV:64bit: - [2013/01/09 04:39:34 | 000,109,080 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)DRV:64bit: - [2013/01/03 01:17:38 | 000,079,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)DRV:64bit: - [2013/01/03 01:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)DRV:64bit: - [2013/01/03 01:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)DRV:64bit: - [2013/01/03 01:17:38 | 000,015,752 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2012/11/13 19:33:12 | 000,174,016 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)DRV:64bit: - [2012/10/30 11:08:48 | 000,082,840 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)DRV:64bit: - [2012/10/30 11:08:10 | 000,065,872 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/09/09 10:00:06 | 000,026,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)DRV:64bit: - [2011/09/09 09:59:20 | 000,106,408 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/02/25 20:43:04 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2010/08/25 09:46:18 | 000,682,624 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)DRV:64bit: - [2010/08/24 11:30:00 | 000,030,320 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)DRV:64bit: - [2010/08/24 11:30:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)DRV:64bit: - [2010/07/14 05:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)DRV:64bit: - [2010/06/25 10:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)DRV:64bit: - [2010/06/21 23:37:38 | 000,295,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)DRV:64bit: - [2010/06/20 23:07:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)DRV:64bit: - [2010/06/16 14:44:38 | 000,136,816 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)DRV:64bit: - [2010/06/16 14:44:38 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)DRV:64bit: - [2010/06/09 17:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)DRV:64bit: - [2010/04/22 01:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)DRV:64bit: - [2010/03/03 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)DRV:64bit: - [2010/01/22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)DRV:64bit: - [2010/01/22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)DRV:64bit: - [2009/12/14 18:09:08 | 000,163,072 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)DRV:64bit: - [2009/11/17 22:04:04 | 000,032,880 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)DRV:64bit: - [2009/10/25 22:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)DRV:64bit: - [2009/09/29 18:25:50 | 000,012,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)DRV:64bit: - [2009/09/24 04:58:38 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)DRV:64bit: - [2009/09/16 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)DRV:64bit: - [2009/07/13 16:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)DRV:64bit: - [2009/07/01 19:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)DRV:64bit: - [2009/06/30 20:46:00 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)DRV:64bit: - [2009/06/30 20:46:00 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)DRV:64bit: - [2009/06/30 20:46:00 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)DRV:64bit: - [2009/06/29 21:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)DRV:64bit: - [2009/06/29 21:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)DRV:64bit: - [2009/06/29 20:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/04/28 19:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)DRV:64bit: - [2009/04/06 23:33:00 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)DRV:64bit: - [2009/03/13 15:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)DRV:64bit: - [2008/05/12 02:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)DRV:64bit: - [2006/06/18 06:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)DRV - [2012/07/17 12:37:44 | 000,344,376 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)DRV - [2012/07/17 12:37:16 | 000,042,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)DRV - [2012/07/17 12:28:46 | 002,224,952 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2F609AAE-4284-40F8-9C47-1B0C6F0E10C7}IE:64bit: - HKLM\..\SearchScopes\{2F609AAE-4284-40F8-9C47-1B0C6F0E10C7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBoxIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {F4FEE6BA-ACAD-4BAB-9373-9408C6458FDC}IE - HKLM\..\SearchScopes\{F4FEE6BA-ACAD-4BAB-9373-9408C6458FDC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBoxIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]IE - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sodexousa.com/defaulthomeIE - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..\SearchScopes,DefaultScope = {D495AE69-7513-4CF9-87D3-0956F7E6D9F4}IE - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..\SearchScopes\{D495AE69-7513-4CF9-87D3-0956F7E6D9F4}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}IE - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1FF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension [2013/03/16 09:20:48 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2013/03/19 16:35:35 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/03/25 14:57:04 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2013/04/27 18:51:30 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/17 09:40:47 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\pluginsFF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/05/17 09:40:47 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins[2013/04/06 13:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Extensions[2013/04/24 10:34:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2013/04/09 23:58:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll[2013/04/09 23:57:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml[2013/04/09 23:57:54 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xmlO1 HOSTS File: ([2013/05/22 22:23:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.)O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.)O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)O4 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001..\Run: [Amazon Cloud Player] C:\Users\Ken\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()O4 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()O4 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001..\Run: [sacReminderHDDV2] C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe (SAC)O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()O9:64bit: - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)O9:64bit: - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()O9 - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)O9 - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PGPlsp.dll (Symantec Corporation)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\PGPlsp.dll (Symantec Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\PGPlsp.dll (Symantec Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\PGPlsp.dll (Symantec Corporation)O13 - gopher Prefix: missingO15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MarketConnection.com ([]https in Trusted sites)O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MarketConnection.com ([www] http in Trusted sites)O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MarketConnection.com ([www] https in Trusted sites)O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MySodexho.com ([]https in Trusted sites)O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MySodexho.com ([www] http in Trusted sites)O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MySodexho.com ([www] https in Trusted sites)O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MySodexo.com ([]https in Trusted sites)O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MySodexo.com ([www] http in Trusted sites)O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MySodexo.com ([www] https in Trusted sites)O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: Sodexo.com ([]https in Trusted sites)O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: Sodexo.com ([www] http in Trusted sites)O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: Sodexo.com ([www] https in Trusted sites)O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB9C2C14-351E-4EA1-AE5B-53CE461ECF3F}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB9C2C14-351E-4EA1-AE5B-53CE461ECF3F}: NameServer = 8.8.8.8,8.8.4.4O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.)O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2008/09/04 10:16:00 | 000,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2013/05/23 11:26:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe[2013/05/22 21:50:12 | 000,000,000 | ---D | C] -- C:\ComboFix[2013/05/22 20:49:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2013/05/22 20:49:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2013/05/22 20:49:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2013/05/22 20:49:23 | 000,000,000 | ---D | C] -- C:\Qoobox[2013/05/22 20:48:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2013/05/22 20:40:39 | 000,000,000 | ---D | C] -- C:\Windows\pss[2013/05/22 19:42:55 | 000,000,000 | ---D | C] -- C:\Users\Ken\Desktop\mbar[2013/05/22 19:41:25 | 005,069,782 | R--- | C] (Swearware) -- C:\Users\Ken\Desktop\ComboFix.exe[2013/05/22 13:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip[2013/05/22 13:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip[2013/05/17 09:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes[2013/05/17 09:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2013/05/17 09:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes[2013/05/17 09:46:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes[2013/05/17 09:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69[2013/05/17 09:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime[2013/05/17 09:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime[2013/05/15 12:04:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll[2013/05/15 12:04:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll[2013/05/15 12:04:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2013/05/15 12:04:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll[2013/05/15 12:04:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl[2013/05/15 12:04:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl[2013/05/15 12:04:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2013/05/15 12:04:38 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll[2013/05/15 12:04:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll[2013/05/15 12:04:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe[2013/05/15 12:04:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe[2013/05/15 12:04:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2013/05/15 12:04:36 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll[2013/05/15 12:04:36 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll[2013/05/15 12:04:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll[2013/05/15 11:02:20 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys[2013/05/15 11:02:20 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll[2013/05/15 11:02:11 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll[2013/05/15 11:02:11 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll[2013/05/15 11:02:11 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll[2013/05/15 11:02:11 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe[2013/05/15 11:01:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll[2013/05/14 12:16:40 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player[2013/05/14 12:16:35 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Amazon Cloud Player[2013/05/14 11:18:28 | 000,000,000 | R--D | C] -- C:\Users\Ken\Podcasts[2013/05/14 11:18:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft[2013/05/14 10:55:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ms-MY[2013/05/14 10:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune[2013/05/14 10:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\Zune[2013/05/09 10:23:49 | 000,000,000 | ---D | C] -- C:\Windows\Minidump[2013/05/09 10:10:04 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Malwarebytes[2013/05/09 10:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2013/05/09 10:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/05/09 10:09:35 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2013/05/09 10:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2013/05/09 10:09:22 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Programs[2013/05/09 07:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro[2013/05/08 16:32:00 | 000,000,000 | ---D | C] -- C:\Users\Ken\Desktop\gallery[2013/05/07 15:06:23 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool[2013/05/01 21:34:20 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\gtk-2.0[2013/05/01 16:59:01 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\Personnel[2013/05/01 10:55:17 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\Network Monitor 3[2013/05/01 10:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4[2013/05/01 10:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Network Monitor 3[2013/04/30 10:59:28 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Wireshark[2013/04/30 10:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap[2013/04/30 10:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap[2013/04/30 10:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark[2013/04/30 09:40:56 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\Fiddler2[2013/04/29 15:58:46 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Macromedia[2013/04/27 18:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fiddler2[2013/04/26 12:58:26 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\Adobe[2013/04/25 11:51:10 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++[2013/04/25 11:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++[2013/04/25 11:51:08 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Notepad++[2013/04/25 11:51:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++[2013/04/24 10:34:59 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Mozilla[2013/04/24 10:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Encryption[2013/04/24 10:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\PGP Corporation[2013/04/23 15:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID[2013/04/23 15:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage[1 C:\Users\Ken\*.tmp files -> C:\Users\Ken\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2013/05/23 11:55:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job[2013/05/23 11:52:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job[2013/05/23 11:26:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe[2013/05/23 11:17:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/05/23 08:43:11 | 000,890,902 | ---- | M] () -- C:\Users\Ken\Desktop\SecurityCheck.exe[2013/05/23 01:17:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/05/22 22:23:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2013/05/22 21:55:05 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/05/22 21:55:05 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/05/22 21:44:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/05/22 21:44:04 | 4241,096,702 | -HS- | M] () -- C:\hiberfil.sys[2013/05/22 19:41:58 | 005,069,782 | R--- | M] (Swearware) -- C:\Users\Ken\Desktop\ComboFix.exe[2013/05/22 19:37:34 | 002,240,352 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ken\Desktop\TDSSKiller.exe[2013/05/22 11:59:42 | 000,001,456 | ---- | M] () -- C:\Users\Ken\AppData\Local\Adobe Save for Web 12.0 Prefs[2013/05/21 22:31:31 | 001,635,886 | ---- | M] () -- C:\Users\Ken\Desktop\scan0070.pdf[2013/05/16 09:01:36 | 165,691,072 | ---- | M] () -- C:\Users\Ken\051513_00001_20130515175814[2013/05/15 17:36:42 | 000,000,600 | ---- | M] () -- C:\Users\Ken\AppData\Local\PUTTY.RND[2013/05/15 12:44:18 | 007,840,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013/05/15 12:10:03 | 000,803,430 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/05/15 12:10:03 | 000,671,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/05/15 12:10:03 | 000,121,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/05/14 10:55:59 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf[2013/05/13 22:25:51 | 065,044,408 | ---- | M] () -- C:\Users\Ken\051313_00008_20130513213254[2013/05/13 21:32:54 | 524,288,024 | ---- | M] () -- C:\Users\Ken\051313_00007_20130513193355[2013/05/13 19:33:55 | 524,288,164 | ---- | M] () -- C:\Users\Ken\051313_00006_20130513191750[2013/05/13 19:17:50 | 524,289,012 | ---- | M] () -- C:\Users\Ken\051313_00005_20130513190706[2013/05/13 19:07:06 | 524,288,868 | ---- | M] () -- C:\Users\Ken\051313_00004_20130513183222[2013/05/13 18:32:22 | 524,289,332 | ---- | M] () -- C:\Users\Ken\051313_00003_20130513175844[2013/05/13 17:58:44 | 524,288,356 | ---- | M] () -- C:\Users\Ken\051313_00002_20130513170656[2013/05/13 17:06:56 | 524,288,588 | ---- | M] () -- C:\Users\Ken\051313_00001_20130513162439[2013/05/10 16:16:38 | 000,002,277 | ---- | M] () -- C:\Users\Ken\AppData\Local\recently-used.xbel[2013/05/09 10:23:48 | 899,118,561 | ---- | M] () -- C:\Windows\MEMORY.DMP[2013/05/02 06:37:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\DAC_ELIST[2013/04/29 15:57:27 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2013/04/29 15:57:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[2013/04/24 18:09:16 | 001,048,576 | RHS- | M] () -- C:\PGPWDE00[2013/04/24 18:09:04 | 004,194,304 | RHS- | M] () -- C:\PGPWDE02[2013/04/24 10:10:55 | 000,135,198 | ---- | M] () -- C:\Windows\SysWow64\PGPlspRollback.reg[2013/04/24 10:10:54 | 000,002,477 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PGP Tray.lnk[2013/04/23 16:14:26 | 000,007,609 | ---- | M] () -- C:\Users\Ken\AppData\Local\Resmon.ResmonCfg[1 C:\Users\Ken\*.tmp files -> C:\Users\Ken\*.tmp -> ]========== Files Created - No Company Name ==========[2013/05/23 08:43:04 | 000,890,902 | ---- | C] () -- C:\Users\Ken\Desktop\SecurityCheck.exe[2013/05/22 21:43:01 | 000,002,477 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PGP Tray.lnk[2013/05/22 21:43:01 | 000,001,976 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Agent Assistant.lnk[2013/05/22 21:43:01 | 000,000,591 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wall Watcher.lnk[2013/05/22 20:49:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2013/05/22 20:49:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2013/05/22 20:49:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2013/05/22 20:49:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2013/05/22 20:49:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2013/05/21 22:29:32 | 001,635,886 | ---- | C] () -- C:\Users\Ken\Desktop\scan0070.pdf[2013/05/15 17:58:14 | 165,691,072 | ---- | C] () -- C:\Users\Ken\051513_00001_20130515175814[2013/05/14 10:55:59 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf[2013/05/13 21:32:54 | 065,044,408 | ---- | C] () -- C:\Users\Ken\051313_00008_20130513213254[2013/05/13 19:33:55 | 524,288,024 | ---- | C] () -- C:\Users\Ken\051313_00007_20130513193355[2013/05/13 19:17:50 | 524,288,164 | ---- | C] () -- C:\Users\Ken\051313_00006_20130513191750[2013/05/13 19:07:06 | 524,289,012 | ---- | C] () -- C:\Users\Ken\051313_00005_20130513190706[2013/05/13 18:32:22 | 524,288,868 | ---- | C] () -- C:\Users\Ken\051313_00004_20130513183222[2013/05/13 17:58:44 | 524,289,332 | ---- | C] () -- C:\Users\Ken\051313_00003_20130513175844[2013/05/13 17:06:56 | 524,288,356 | ---- | C] () -- C:\Users\Ken\051313_00002_20130513170656[2013/05/13 16:24:39 | 524,288,588 | ---- | C] () -- C:\Users\Ken\051313_00001_20130513162439[2013/05/10 16:16:38 | 000,002,277 | ---- | C] () -- C:\Users\Ken\AppData\Local\recently-used.xbel[2013/05/09 10:23:48 | 899,118,561 | ---- | C] () -- C:\Windows\MEMORY.DMP[2013/04/30 10:39:42 | 000,001,539 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk[2013/04/27 18:51:31 | 000,001,904 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler2.lnk[2013/04/23 16:14:26 | 000,007,609 | ---- | C] () -- C:\Users\Ken\AppData\Local\Resmon.ResmonCfg[2013/03/29 11:31:30 | 000,197,582 | ---- | C] () -- C:\Windows\hpwins05.dat[2013/03/29 11:31:30 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat[2013/03/27 16:46:45 | 000,787,842 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2013/03/20 15:59:24 | 000,000,600 | ---- | C] () -- C:\Users\Ken\PUTTY.RND[2013/03/20 15:59:24 | 000,000,600 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\PUTTY.RND[2013/03/20 14:03:32 | 000,000,600 | ---- | C] () -- C:\Users\Ken\AppData\Local\PUTTY.RND[2013/03/20 10:47:19 | 000,001,456 | ---- | C] () -- C:\Users\Ken\AppData\Local\Adobe Save for Web 12.0 Prefs[2013/02/01 17:20:34 | 000,000,280 | ---- | C] () -- C:\Windows\SysWow64\PGPsdk.dll.sig========== ZeroAccess Check ==========[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]< End of report > Link to post Share on other sites More sharing options...
unname Posted May 23, 2013 Author ID:683041 Share Posted May 23, 2013 EXTRAS:OTL Extras logfile created on: 5/23/2013 11:29:53 AM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ken\Desktop64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy15.93 Gb Total Physical Memory | 11.62 Gb Available Physical Memory | 72.93% Memory free31.86 Gb Paging File | 26.97 Gb Available in Paging File | 84.63% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 287.15 Gb Total Space | 104.83 Gb Free Space | 36.51% Space Free | Partition Type: NTFSDrive F: | 465.65 Gb Total Space | 275.39 Gb Free Space | 59.14% Space Free | Partition Type: FAT32Computer Name: ESORKMASON | User Name: Ken | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)[HKEY_USERS\S-1-5-21-3263463438-2871500760-3022703788-1001\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0========== Firewall Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]========== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{00FFBACF-ABAF-4E5F-B7DF-6B980585B07A}" = lport=139 | protocol=6 | dir=in | app=system | "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | "{11FFEA09-F743-4DAF-9E4A-6977674526E2}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{17F8AEFC-129C-448D-AC9E-380679919ED0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2204354C-81D9-4A2D-A344-D62116EB406A}" = lport=138 | protocol=17 | dir=in | app=system | "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{28D38630-B5E1-4481-849A-2D8246DC50BA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{35EBE5FA-3146-4A5F-990F-684604F5EB69}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent broadcast | "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4466BE8C-5D93-453D-B598-612C46B66A67}" = lport=445 | protocol=6 | dir=in | app=system | "{475234C9-A285-4D44-914C-9DFE60477DDB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4A824990-B7DB-4A44-BD1C-B21E1123845B}" = rport=137 | protocol=17 | dir=out | app=system | "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | "{60EBF2CA-7389-4DB8-8C48-B0710AAEADB8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | "{64DD729B-5356-4769-9719-309EB9F9A79C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{705B5428-FD83-4F25-951B-44176B365038}" = rport=445 | protocol=6 | dir=out | app=system | "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | "{7DD68EF8-EA61-43EA-9E86-6DFF538293D7}" = rport=10243 | protocol=6 | dir=out | app=system | "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{87A72EAF-CF31-4427-B5BB-24607186D396}" = rport=138 | protocol=17 | dir=out | app=system | "{8ADD308B-E405-4746-86A3-A3D673E277FF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8B728BCF-9F94-4163-BC5A-401473EFC31C}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener | "{9494D133-BDE6-4F1B-8FE2-4B7B47D18E28}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{95CF4BFA-63F4-48F6-85B0-0D5B50C8A6D6}" = lport=137 | protocol=17 | dir=in | app=system | "{A09A087D-1FF4-45F1-B925-0C9155AD52EE}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent update | "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | "{B822802E-44A5-423E-8577-787BF0A3CF0D}" = lport=2869 | protocol=6 | dir=in | app=system | "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | "{BEA8A763-2EB3-4202-A5DB-6F9B744793CD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C5199E19-4706-4578-997E-E430AE154F03}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D4211EC6-D439-4A77-8981-140E08938F39}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{D599017B-3680-4D8D-A213-A39C7D792178}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DCCFE73F-9E9C-4972-A483-B24131508303}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{DE4154AB-F12B-4758-AEF8-6DD803B4830F}" = rport=139 | protocol=6 | dir=out | app=system | "{E0DE7D58-45CC-4C3B-A0CA-2B1FB2035B65}" = lport=10243 | protocol=6 | dir=in | app=system | "{F1740B8F-997D-48B4-BFA9-90643E7279EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{0691DD1C-645E-4FF2-8D95-B40067254AFD}" = protocol=6 | dir=in | app=c:\program files (x86)\fiddler2\fiddler.exe | "{06C2AD06-7051-40BB-BBCD-1E1DAE93B3E6}" = protocol=6 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe | "{07BAC5E3-A03D-408A-9299-EBB8E17985D1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{08AF7C4A-56C9-42A5-BCD9-83F1BBA275A2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe | "{0A04F9A7-008C-4E85-B45D-F2BC4D2B3ED0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1AF5953C-1BD8-4CEE-9A34-F619961AC470}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1CFA4BCC-C9FB-4DF1-9430-48B2F0737F6D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{24E00028-27F0-4D0C-AD30-D5AE46FE6D05}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{24F19106-3553-4C59-B362-BE7E7E3D796A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2D90DFA6-6176-4F91-B8E7-DC8C9DF2B6DB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{2FFB39D0-62B6-486C-A32F-D12D28DAC16C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{327E32A6-C7FD-49AD-AED7-BD6A0B239844}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3C8F44F2-D39B-4C83-91C0-6E4CA9F97EF9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe | "{40619F2D-624A-44B7-8871-8B72F67AED23}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4EA37F7B-3625-44A6-91F9-3CC838FDEC0F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5A59F86C-F9C6-4297-A477-57FFFB3F7488}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6B5E0586-C9BB-495F-8433-A389B52B8B3B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6B7E6919-B486-4EBD-8E44-369359587799}" = protocol=17 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe | "{6BE1AE71-3DD4-4132-82E2-9FC3E400C655}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{709F5415-3BD7-4F12-9D1D-7D57D6E19FB5}" = protocol=6 | dir=out | app=system | "{739795B1-D9B3-4AF7-AD4B-C7B0A86CA02C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{74FA11F4-0090-419A-A9F1-4ADDEFF418AD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8725833A-5E8D-4C0A-87AC-BB7517B1D3A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{89F43BF9-9E0B-4E5A-99F0-037EDD217A4A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{90D9C1A0-AB23-4824-98DC-56B794BD22E1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{9407C7A6-28E9-4A62-B428-6E391C1F4A3C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A579E56F-3100-4BFE-9367-B3FD0959B07C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B05A11F1-90A3-4456-A298-0548024F2471}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{B14E7820-643B-4DF4-B7DA-F22704599EA4}" = dir=in | app=c:\users\ken\appdata\local\temp\7zs0aea\ojprol7x00_basic_14\setup\hpznui40.exe | "{B3AEF99A-7DA2-494C-9D2C-F7583C8694B1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{B879B106-816E-4A7B-8F71-9F77B174C69A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BAFBCB81-81AE-4259-A286-717FD2C9C036}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | "{BCFBE368-30EF-4956-A4E7-DB5A7009E5F6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{BF91E062-086B-45BA-900A-0846D3CFF0B7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{C3E24362-7D7A-4608-B803-35D1CA5FB616}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{C614D8FC-F987-45D8-819C-C459C89B941D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C6E0AA11-F7F3-4461-A7A2-762E5A0DA4BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E01948F8-ABAC-4E20-A8C1-73FC44FC873D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{E5374116-58FA-4C1C-A751-6E92F0540FA5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{ED221F2F-6C1C-4563-8F38-5ABD5D5669EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{EF4A1D0F-E42F-4606-830A-DAFA54F777A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F8C21A77-2B75-44E5-9C68-A4F1A5740A5F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{FF8F9CD8-C9D6-4C5C-8A18-4260FD583B8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{1581CC9A-8EB6-4748-A3F5-A121699E560A}C:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{35B32D36-06BF-4FCB-9658-3AC566722440}C:\program files (x86)\microsoft office communicator\communicator.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe | "TCP Query User{4B901E87-169B-4BDF-B115-BE518E7A4486}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | "TCP Query User{BD0DF28B-79DE-4908-8D6F-CC55DDDEEF29}C:\ww\wallwatcher.exe" = protocol=6 | dir=in | app=c:\ww\wallwatcher.exe | "TCP Query User{C20E4016-7268-4D1A-B995-7DBBDC7DE6C9}C:\ww\wallwatcher.exe" = protocol=6 | dir=in | app=c:\ww\wallwatcher.exe | "TCP Query User{D7D9EE32-C9F3-4DD6-9573-045F3D44A259}C:\program files (x86)\adobe\adobe contribute cs5\app\contribute.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe contribute cs5\app\contribute.exe | "UDP Query User{029823D4-52A8-4DAD-BC71-0E653214B4CE}C:\ww\wallwatcher.exe" = protocol=17 | dir=in | app=c:\ww\wallwatcher.exe | "UDP Query User{10C69DBC-2424-4794-A75B-94DE3B52A867}C:\program files (x86)\adobe\adobe contribute cs5\app\contribute.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe contribute cs5\app\contribute.exe | "UDP Query User{581C7CBD-5200-4D3D-A219-A17B94124878}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | "UDP Query User{B46CDE0B-CDD7-4DD7-A6E5-FAF6C28F3F10}C:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{CF05A3F6-C75E-4A0E-BCE9-70086D1EA901}C:\ww\wallwatcher.exe" = protocol=17 | dir=in | app=c:\ww\wallwatcher.exe | "UDP Query User{FAB1F05C-C117-4E67-816E-AF1A16E462D0}C:\program files (x86)\microsoft office communicator\communicator.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{006EFC7F-7958-4125-973A-788B947C9D9D}" = Lenovo SimpleTap"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor"{3F32670E-45AE-4B23-AE86-CB21FAF19DDF}" = Symantec Encryption Desktop"{3FD730D4-755F-439B-8082-B55E00924A44}" = Client Security - Password Manager"{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel® PROSet/Wireless WiFi Software"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)"{55CEDC7F-3965-47C0-AC71-40AAA418B6A5}" = ThinkVantage Fingerprint Software"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)"{A818DAE1-EBBE-4438-B557-8115955D88E4}" = HP OfficeJet L7300/L7500/7600/7700"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)"{BD4F2616-B17D-4982-815F-0C78C476839F}" = EVault Software Agent"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"114EB224AD576F278686036AA9E1EFB7847E3935" = Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)"30A4777E896192B8D398199AE1AB235B69BAB26D" = Windows Driver Package - Intel (HECIx64) System (09/17/2009 6.0.0.1179)"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)"3C4C8BB88656F616D170176E1905526541B60FDF" = Windows Driver Package - Intel (e1kexpress) Net (06/22/2010 11.5.10.1012)"50BEEEA1F00D30E432867EA15672212B3FB5740E" = Windows Driver Package - Synaptics (SynTP) Mouse (04/22/2010 15.0.18.0)"573C3C32A1DB5625CA00E633E584E8A0E6383672" = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)"A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter"D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1" = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows Vista/7"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7"FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF" = Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07)"LENOVO.SMIIF" = Lenovo System Interface Driver"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"NVIDIA Display Control Panel" = NVIDIA Display Control Panel"NVIDIA Drivers" = NVIDIA Drivers"OnScreenDisplay" = On Screen Display"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox"Power Management Driver" = ThinkPad Power Management Driver"ProInst" = Intel PROSet Wireless"sp6" = Logitech SetPoint 6.52"SynTPDeinstKey" = ThinkPad UltraNav Driver"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier"Zune" = Zune[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.06.02.02"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86"{048DDE77-66D5-4335-8497-903856759B58}" = BPDSoftware"{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}" = bpd_scan_Carrier"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86"{1485CD45-F42D-46A6-9CFE-24537E481F53}" = L7000_Basic"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg"{4330AAE7-1893-42F9-BC38-539A1A60530B}" = Mobile Broadband"{492D6A69-BE0D-4F71-939D-A11470A207D0}" = MaaS360 Visibility Service"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4AA7C442-2AC2-45A9-BCD1-FF534621AAB2}" = MaaS360 Software Uninstall Utility"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010"{9615E45B-7670-4D17-9ED5-28B9E936EEDD}" = 7500_7600_7700_Help1"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro"{AC76BA86-1033-0000-7760-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2"{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery"{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}" = Trend Micro Client/Server Security Agent"{BF7023BC-319B-4FE1-B569-C854A19F81F8}" = Extend360 Enforcement Agent"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.1.0.19"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool"{CDC08463-9303-4BF1-BF8C-E1A2ECEE3248}" = Adobe Creative Suite 5 Web Premium"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger"{ED3D79A6-B3BB-4482-B226-0B620F97258A}" = BPDSoftware_Ini"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"7-Zip" = 7-Zip 9.20"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player"Fiddler2" = Fiddler"FileZilla Client" = FileZilla Client 3.6.0.2"Google Chrome" = Google Chrome"huey_is1" = hueyPRO for Lenovo (Version 1.2.4.1)"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder"Lenovo Welcome_is1" = Lenovo Welcome"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)"Mozilla Thunderbird 17.0.5 (x86 en-US)" = Mozilla Thunderbird 17.0.5 (x86 en-US)"MozillaMaintenanceService" = Mozilla Maintenance Service"Notepad++" = Notepad++"Office14.PROPLUS" = Microsoft Office Professional Plus 2010"OpenDNS Updater" = OpenDNS Updater 2.2.1"SdxBlockIE" = IE Block for 9 and 10"WallWatcher" = WallWatcherR 9 AND 1"WinLiveSuite" = Windows Live Essentials"WinPcapInst" = WinPcap 4.1.2"Wireshark" = Wireshark 1.8.6 (64-bit)========== HKEY_USERS Uninstall List ==========[HKEY_USERS\S-1-5-21-3263463438-2871500760-3022703788-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"ActiveTouchMeetingClient" = Cisco WebEx Meetings"Amazon Amazon Cloud Player" = Amazon Cloud Player"Dropbox" = Dropbox"JoinMe" = join.me========== Last 20 Event Log Errors ==========[ Application Events ]Error - 5/15/2013 9:11:38 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101Description = Error - 5/15/2013 9:11:38 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101Description = Error - 5/15/2013 9:11:39 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101Description = Error - 5/15/2013 9:11:39 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101Description = Error - 5/15/2013 9:11:39 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101Description = Error - 5/15/2013 9:11:40 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101Description = Error - 5/15/2013 9:11:40 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101Description = Error - 5/15/2013 9:11:41 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101Description = Error - 5/15/2013 9:12:03 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101Description = Error - 5/15/2013 9:12:03 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101Description = Error - 5/15/2013 9:12:04 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101Description = [ Cisco AnyConnect Secure Mobility Client Events ]Error - 5/23/2013 12:45:54 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4910Invoked Function: CMainThread::reportStates Return Code: -31522805 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE Error - 5/23/2013 12:45:54 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866Description = Function: CTcpTransport::internalReadSocket File: .\IPC\SocketTransport.cppLine: 1731 Invoked Function: WSARecv Return Code: 10053 (0x00002745) Description: An established connection was aborted by the software in your host machine. Error - 5/23/2013 12:45:54 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866Description = Function: CSocketTransport::readSocket File: .\IPC\SocketTransport.cppLine: 853 Invoked Function: CSocketTransport::internalReadSocket Return Code: -31522806 (0xFE1F000A) Description: SOCKETTRANSPORT_ERROR_READ Error - 5/23/2013 12:45:54 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cppLine: 1226 Invoked Function: CSocketTransport::readSocket Return Code: -31522806 (0xFE1F000A)Description: SOCKETTRANSPORT_ERROR_READ Error - 5/23/2013 12:45:54 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line: 832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522806 (0xFE1F000A) Description: SOCKETTRANSPORT_ERROR_READ Error - 5/23/2013 12:45:54 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cppLine: 1676 Invoked Function: WSASend Return Code: 10053 (0x00002745) Description: An established connection was aborted by the software in your host machine. Error - 5/23/2013 12:45:54 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cppLine: 384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE Error - 5/23/2013 12:45:58 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILEError - 5/23/2013 12:46:37 AM | Computer Name = ESORKMASON | Source = acvpnui | ID = 67108866Description = Function: CMainFrame::OnCreate File: .\mainfrm.cpp Line: 362 Invoked Function: The VPN service is not responding or available. Return Code: -33554423 (0xFE000009) Description: GLOBAL_ERROR_UNEXPECTED Error - 5/23/2013 12:46:37 AM | Computer Name = ESORKMASON | Source = acvpnui | ID = 67108865Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line: 1089 NULL object. Cannot establish a connection at this time.[ System Events ]Error - 5/15/2013 12:52:20 PM | Computer Name = ESORKMASON | Source = Service Control Manager | ID = 7011Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vpnagent service.Error - 5/15/2013 1:38:57 PM | Computer Name = ESORKMASON | Source = EventLog | ID = 6008Description = The previous system shutdown at 10:37:28 AM on ?5/?15/?2013 was unexpected.Error - 5/15/2013 1:39:50 PM | Computer Name = ESORKMASON | Source = Service Control Manager | ID = 7011Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vpnagent service.Error - 5/15/2013 3:44:10 PM | Computer Name = ESORKMASON | Source = NetBT | ID = 4311Description = Initialization failed because the driver device could not be created.Use the string "0024D7910DD0" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. Error - 5/15/2013 3:44:10 PM | Computer Name = ESORKMASON | Source = NetBT | ID = 4311Description = Initialization failed because the driver device could not be created.Use the string "0024D7910DD0" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. Error - 5/15/2013 5:11:32 PM | Computer Name = ESORKMASON | Source = Service Control Manager | ID = 7011Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vpnagent service.Error - 5/15/2013 5:12:19 PM | Computer Name = ESORKMASON | Source = Service Control Manager | ID = 7011Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.Error - 5/15/2013 9:17:51 PM | Computer Name = ESORKMASON | Source = DCOM | ID = 10005Description = Error - 5/15/2013 9:17:51 PM | Computer Name = ESORKMASON | Source = Service Control Manager | ID = 7009Description = A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.Error - 5/15/2013 9:17:51 PM | Computer Name = ESORKMASON | Source = Service Control Manager | ID = 7000Description = The Windows Modules Installer service failed to start due to the following error: %%1053< End of report > Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 23, 2013 ID:683046 Share Posted May 23, 2013 Looks pretty good to me. Please run this online scan to verify we haven't missed anything:Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Link to post Share on other sites More sharing options...
unname Posted May 24, 2013 Author ID:683296 Share Posted May 24, 2013 <p>Hi DFB - the log is very short, but the scan found a lot of old html / php files on an external drive that were from backed up websites that at one point were hacked. Here it is:</p><p> </p><div>ESETSmartInstaller@High as CAB hook log:</div><div>OnlineScanner64.ocx - registred OK</div><div>OnlineScanner.ocx - registred OK</div><div> </div><div>It looks like MB is still alerting that it is blocking access though - could this be a false positive?</div><div> </div><div>IP-BLOCK<span class="Apple-tab-span" style="white-space:pre"> </span>222.186.26.151 (Type: outgoing, Port: 137)</div> Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 24, 2013 ID:683327 Share Posted May 24, 2013 The IP address you showed me points to a computer in China. Unless you're browsing Chinese websites, this isn't really regular behaviour.Could you please attach the Malwarebytes IP log here for me to see? Link to post Share on other sites More sharing options...
unname Posted May 25, 2013 Author ID:683426 Share Posted May 25, 2013 I hope this is the correct one:2013/05/24 08:18:08 -0700 IP-BLOCK 222.186.26.151 (Type: outgoing, Port: 137)2013/05/24 08:18:08 -0700 IP-BLOCK 222.186.26.151 (Type: outgoing, Port: 137)2013/05/24 08:18:08 -0700 IP-BLOCK 222.186.26.151 (Type: outgoing, Port: 137)2013/05/24 08:40:46 -0700 MESSAGE Starting database refresh2013/05/24 08:40:46 -0700 MESSAGE Stopping IP protection2013/05/24 08:40:46 -0700 MESSAGE IP Protection stopped successfully2013/05/24 08:40:58 -0700 MESSAGE Database refreshed successfully2013/05/24 08:40:58 -0700 MESSAGE Starting IP protection2013/05/24 08:41:02 -0700 MESSAGE IP Protection started successfully2013/05/24 12:47:18 -0700 IP-BLOCK 60.173.11.7 (Type: outgoing, Port: 137)2013/05/24 12:47:26 -0700 IP-BLOCK 60.173.11.7 (Type: outgoing, Port: 137)2013/05/24 12:47:26 -0700 IP-BLOCK 60.173.11.7 (Type: outgoing, Port: 137) Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 25, 2013 ID:683441 Share Posted May 25, 2013 Does this happen at all when you use a web browser? Link to post Share on other sites More sharing options...
unname Posted May 25, 2013 Author ID:683623 Share Posted May 25, 2013 hmm, I guess I have the browser open even when I'm not using the computer.But it will get logged even if I'm not actively using it.I'll try closing my browser and see if it logs anything. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 25, 2013 ID:683653 Share Posted May 25, 2013 Sounds good. Keep me posted. Link to post Share on other sites More sharing options...
unname Posted May 28, 2013 Author ID:684591 Share Posted May 28, 2013 well - very strange - here's the logs from the weekend. Some days are fine, others are not. I just thought of something... Is it possible that if I'm pseudo-mirroring traffic on my router (via IP tables) from another computer, that MB would alert against this traffic and maybe the other computer is the one attempting to reach these IPs? Although, that computer was used heavily on Saturday on there's nothing in the log.5/252013/05/25 22:35:26 -0700 MESSAGE Executing scheduled update: Daily2013/05/25 22:35:41 -0700 MESSAGE Scheduled update executed successfully: database updated from version v2013.05.25.01 to version v2013.05.26.022013/05/25 22:35:41 -0700 MESSAGE Starting database refresh2013/05/25 22:35:42 -0700 MESSAGE Stopping IP protection2013/05/25 22:35:42 -0700 MESSAGE IP Protection stopped successfully2013/05/25 22:35:45 -0700 MESSAGE Database refreshed successfully2013/05/25 22:35:45 -0700 MESSAGE Starting IP protection2013/05/25 22:35:48 -0700 MESSAGE IP Protection started successfully5/262013/05/26 02:14:12 -0700 IP-BLOCK 218.7.242.6 (Type: outgoing, Port: 137)2013/05/26 02:14:12 -0700 IP-BLOCK 218.7.242.6 (Type: outgoing, Port: 137)2013/05/26 02:14:20 -0700 IP-BLOCK 218.7.242.6 (Type: outgoing, Port: 137)2013/05/26 09:30:31 -0700 IP-BLOCK 58.240.191.98 (Type: outgoing, Port: 137)2013/05/26 09:30:31 -0700 IP-BLOCK 58.240.191.98 (Type: outgoing, Port: 137)2013/05/26 09:30:31 -0700 IP-BLOCK 58.240.191.98 (Type: outgoing, Port: 137)2013/05/26 10:11:28 -0700 IP-BLOCK 218.93.205.140 (Type: outgoing, Port: 137)2013/05/26 10:11:28 -0700 IP-BLOCK 218.93.205.140 (Type: outgoing, Port: 137)2013/05/26 10:11:28 -0700 IP-BLOCK 218.93.205.140 (Type: outgoing, Port: 137)2013/05/26 15:52:04 -0700 IP-BLOCK 60.173.11.7 (Type: outgoing, Port: 137)2013/05/26 15:52:04 -0700 IP-BLOCK 60.173.11.7 (Type: outgoing, Port: 137)2013/05/26 15:52:04 -0700 IP-BLOCK 60.173.11.7 (Type: outgoing, Port: 137)2013/05/26 22:38:09 -0700 MESSAGE Executing scheduled update: Daily2013/05/26 22:38:23 -0700 MESSAGE Scheduled update executed successfully: database updated from version v2013.05.26.02 to version v2013.05.27.012013/05/26 22:38:23 -0700 MESSAGE Starting database refresh2013/05/26 22:38:24 -0700 MESSAGE Stopping IP protection2013/05/26 22:38:24 -0700 MESSAGE IP Protection stopped successfully2013/05/26 22:38:27 -0700 MESSAGE Database refreshed successfully2013/05/26 22:38:27 -0700 MESSAGE Starting IP protection2013/05/26 22:38:31 -0700 MESSAGE IP Protection5/272013/05/27 22:31:38 -0700 MESSAGE Executing scheduled update: Daily2013/05/27 22:31:49 -0700 MESSAGE Scheduled update executed successfully: database updated from version v2013.05.27.01 to version v2013.05.28.012013/05/27 22:31:49 -0700 MESSAGE Starting database refresh2013/05/27 22:31:50 -0700 MESSAGE Stopping IP protection2013/05/27 22:31:50 -0700 MESSAGE IP Protection stopped successfully2013/05/27 22:31:53 -0700 MESSAGE Database refreshed successfully2013/05/27 22:31:53 -0700 MESSAGE Starting IP protection2013/05/27 22:31:56 -0700 MESSAGE IP Protection started successfully5/282013/05/28 05:05:04 -0700 IP-BLOCK 222.186.57.37 (Type: outgoing, Port: 137)2013/05/28 05:05:04 -0700 IP-BLOCK 222.186.57.37 (Type: outgoing, Port: 137)2013/05/28 05:05:04 -0700 IP-BLOCK 222.186.57.37 (Type: outgoing, Port: 137) Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 28, 2013 ID:684603 Share Posted May 28, 2013 It might very well be the IP table issue you suggested. I think it's either that or some other (legitimate) program on your computer causing that, as I don't see any signs of it being malware that's causing that.Let's run just one more scan to be sure:Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.Click on this link to see a list of programs that should be disabled.Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")Allow the driver to load if asked.You may be prompted to scan immediately if it detects rootkit activity.If you are prompted to scan your system click "No", save the log and post back the results.If not prompted, click the "Rootkit/Malware" tab.On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.Select all drives that are connected to your system to be scanned.Click the Scan button to begin. (Please be patient as it can take some time to complete)When the scan is finished, click Save to save the scan results to your Desktop.Save the file as Results.log and copy/paste the contents in your next reply.Exit the program and re-enable all active protection when done. Link to post Share on other sites More sharing options...
unname Posted May 30, 2013 Author ID:685363 Share Posted May 30, 2013 Thanks DFB - I'm still unable to stop Trend due to password, but here are the results:GMER 2.1.19163 - http://www.gmer.netRootkit scan 2013-05-30 09:23:40Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.PCEZ 298.09GBRunning: f6n0g02t.exe; Driver: C:\Users\Ken\AppData\Local\Temp\pwddqpoc.sys---- User code sections - GMER 2.1 ----.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75].text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75].text ... * 2.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75].text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75].text ... * 2.text C:\Program Files (x86)\MaaS360\MaaS360 Visibility Service\EMSAgent.exe[2500] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076ff87b1 5 bytes JMP 0000000100412770.text C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75].text C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75].text ... * 2.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75].text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75].text ... * 2.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75].text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75].text ... * 2.text C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe[5180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75].text C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe[5180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75].text ... * 2.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[6588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75].text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[6588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75].text ... * 2.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[7400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75].text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[7400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75].text ... * 2.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[7584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75].text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[7584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75].text ... * 2.text C:\Users\Ken\Desktop\SecurityCheck.exe[8352] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000727a1a22 2 bytes [7A, 72].text C:\Users\Ken\Desktop\SecurityCheck.exe[8352] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000727a1ad0 2 bytes [7A, 72].text C:\Users\Ken\Desktop\SecurityCheck.exe[8352] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000727a1b08 2 bytes [7A, 72].text C:\Users\Ken\Desktop\SecurityCheck.exe[8352] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000727a1bba 2 bytes [7A, 72].text C:\Users\Ken\Desktop\SecurityCheck.exe[8352] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000727a1bda 2 bytes [7A, 72]? C:\Windows\system32\mssprxy.dll [8352] entry point in ".rdata" section 0000000074d271e6---- Devices - GMER 2.1 ----Device \Driver\iaStor \Device\Dev_fffffa800dbb3050 fffffa8017bfe328Device \Driver\USBSTOR -> DriverStartIo \Device\Dev_fffffa80103dd510 fffffa8017b6d9c4Device \Driver\USBSTOR \Device\Dev_fffffa80103dd510 fffffa8017b7f578---- Threads - GMER 2.1 ----Thread System [4:6200] fffffa8017bf6b50---- Processes - GMER 2.1 ----Library E:\BIN\CFAgent.exe (*** suspicious ***) @ E:\BIN\CFAgent.exe [9240] 0000000000400000---- Disk sectors - GMER 2.1 ----Disk \Device\Harddisk0\DR0 unknown MBR code---- EOF - GMER 2.1 ---- Link to post Share on other sites More sharing options...
unname Posted May 30, 2013 Author ID:685364 Share Posted May 30, 2013 Oh - forgot, it said it couldn't access system.cfg and user.dat (or something like that) because they were in use by another program Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 30, 2013 ID:685376 Share Posted May 30, 2013 Let's give this a shot:For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press EnterNote: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Link to post Share on other sites More sharing options...
unname Posted June 3, 2013 Author ID:686859 Share Posted June 3, 2013 Hi DFB - well unfortunately, I was unable to complete these steps - whenever I go into recovery, there is no OS listed and although the drives are listed, they say they need to be formatted.I downloaded these drivers for Lenovo w510 in attempt to 'load drivers': http://support.lenovo.com/en_US/detail.page?LegacyDocID=MIGR-74430But none of them made the OS show up.Also, in multiple attempts to get between recovery and boot to windows to look for drivers, the computer blue screened and wouldn't boot to OS... it is now booting, but no luck on the above.I'm thinking I just need to reinstall. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted June 3, 2013 ID:686867 Share Posted June 3, 2013 Did the bluescreen display a system file in the info? (i.e. somefile.sys or something like that)If you're planning on reformatting/reinstalling, do you have a set of recovery disks that came with the computer?One thing I'd suggest- check to make sure the hard drives are all connected properly... I recently had a computer where the hard drive wasn't recognized, but it turned out that the connection to it was just slightly loose. Link to post Share on other sites More sharing options...
unname Posted June 3, 2013 Author ID:686963 Share Posted June 3, 2013 The blue screen was very fast and happened about 3 times then 'fixed' itself and was able to boot. I don't have recovery disks - just will do a straight win7 install. Hard drive was recently checked and re-seated so I think that's ok. Thanks! Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted June 3, 2013 ID:686971 Share Posted June 3, 2013 Sounds good. If you need any help don't hesitate to ask. Link to post Share on other sites More sharing options...
Recommended Posts