Jump to content

Possible Infection?


Recommended Posts

My original problem started with Windows Explorer not always opening up a window or getting stuck when when trying to go through My Computer. I have tried several anti-virus programs and cleaned up the computer. I also installed malwarebytes and the past several days I have noticed IP Attacks such as:

 

2013/07/25 09:40:47 +0300    JROCKAM    XXX    IP-BLOCK    222.186.34.14 (Type: incoming, Port: 1433, Process: svchost.exe). I use a VPN service so last night tried changing to a new IP but the attacks have continued.

 

Thanks in advance, the logs from my computer are zipped and attached.

 

 

 

 

Attach & DDS Log.zip

Link to post
Share on other sites

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.


Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.

Link to post
Share on other sites

I have it.

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

I reread your instructions and the log is below;

 

 

ComboFix 13-07-24.03 - Paul 25/07/2013 15:26:19.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.12012.7817 [GMT 3:00]
Running from: c:\users\Paul\Desktop\Malware\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini
c:\programdata\Roaming
c:\windows\Installer\{11DE335D-6818-4FFA-973E-131A94953F52}\Icon6560581611.exe
c:\windows\SysWow64\win.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-06-25 to 2013-07-25 )))))))))))))))))))))))))))))))
.
.
2013-07-25 08:57 . 2013-07-25 09:24 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-24 15:34 . 2013-07-01 22:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28CD3A7D-60AC-4284-B6AA-20E6134F9A1C}\mpengine.dll
2013-07-23 11:37 . 2013-07-01 22:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-23 03:32 . 2013-07-23 03:31 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{25F426BE-E7ED-4EF4-B775-6A7A2AC268EA}\gapaengine.dll
2013-07-21 18:42 . 2013-07-21 19:07 -------- d-----w- c:\users\Patrick\AppData\Local\NPE
2013-07-21 17:52 . 2013-07-21 17:52 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-07-21 17:45 . 2013-07-21 17:45 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-07-21 17:45 . 2013-07-21 17:45 -------- d-----w- c:\program files\Microsoft Security Client
2013-07-21 10:50 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-07-21 10:50 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-07-21 10:50 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-07-21 10:50 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-07-21 10:50 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-07-21 10:50 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-07-21 10:50 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-07-21 10:50 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-07-21 10:50 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-07-21 09:21 . 2013-07-21 09:21 -------- d-----w- c:\users\Patrick\AppData\Roaming\Malwarebytes
2013-07-21 09:21 . 2013-07-21 09:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-21 09:21 . 2013-04-04 11:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-21 09:12 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-07-21 09:09 . 2013-07-21 09:09 -------- d-----w- c:\programdata\Malwarebytes
2013-07-21 08:44 . 2013-07-21 09:12 -------- d-----w- c:\program files\AVAST Software
2013-07-21 08:43 . 2013-07-21 18:05 -------- d-----w- c:\programdata\AVAST Software
2013-07-14 00:00 . 2013-07-14 00:02 -------- d-----w- c:\windows\system32\MRT
2013-07-11 09:11 . 2013-07-11 09:11 -------- d-----w- c:\program files (x86)\Pdf2Jpg
2013-07-10 11:50 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 11:50 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-10 11:50 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-10 11:50 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 11:50 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 11:50 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 11:50 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 11:50 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 11:50 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-10 11:50 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 11:50 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 11:49 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 11:49 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 11:49 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 11:49 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 11:49 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 11:49 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 11:49 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 11:49 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-06 10:18 . 2013-07-06 10:17 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-06 10:17 . 2013-07-06 10:17 -------- d-----w- c:\program files (x86)\Java
2013-07-06 10:16 . 2013-07-06 10:16 -------- d-----w- c:\programdata\AskPartnerNetwork
2013-07-06 10:16 . 2013-07-06 10:16 -------- d-----w- c:\program files (x86)\AskPartnerNetwork
2013-07-06 10:15 . 2013-07-06 10:15 -------- d-----w- c:\programdata\APN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-21 09:24 . 2013-06-09 11:43 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-21 09:24 . 2013-06-09 11:43 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-06 10:17 . 2013-02-22 12:54 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-06 10:17 . 2013-02-22 12:54 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-23 21:57 . 2013-02-12 11:03 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-10 21:06 . 2013-03-05 12:39 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-06-10 04:08 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-23 05:25 . 2013-06-10 01:20 1139800 ----a-w- c:\windows\system32\drivers\NAVx64\1404000.028\symefa64.sys
2013-05-22 12:53 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-21 05:02 . 2013-06-10 01:20 493656 ----a-w- c:\windows\system32\drivers\NAVx64\1404000.028\symds64.sys
2013-05-16 05:02 . 2013-06-10 01:20 796760 ----a-w- c:\windows\system32\drivers\NAVx64\1404000.028\srtsp64.sys
2013-05-13 05:51 . 2013-06-12 00:10 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 00:10 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 00:10 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 00:10 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 00:10 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 00:10 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 00:10 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 00:10 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 00:10 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 00:10 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-11 00:02 . 2013-05-11 00:02 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-11 00:02 . 2013-05-11 00:02 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-11 00:02 . 2013-05-11 00:02 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-11 00:02 . 2013-05-11 00:02 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-11 00:02 . 2013-05-11 00:02 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-11 00:02 . 2013-05-11 00:02 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-11 00:02 . 2013-05-11 00:02 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-11 00:02 . 2013-05-11 00:02 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-11 00:02 . 2013-05-11 00:02 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-11 00:02 . 2013-05-11 00:02 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-11 00:02 . 2013-05-11 00:02 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-11 00:02 . 2013-05-11 00:02 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-11 00:02 . 2013-05-11 00:02 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-11 00:02 . 2013-05-11 00:02 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-11 00:02 . 2013-05-11 00:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-11 00:02 . 2013-05-11 00:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-11 00:02 . 2013-05-11 00:02 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-11 00:02 . 2013-05-11 00:02 441856 ----a-w- c:\windows\system32\html.iec
2013-05-11 00:02 . 2013-05-11 00:02 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-11 00:02 . 2013-05-11 00:02 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-11 00:02 . 2013-05-11 00:02 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-11 00:02 . 2013-05-11 00:02 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-11 00:02 . 2013-05-11 00:02 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-11 00:02 . 2013-05-11 00:02 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-11 00:02 . 2013-05-11 00:02 235008 ----a-w- c:\windows\system32\url.dll
2013-05-11 00:02 . 2013-05-11 00:02 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-11 00:02 . 2013-05-11 00:02 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-11 00:02 . 2013-05-11 00:02 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-11 00:02 . 2013-05-11 00:02 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-11 00:02 . 2013-05-11 00:02 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-11 00:02 . 2013-05-11 00:02 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-11 00:02 . 2013-05-11 00:02 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-11 00:02 . 2013-05-11 00:02 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-11 00:02 . 2013-05-11 00:02 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-11 00:02 . 2013-05-11 00:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-11 00:02 . 2013-05-11 00:02 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-11 00:02 . 2013-05-11 00:02 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-11 00:02 . 2013-05-11 00:02 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-11 00:02 . 2013-05-11 00:02 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-11 00:02 . 2013-05-11 00:02 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-11 00:02 . 2013-05-11 00:02 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-11 00:02 . 2013-05-11 00:02 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-11 00:02 . 2013-05-11 00:02 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-11 00:02 . 2013-05-11 00:02 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-11 00:02 . 2013-05-11 00:02 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-11 00:02 . 2013-05-11 00:02 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-11 00:02 . 2013-05-11 00:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-11 00:02 . 2013-05-11 00:02 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-11 00:02 . 2013-05-11 00:02 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-10 05:49 . 2013-06-12 00:12 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 00:12 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 00:17 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-04-28 03:52 . 2013-04-28 03:52 61224 ----a-w- c:\windows\system32\ibmpmsvc.exe
2013-04-28 03:52 . 2013-04-28 03:52 60712 ----a-w- c:\windows\system32\ibmpmctl.exe
2013-04-28 03:52 . 2013-04-28 03:52 44800 ----a-w- c:\windows\system32\drivers\ibmpmdrv.sys
2013-04-28 03:52 . 2013-04-28 03:52 40232 ----a-w- c:\windows\system32\tpinspm.dll
2013-02-17 10:13 . 2013-02-17 10:13 14823424 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2012-07-21 12:04 1195144 ----a-w- c:\windows\SysWOW64\PGPfsshl.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2013-02-08 1516496]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-04-19 291608]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2012-02-28 133400]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-21 507744]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-05-15 5941344]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 1091376]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 4351712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"StatusAlerts"="c:\program files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" [2011-07-19 136760]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"autodetect"="c:\program files (x86)\Safaricom Broadband\AutoDect.exe" [2010-05-26 128864]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-06-13 1542608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2012-4-1 1390368]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2013-2-17 14823424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkPad\Bluetooth Software\BtwProximityCP.dll c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 Fastboot;Fastboot;c:\windows\system32\DRIVERS\Fastboot.sys;c:\windows\SYSNATIVE\DRIVERS\Fastboot.sys [x]
R3 HP DS Service;HP DS Service;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys;c:\windows\SYSNATIVE\Drivers\PGPfsfd.sys [x]
S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys;c:\windows\SYSNATIVE\DRIVERS\Pgpwdefs.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\SYMEFA64.SYS [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\ccSetx64.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD01000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DD01000.020\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130724.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130724.001\IDSvia64.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NAVx64\1404000.028\SYMNETS.SYS [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe;c:\program files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 PGP RDD Service;PGP RDD Service;c:\program files (x86)\PGP Corporation\PGP Desktop\RDDService.exe;c:\program files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 l36wgps; Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\l36wgps64.sys;c:\windows\SYSNATIVE\DRIVERS\l36wgps64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Mbm3CBus;H5321 gw Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x]
S3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x]
S3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x]
S3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 tvtvcamd;ThinkVantage Virtual Camera;c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 03:44 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-09 09:24]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-17 01:10]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-17 01:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2012-07-21 12:05 1987768 ----a-w- c:\windows\System32\PGPfsshl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-04-17 12480616]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]
"TpShocks"="TpShocks.exe" [2012-02-25 382528]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-06-02 290160]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2012-09-07 63376]
"HP LJ300-400 color MFP M375-M475 Series Fax"="c:\program files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe" [2011-05-06 3706424]
"HP Color LaserJet CM2320 MFP Series Fax"="c:\program files (x86)\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe" [2009-09-22 3700736]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-02-27 2041192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-09-03 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-09-03 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-09-03 441152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.

uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000


IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\PGPlsp.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PGP Tray.lnk - c:\windows\Installer\{11DE335D-6818-4FFA-973E-131A94953F52}\Icon6560581611.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file)
ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file)
ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file)
ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.1.0.32\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
c:\program files (x86)\Lenovo\message center plus\mcplaunch.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
.
**************************************************************************
.
Completion time: 2013-07-25 19:28:13 - machine was rebooted
ComboFix-quarantined-files.txt 2013-07-25 16:28
.
Pre-Run: 345,419,853,824 bytes free
Post-Run: 345,047,728,128 bytes free
.
- - End Of File - - 4C450F6BB015F6BF41A00756C1626AB2
D41D8CD98F00B204E9800998ECF8427E

Link to post
Share on other sites

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Norton or MSE.

Link to post
Share on other sites

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

CFScript.txt

Link to post
Share on other sites

As I began Combofix I got the following error message.

 

Error opening file for writing:

 

C:\32788RZ2FWJFW\NirCmd.3XE

 

Click Abort to stop the installation,

Retry to try again, or

Ignore to skip this file

 

I accidentally hit ignore and Combofix began running. Following the Combofix run I ran Malwarebytes and show now malware. The log for Malwarebytes is below and the Combofix is attached. Thank you for your help and I appreciate any info you can provide on what the problem is.

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.28.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Patrick :: JROCKAM [administrator]

Protection: Enabled

28/07/2013 19:28:23
mbam-log-2013-07-28 (19-28-23).txt

Scan type: Full scan (C:\|O:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 411994
Time elapsed: 36 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ComboFix (2).txt

Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Thanks have scanned with ESET and found the following:

 

 

C:\Program Files (x86)\FrostWire 5\frostwire-installer.exe multiple threats
C:\Program Files (x86)\FrostWire 5\OCSetupHlp.dll Win32/OpenCandy application
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\Paul\.frostwire5\updates\frostwire-5.6.2.windows.exe multiple threats
C:\Users\Paul\AppData\Roaming\uTorrent\uTorrent.exe a variant of Win32/Bunndle application

Link to post
Share on other sites

C:\Program Files (x86)\FrostWire 5\frostwire-installer.exe multiple threatsC:\Program Files (x86)\FrostWire 5\OCSetupHlp.dll Win32/OpenCandy applicationC:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B applicationC:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B applicationC:\Users\Paul\.frostwire5\updates\frostwire-5.6.2.windows.exe multiple threatsC:\Users\Paul\AppData\Roaming\uTorrent\uTorrent.exe a variant of Win32/Bunndle application

These files/programs aren´t malware, but contain security risks. I would remove them immediately - your choice.

 

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner

Please download AdwCleaner to your desktop.

  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[s1].txt also.

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

Frostwire and UTorrent uninstalled as are other files deleted.

 

adwCleaner results:

 

# AdwCleaner v2.306 - Logfile created 07/29/2013 at 13:41:18
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Paul - JROCKAM
# Boot Mode : Normal
# Running from : C:\Users\Paul\Desktop\Malware\adwcleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Paul\AppData\Local\Babylon
Folder Deleted : C:\Users\Paul\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635



-\\ Google Chrome v28.0.1500.72

File : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Preferences




-\\ Opera v12.16.1860.0

File : C:\Users\Paul\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [3081 octets] - [29/07/2013 13:41:18]

########## EOF - C:\AdwCleaner[s1].txt - [3141 octets] ##########

Security Check:

 

Results of screen317's Security Check version 0.99.71
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 25
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.8.800.94
Adobe Reader 10.1.7 Adobe Reader out of Date!
Google Chrome 28.0.1500.71
Google Chrome 28.0.1500.72
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Norton AntiVirus Engine 20.4.0.40 ccSvcHst.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Patrick Desktop Malware SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Link to post
Share on other sites

Then your system is all clean now! :)

 

Adobe Flash Player out of date

Your Adobe flash player is outdated. We will fix this.

  • Get the actual player from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:

    [*] Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Link to post
Share on other sites

Thank you but Malwarebytes still seems to be catching IP attacks:

 

 

2013/07/29 14:20:12 +0300 JROCKAM Paul IP-BLOCK 219.255.134.101 (Type: incoming, Port: 5908, Process: svchost.exe)
2013/07/29 14:20:12 +0300 JROCKAM Paul IP-BLOCK 219.255.134.101 (Type: incoming, Port: 5908, Process: svchost.exe)
2013/07/29 14:39:00 +0300 JROCKAM Paul IP-BLOCK 222.186.15.235 (Type: incoming, Port: 1433, Process: svchost.exe)
2013/07/29 14:39:00 +0300 JROCKAM Paul IP-BLOCK 222.186.15.235 (Type: incoming, Port: 1433, Process: svchost.exe)

Link to post
Share on other sites

These IPs aren´t blacklisted.

Let´s do another check.

 

Scan with OTL

  1. Download OTL by OldTimer and save it to your desktop.
  2. Double click on the OTL.exe icon on your desktop. If you are using Vista, please right-click and select run as administrator
  3. Click the "Scan All Users" checkbox.


    Note: If you are using a Windows 64bit machine, please make sure the checkbox next to Include 64Bit Scans is checked. It will be checked by default.

  4. Push the runscanbutton.png button.
  5. It will now begin to scan, please be paitent while it scans.
  6. Two reports will open once it's done.
  7. Please copy and paste them in your next reply:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


Link to post
Share on other sites

If they are not blacklist is this normal? I am also operating from behind a VPN and have switched servers but still get hit.

 

OTL:

 

 

OTL logfile created on: 29/07/2013 15:10:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patrick\Desktop\Malware
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

11.73 Gb Total Physical Memory | 7.70 Gb Available Physical Memory | 65.63% Memory free
23.46 Gb Paging File | 19.24 Gb Available in Paging File | 82.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 464.29 Gb Total Space | 313.68 Gb Free Space | 67.56% Space Free | Partition Type: NTFS
Drive O: | 15.00 Gb Total Space | 2.77 Gb Free Space | 18.45% Space Free | Partition Type: NTFS

Computer Name: JROCKAM | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/29 15:08:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paul \Desktop\Malware\OTL.exe
PRC - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/07/11 06:56:40 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2013/05/21 07:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/21 21:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/28 02:47:28 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/02/08 09:45:36 | 001,516,496 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe
PRC - [2013/01/10 15:35:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/24 13:20:00 | 000,991,232 | ---- | M] (StrongVPN ©) -- C:\Program Files (x86)\StrongVPN\StrongDial.exe
PRC - [2012/12/21 16:46:12 | 000,057,008 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
PRC - [2012/12/14 05:15:04 | 000,208,384 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
PRC - [2012/12/06 12:14:42 | 000,056,416 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/11/08 18:08:50 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2012/09/07 08:09:02 | 000,366,480 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2012/09/07 08:08:48 | 000,133,008 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2012/08/19 04:03:19 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe
PRC - [2012/07/21 15:05:20 | 001,588,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
PRC - [2012/06/02 06:49:06 | 000,179,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
PRC - [2012/06/02 06:49:00 | 000,290,160 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2012/06/02 06:48:58 | 000,061,296 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2012/06/02 06:48:38 | 000,058,224 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2012/05/16 02:45:22 | 000,065,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2012/05/16 00:32:00 | 000,128,608 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2012/04/19 10:32:12 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/04/19 10:15:38 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2012/04/01 22:22:18 | 000,150,816 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
PRC - [2012/02/28 11:20:58 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/28 11:20:56 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/28 11:20:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/03 20:30:06 | 000,655,400 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
PRC - [2012/01/25 16:44:54 | 000,567,360 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2012/01/17 09:29:24 | 000,169,776 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
PRC - [2011/12/29 19:20:40 | 000,144,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/05/26 16:42:04 | 000,128,864 | ---- | M] () -- C:\Program Files (x86)\Safaricom Broadband\AutoDect.exe
PRC - [2010/03/12 00:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/01/10 22:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/11 06:58:53 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f752f8cf702b7c7eff6c659b2e0c760a\System.ServiceProcess.ni.dll
MOD - [2013/07/11 06:58:13 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4df2e863676f312ab7aea9f2c2090d2e\System.Windows.Forms.ni.dll
MOD - [2013/07/11 06:58:08 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/11 06:57:55 | 000,687,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\8a64025f7849664164acd20d3f8dcd7f\System.Security.ni.dll
MOD - [2013/07/11 06:57:52 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013/07/11 06:57:49 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/11 06:57:47 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/11 06:57:41 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/12/14 05:14:54 | 017,270,784 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\googleearth_free.dll
MOD - [2012/12/14 04:57:26 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\alchemyext.dll
MOD - [2012/12/14 04:54:35 | 000,086,528 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\ge_expat.dll
MOD - [2012/12/14 04:52:45 | 000,519,168 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll
MOD - [2012/12/14 04:52:45 | 000,059,392 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\libEGL.dll
MOD - [2012/12/14 04:52:42 | 002,803,200 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll
MOD - [2012/12/14 04:52:42 | 001,393,664 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGSg.dll
MOD - [2012/12/14 04:52:41 | 000,737,792 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll
MOD - [2012/12/14 04:52:35 | 001,050,624 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\IGOpt.dll
MOD - [2012/12/14 04:52:35 | 000,631,808 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\IGMath.dll
MOD - [2012/12/14 04:52:35 | 000,290,816 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\IGUtils.dll
MOD - [2012/12/14 04:52:35 | 000,145,408 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll
MOD - [2012/12/14 04:52:34 | 001,224,192 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\IGCore.dll
MOD - [2012/12/14 04:52:34 | 000,726,016 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\IGExportCommon.dll
MOD - [2012/12/14 04:49:55 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\imageformats\qjpeg4.dll
MOD - [2012/12/14 04:49:55 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\imageformats\qgif4.dll
MOD - [2012/12/14 04:49:54 | 007,877,632 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\QtWebKit4.dll
MOD - [2012/12/14 04:49:54 | 006,174,208 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\QtGui4.dll
MOD - [2012/12/14 04:49:54 | 001,777,664 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\QtCore4.dll
MOD - [2012/12/14 04:49:54 | 000,518,656 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\QtNetwork4.dll
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/30 17:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\wincfi39.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/05/26 16:42:04 | 000,128,864 | ---- | M] () -- C:\Program Files (x86)\Safaricom Broadband\AutoDect.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 08:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/28 06:52:04 | 000,061,224 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2012/06/02 06:49:06 | 000,179,568 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM)
SRV:64bit: - [2012/06/02 06:48:58 | 000,061,296 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2012/06/02 06:48:38 | 000,058,224 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2012/05/30 01:27:14 | 000,144,992 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV:64bit: - [2012/04/01 22:21:52 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2012/02/26 15:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/02/26 15:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/02/26 15:07:32 | 000,626,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/02/26 15:07:26 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/02/03 08:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/12/29 19:20:40 | 000,144,960 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2011/12/29 08:48:24 | 000,049,480 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2011/07/12 16:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011/07/12 10:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2010/09/23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/07/21 12:24:08 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/06/26 15:57:38 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/21 07:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe -- (NAV)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/28 02:47:28 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/10 15:35:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/11/08 18:08:50 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012/09/07 08:08:50 | 000,272,272 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2012/09/07 08:08:48 | 000,133,008 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2012/09/03 12:52:48 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/08/19 04:03:19 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe -- (NCO)
SRV - [2012/07/21 15:05:20 | 001,588,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service)
SRV - [2012/05/16 00:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2012/05/16 00:32:00 | 001,662,560 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2012/05/16 00:32:00 | 000,320,576 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2012/04/19 10:15:38 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2012/02/28 11:20:58 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/28 11:20:56 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/28 11:20:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/03 20:30:06 | 000,655,400 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2012/01/17 09:29:24 | 000,169,776 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService)
SRV - [2011/07/08 08:11:06 | 000,162,816 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010/10/27 13:02:58 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe -- (HP DS Service)
SRV - [2010/03/19 00:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/12 00:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/10 22:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp2)
DRV:64bit: - [2013/06/11 00:06:49 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/23 08:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/21 08:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/16 08:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/04/28 06:52:04 | 000,044,800 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2013/04/25 03:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/24 01:23:00 | 000,460,528 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/04/16 05:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\ccsetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/05 04:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/05 04:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/02/28 02:47:56 | 000,284,448 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2013/02/28 02:47:42 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013/02/08 09:45:36 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/17 03:45:18 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/09/03 12:52:42 | 009,000,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/23 17:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 17:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 17:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/07 04:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DD01000.020\ccSetx64.sys -- (ccSet_NST)
DRV:64bit: - [2012/07/21 15:05:34 | 000,015,848 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\PGPwdefs.sys -- (Pgpwdefs)
DRV:64bit: - [2012/07/21 15:05:32 | 000,372,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PGPwded.sys -- (PGPwded)
DRV:64bit: - [2012/07/21 15:05:30 | 000,051,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PGPsdk.sys -- (PGPsdkDriver)
DRV:64bit: - [2012/07/21 15:05:22 | 000,273,848 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PGPdisk.sys -- (PGPdisk)
DRV:64bit: - [2012/07/21 15:05:22 | 000,178,552 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\PGPfsfd.sys -- (pgpfs)
DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/05/30 07:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/05/16 00:32:00 | 000,029,512 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2012/05/16 00:32:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2012/04/20 03:36:26 | 000,035,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012/04/20 03:36:26 | 000,025,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2012/04/19 10:32:08 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/04/19 10:32:06 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/04/19 10:32:06 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/04/01 05:52:30 | 000,184,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012/04/01 05:52:26 | 000,594,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012/04/01 05:52:24 | 000,163,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012/03/27 02:07:06 | 000,033,344 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV:64bit: - [2012/03/05 14:29:42 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012/03/05 14:29:40 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012/02/20 22:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/02/17 02:19:42 | 000,216,064 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2012/01/13 20:08:42 | 000,102,440 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l36wgps64.sys -- (l36wgps)
DRV:64bit: - [2012/01/11 06:30:58 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/12/29 08:48:24 | 000,147,784 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011/12/29 08:48:24 | 000,025,416 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011/12/26 12:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011/12/09 00:06:07 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/09 00:06:07 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/08 04:59:52 | 000,027,432 | ---- | M] (ThinkVantage Communications Utility) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvtvcamd.sys -- (tvtvcamd)
DRV:64bit: - [2011/12/07 20:54:20 | 000,282,152 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ)
DRV:64bit: - [2011/10/05 21:38:32 | 000,029,736 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2011/10/05 21:38:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2011/09/17 03:38:52 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/08/23 01:47:50 | 000,483,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
DRV:64bit: - [2011/08/23 01:47:50 | 000,430,664 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
DRV:64bit: - [2011/08/23 01:47:50 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
DRV:64bit: - [2011/08/23 01:47:44 | 000,419,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV:64bit: - [2011/05/29 13:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2011/05/26 03:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2010/11/21 06:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 06:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/08 08:56:54 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/09/08 08:56:52 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/09/08 08:56:52 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 03:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 02:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/07/20 19:08:01 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130728.020\ex64.sys -- (NAVEX15)
DRV - [2013/07/20 19:08:01 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130728.020\eng64.sys -- (NAVENG)
DRV - [2013/07/19 17:12:16 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130726.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/05/31 19:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/03/13 03:16:30 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/03/05 04:29:35 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1877107201-3606272541-968159457-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1877107201-3606272541-968159457-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-1877107201-3606272541-968159457-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1877107201-3606272541-968159457-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1877107201-3606272541-968159457-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
IE - HKU\S-1-5-21-1877107201-3606272541-968159457-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.0.32\coFFPlgn\ [2013/07/29 13:47:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFFPlgn\ [2013/07/21 11:54:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP5X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2013/07/21 11:54:52 | 000,000,000 | ---D | M]

[2013/04/06 02:21:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul \AppData\Roaming\mozilla\Firefox\Profiles\[opt]rs0\extensions
[2013/04/06 02:23:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Norton Safe Search (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Frostwire Toolbar = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaiognmpgbjoffachmpnnppfnokcbe\17.50820_0\
CHR - Extension: LastPass = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.25_0\
CHR - Extension: Skype Click to Call = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0\
CHR - Extension: Norton Identity Protection = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2013.1.0.32_0\

O1 HOSTS File: ([2013/07/28 19:15:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1877107201-3606272541-968159457-1001\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Color LaserJet CM2320 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HP LJ300-400 color MFP M375-M475 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [autodetect] C:\Program Files (x86)\Safaricom Broadband\AutoDect.exe ()
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo)
O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [statusAlerts] C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-1877107201-3606272541-968159457-1000..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1877107201-3606272541-968159457-1001..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKU\S-1-5-21-1877107201-3606272541-968159457-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1877107201-3606272541-968159457-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1877107201-3606272541-968159457-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1877107201-3606272541-968159457-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-1877107201-3606272541-968159457-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0




O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PGPlsp.dll (Symantec Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\PGPlsp.dll (Symantec Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\PGPlsp.dll (Symantec Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\PGPlsp.dll (Symantec Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36E88693-5C4A-46EB-998D-A5A891890B9D}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C2C20E9-079E-455A-9E87-D0598B592AF1}: DhcpNameServer = 4.2.2.2 213.55.96.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E996AACE-D258-4D1F-B3D5-1D9201BD9D27}: NameServer = 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/29 08:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/07/28 19:15:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/28 19:10:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/07/26 18:27:30 | 000,000,000 | ---D | C] -- C:\ldiag
[2013/07/26 17:13:52 | 000,000,000 | ---D | C] -- C:\Users\Paul \Desktop\GX
[2013/07/26 09:27:27 | 000,000,000 | ---D | C] -- C:\Users\Paul \Desktop\O Meeting Notes
[2013/07/25 15:25:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/25 15:25:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/25 15:25:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/25 15:24:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/25 15:24:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/07/25 15:17:07 | 000,000,000 | ---D | C] -- C:\Users\Paul \Desktop\Jun
[2013/07/25 11:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/07/25 09:44:14 | 000,000,000 | ---D | C] -- C:\Users\Paul \Desktop\Malware
[2013/07/22 15:53:39 | 000,000,000 | ---D | C] -- C:\Users\Paul \Desktop\Mil
[2013/07/21 21:42:27 | 000,000,000 | ---D | C] -- C:\Users\Paul \AppData\Local\NPE
[2013/07/21 20:59:41 | 000,000,000 | ---D | C] -- C:\Users\Paul \Documents\mbam-chameleon-1.62.1.1000
[2013/07/21 20:52:33 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013/07/21 14:04:44 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/07/21 14:04:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/07/21 14:04:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/07/21 14:04:41 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/07/21 14:04:41 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2013/07/21 14:04:41 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/07/21 14:04:38 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/07/21 14:04:38 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/07/21 14:04:38 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/07/21 14:04:38 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/07/21 14:04:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/07/21 14:04:38 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/07/21 14:04:38 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/07/21 14:04:38 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/07/21 14:04:38 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/07/21 14:04:38 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/07/21 14:04:38 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/07/21 14:04:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/07/21 14:04:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/07/21 14:04:38 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/07/21 14:04:38 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/07/21 14:04:37 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/07/21 14:04:37 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/07/21 14:04:37 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/07/21 14:04:37 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/07/21 13:50:48 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/07/21 13:50:44 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/07/21 13:50:44 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/07/21 12:21:35 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Malwarebytes
[2013/07/21 12:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/21 12:21:26 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/21 12:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/21 12:12:42 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/07/21 12:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/21 11:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/07/21 11:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/07/16 13:14:45 | 000,000,000 | ---D | C] -- C:\Users\Paul \Desktop\Africa Oil ROE
[2013/07/15 21:15:35 | 000,000,000 | ---D | C] -- C:\Users\Paul \Desktop\Albedo
[2013/07/15 09:38:46 | 000,000,000 | ---D | C] -- C:\Users\Paul \Desktop\Vanoil Incident Summary
[2013/07/14 03:00:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/11 12:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pdf2Jpg
[2013/07/11 12:11:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pdf2Jpg
[2013/07/11 10:51:41 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\AOK
[2013/07/11 03:04:54 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/11 03:04:53 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/11 03:04:53 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/11 03:04:53 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/11 03:04:53 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/11 03:04:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/11 03:04:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/11 03:04:53 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/11 03:04:53 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/11 03:04:53 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/11 03:04:53 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/11 03:04:52 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/11 03:04:52 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/11 03:04:52 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/11 03:04:52 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/10 14:50:15 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/10 14:50:15 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/10 14:50:15 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/10 14:50:15 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/10 14:49:14 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/09 16:26:22 | 000,000,000 | ---D | C] -- C:\Users\Paul \Documents\OneNote Notebooks
[2013/07/09 10:29:40 | 000,000,000 | ---D | C] -- C:\Users\Paul \Desktop\Strike
[2013/07/09 10:01:06 | 000,000,000 | ---D | C] -- C:\Users\Paul \Desktop\Delo
[2013/07/07 20:24:28 | 000,000,000 | ---D | C] -- C:\Users\Paul \Desktop\New Company
[2013/07/06 19:29:38 | 000,000,000 | ---D | C] -- C:\Users\Paul \Desktop\national
[2013/07/06 19:23:08 | 000,000,000 | ---D | C] -- C:\Users\Paul \Desktop\Horn
[2013/07/06 13:18:20 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/07/06 13:18:02 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/07/06 13:18:02 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/07/06 13:18:02 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/06 13:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/07/06 13:15:17 | 000,489,392 | ---- | C] (Ask Partner Network) -- C:\Users\Paul \Documents\APNSetup.exe
[2013/07/04 13:17:41 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\Energy
[2013/07/02 12:36:01 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\TESLA
[2013/06/30 18:24:58 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\dan
[2013/02/17 13:13:27 | 014,823,424 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe

========== Files - Modified Within 30 Days ==========

[2013/07/29 14:42:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/29 14:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/29 14:06:47 | 000,730,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/29 14:06:47 | 000,631,778 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/29 14:06:47 | 000,111,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/29 13:57:16 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/29 13:57:16 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/29 13:48:19 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/29 13:46:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/29 13:46:40 | 856,616,958 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/28 20:27:00 | 000,062,333 | ---- | M] () -- C:\Users\Paul \Desktop\South Sudan Daily Security Sitrep 20130728 Unclassified.pdf
[2013/07/28 19:15:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/26 15:51:06 | 000,001,263 | ---- | M] () -- C:\Users\Paul \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/07/26 13:59:21 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/24 16:13:10 | 000,000,196 | ---- | M] () -- C:\Users\Paul \Documents\cc_20130724_161307.reg
[2013/07/24 16:11:29 | 000,000,196 | ---- | M] () -- C:\Users\Paul \Documents\cc_20130724_161127.reg
[2013/07/24 16:11:14 | 000,000,396 | ---- | M] () -- C:\Users\Paul \Documents\cc_20130724_161111.reg
[2013/07/24 16:10:57 | 000,005,972 | ---- | M] () -- C:\Users\Paul \Documents\cc_20130724_161049.reg
[2013/07/24 16:10:30 | 000,138,166 | ---- | M] () -- C:\Users\Paul \Documents\cc_20130724_161022.reg
[2013/07/24 11:09:58 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/22 10:27:58 | 047,813,398 | ---- | M] () -- C:\Users\Patrick\Desktop\semg 2013.pdf
[2013/07/21 12:24:08 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/21 12:24:08 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/21 12:21:28 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/21 12:13:09 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/07/21 12:13:09 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/07/21 12:13:09 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/07/21 12:12:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/07/11 06:49:39 | 000,432,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/06 13:17:57 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/07/06 13:17:57 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/07/06 13:17:57 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/07/06 13:17:57 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/07/06 13:17:57 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/07/06 13:17:57 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/01 22:37:58 | 000,238,336 | ---- | M] () -- C:\Users\Patrick\Documents\Apple_iOS_5_Guide.pdf

========== Files Created - No Company Name ==========

[2013/07/28 20:27:00 | 000,062,333 | ---- | C] () -- C:\Users\Patrick\Desktop\South Sudan Daily Security Sitrep 20130728 Unclassified.pdf
[2013/07/25 15:25:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/25 15:25:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/25 15:25:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/25 15:25:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/25 15:25:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/24 16:13:08 | 000,000,196 | ---- | C] () -- C:\Users\Paul \Documents\cc_20130724_161307.reg
[2013/07/24 16:11:28 | 000,000,196 | ---- | C] () -- C:\Users\Paul \Documents\cc_20130724_161127.reg
[2013/07/24 16:11:13 | 000,000,396 | ---- | C] () -- C:\Users\Paul \Documents\cc_20130724_161111.reg
[2013/07/24 16:10:51 | 000,005,972 | ---- | C] () -- C:\Users\Paul \Documents\cc_20130724_161049.reg
[2013/07/24 16:10:26 | 000,138,166 | ---- | C] () -- C:\Users\Paul \Documents\cc_20130724_161022.reg
[2013/07/22 10:28:06 | 047,813,398 | ---- | C] () -- C:\Users\Paul \Desktop\semg 2013.pdf
[2013/07/21 20:45:47 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/07/21 12:21:28 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/21 12:13:09 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/07/21 12:13:09 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/07/21 12:13:09 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/07/21 12:12:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/07/09 16:26:23 | 000,001,263 | ---- | C] () -- C:\Users\Paul \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/07/01 22:37:58 | 000,238,336 | ---- | C] () -- C:\Users\Paul \Documents\Apple_iOS_5_Guide.pdf
[2013/05/23 18:43:07 | 000,208,556 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/04/09 14:22:23 | 000,000,017 | ---- | C] () -- C:\Users\Paul \AppData\Local\resmon.resmoncfg
[2013/02/26 16:00:58 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/24 14:02:38 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/02/24 14:02:38 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/02/24 14:02:38 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/02/24 14:02:38 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/02/24 14:02:38 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/02/24 14:02:38 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/02/24 14:02:38 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/02/24 14:02:38 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/02/24 14:02:38 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/02/24 14:02:38 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2013/02/24 14:02:38 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/02/24 14:02:38 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/02/24 14:02:38 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/02/24 14:02:38 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/02/24 14:02:38 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/02/24 14:02:38 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2013/02/24 14:02:38 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2013/02/24 14:02:38 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/02/24 14:02:38 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/02/22 10:40:01 | 000,001,032 | ---- | C] () -- C:\Users\Paul \Music - Shortcut.lnk
[2013/02/18 16:39:23 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\PROTOCOL.INI
[2013/02/18 16:17:14 | 000,176,798 | ---- | C] () -- C:\Windows\hppins12.dat
[2013/02/18 16:17:14 | 000,007,855 | ---- | C] () -- C:\Windows\hppmdl12.dat
[2013/02/12 16:45:25 | 000,000,762 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2013/01/24 12:24:30 | 000,255,312 | ---- | C] () -- C:\Users\Paul \AppData\Roaming\wanancsp.dat
[2013/01/24 12:18:53 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
[2012/10/17 03:59:01 | 000,756,084 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/10/17 03:59:00 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/10/17 03:58:08 | 000,035,404 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat
[2012/09/03 12:52:50 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/09/03 12:52:40 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/09/03 12:52:32 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/07/21 15:07:34 | 000,000,280 | ---- | C] () -- C:\Windows\SysWow64\PGPsdk.dll.sig
[2012/02/03 08:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 08:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 07:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 06:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Link to post
Share on other sites

Extras:

OTL Extras logfile created on: 29/07/2013 15:10:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Paul\Desktop\Malware
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

11.73 Gb Total Physical Memory | 7.70 Gb Available Physical Memory | 65.63% Memory free
23.46 Gb Paging File | 19.24 Gb Available in Paging File | 82.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 464.29 Gb Total Space | 313.68 Gb Free Space | 67.56% Space Free | Partition Type: NTFS
Drive O: | 15.00 Gb Total Space | 2.77 Gb Free Space | 18.45% Space Free | Partition Type: NTFS

Computer Name: JROCKAM | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1FA165A5-125B-4F3C-970C-250D8BD010E1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{47FD3B6A-0684-4363-83F3-224BC1CF6C31}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DA82628A-A071-4C33-903D-439A73E5A848}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{067D6694-95DE-4B9E-A18E-5DD8653EEE8A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{06BF7150-B0D5-4916-8C63-A9A2D73C3275}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{0D88B9CA-141A-4E3B-BF7A-136331C94014}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{169B7F87-2831-4A77-B30B-F593AFF36A06}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{1EB620F3-2669-4253-AA3B-590032BAEA61}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{26D621A5-D44F-46FA-95E9-611B79F569AF}" = protocol=6 | dir=in | app=c:\program files (x86)\wps\wps.exe |
"{27670AEF-DD17-475C-974B-1B649A87229C}" = protocol=6 | dir=in | app=c:\program files (x86)\hp\csiinstaller\9d1de902-8058-4555-a16a-fbfaa49587db\installer\hpbcsiinstaller.exe |
"{36AA56AA-9FF8-4199-AC39-B26BFA114FB4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3E328862-D879-43FC-BA49-808B9540E478}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3FF40C69-8F35-479A-9E42-48AFA2AA90EA}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{44176DC5-6948-4AD6-9A46-26E0BB98C165}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4C12497F-D264-42E4-8E8D-89DEAF523F93}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{68CFDB92-5CD3-4FDD-9956-D0EA07E9D880}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{6D2A9F1F-8BFE-42AA-A889-9FA1D3A163F6}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{718DBB60-DBED-4C31-861E-BC5D4058E2BC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{783269F0-F39C-4B3F-8BAF-E1DADA069382}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7E78C8BD-C4D9-4C0C-B2AE-FC06ADFD4EC4}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{82ED879F-34F2-4CAD-B83F-30EFA528F4ED}" = protocol=17 | dir=in | app=c:\program files (x86)\wps\wps.exe |
"{9DD75BD6-C1D0-46B7-B365-82D5D9603857}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9FAA6D32-8F57-46EF-8293-C008BCD2F785}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A0C4474A-F28C-40B6-A2A5-78E4C359063F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A1F52D16-3680-44C8-80D2-07313E46CA1E}" = protocol=17 | dir=in | app=c:\program files (x86)\hp\csiinstaller\9d1de902-8058-4555-a16a-fbfaa49587db\installer\hpbcsiinstaller.exe |
"{BB9A3202-19D3-4080-9FA1-2241594B477A}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{CACB6D13-0136-46CB-AF8E-D92E25D0C19C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{CDADC8B6-16BF-41F1-8216-2425EF9B5474}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{E0B6B210-D73C-45F3-9786-F40F38B7D32D}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{EBA33EF6-C217-4ED0-8B54-E6A43166EBFC}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{ECEAD78D-CD90-4478-A4D3-5A00CFA8BB87}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F017D912-4CB1-4A22-9908-B26D45A45B93}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F80A3B4F-084D-412F-8CB3-70F0DE07D548}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"TCP Query User{E8EFB719-2CB3-4066-9EE9-83EA6830E8C9}C:\users\patrick\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\patrick\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{CC35143B-D79E-4ABF-9160-8F140924F3E3}C:\users\patrick\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\patrick\appdata\roaming\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{033123A8-E639-4108-BFC8-27566EFFAAF4}" = HP Unified IO
"{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{11DE335D-6818-4FFA-973E-131A94953F52}" = PGP Desktop
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C83CB66-D345-4D6C-95A2-63A03269ADA0}" = Lenovo Patch Utility 64 bit
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{38294D95-DB90-4D8C-824C-26856E5001A6}" = ThinkVantage Fingerprint Software
"{3849486C-FF09-4F5D-B491-3E179D58EE15}" = Message Center Plus
"{38DEE9EC-DB2A-4151-84AD-1263FC396262}" = Xara Web Designer MX Premium
"{4041B18B-DE30-4D78-9D60-6ADC586C5E00}" = Lenovo Solution Center
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5737101A-27C4-408A-8A57-D1DC78DF84B4}" = 64 Bit HP CIO Components Installer
"{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot Shield
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{728985C5-A04B-457C-9D62-15360F3EAF85}" = Intel® WiDi
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BF601122-9F0A-41A9-BA06-3158D9FB4B80}" = Lenovo SimpleTap
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E97F409F-9E1C-42A0-B72D-765A78DF3696}" = Intel® PROSet/Wireless WiFi Software
"{ECF3E482-9188-4e29-9C31-E02FD8DC74C0}" = HP Color LaserJet CM2320 MFP Series 3.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"09839A9B5EDA69DA2DCC34637B5140AAF8A53B44" = Windows Driver Package - Intel System (01/11/2012 9.3.0.1020)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"64B3C27E4CF7B6AD920184EFFF6C488C55EF2892" = Windows Driver Package - Synaptics (SynTP) Mouse (04/06/2012 16.1.1.0)
"97EE1802A0385A37DE6323FA39EC76BEB2D73E41" = Windows Driver Package - Intel USB (08/26/2011 9.3.0.1011)
"9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8" = Windows Driver Package - Intel System (08/26/2011 9.3.0.1011)
"CCleaner" = CCleaner
"D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35" = Windows Driver Package - Intel System (08/26/2011 9.3.0.1011)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"E3535F123E7F666D573665142F90D3E5004DC326" = Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20)
"EC2A0F2B229770EC589265FCF2B4839A0C221993" = Windows Driver Package - Intel (e1cexpress) Net (01/11/2012 11.15.16.0)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"EPSON Printer and Utilities" = EPSON Printer Software
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Mapwel 2013 (64-bit)" = Mapwel 2013 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = Lenovo Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B14214C-4EBD-4784-8B2D-E70E2C2DC253}" = Global Mapper 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DFECF3-4E16-4B14-9CF1-6D6928BB4BEA}" = hpStatusAlertsM375_M475
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{24495227-1B47-4D55-AC27-167B6BC3FF73}" = hppScanToCM2320
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome
"{32C0FD10-8FB4-427E-A16F-ED57C9343CF0}" = InstanceFinder
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{365C44C6-DAAA-4615-992F-D606494EF76B}" = Garmin WorldMap v5
"{3BEA857F-D027-4759-87D2-28688D508DDE}" = hppToolboxProxyM375
"{3E64C460-0FAA-4450-99CE-783B0F662B8F}" = hpbM375M475DSService
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B3B3598-8DCC-4083-8CA2-C1ECF13DC46A}" = Garmap E Africa Streetmaps V1.3
"{4D019528-5866-4F28-B29E-E89F2495278A}" = HP LJ300-400 M375-M475 HP Scan
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{4F5F1DED-1EB8-436C-8781-F6F28BFFE871}" = HP Product FWUpdater
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{511CA535-9CB1-4128-A30C-5F4C5D4AB848}" = hppFaxUtilityCM2320
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{533D415A-4151-4AC5-858E-4068524C8051}_is1" = Pdf2Jpg version 1.2
"{55757576-28B2-4552-AAF6-340F9FFBA9FA}" = ToolboxProxy
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5952A881-831C-451A-BF20-F0CA2C295D94}" = HP Unified IO
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5E4DD8C2-A906-4F1B-94B6-4F6A51D625B2}" = HPLJDXPHelper
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility
"{6EB6293C-9286-4981-8672-956E1A92F33B}_is1" = StrongVPN Client version 1.2
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72A474E0-5AA3-4EDD-8FAA-D87CB2FD0654}" = HPLaserJet300-400ColorM375-M475Series_HelpLearnCenter_SI
"{74E69F8A-BCBB-4A0A-9361-32225755D8C3}" = Garmin BaseCamp
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AB9EA7D-78FF-4D2B-9E73-3D19FC25F6E4}" = RoboGEO v6.3.2
"{7C8660F9-42DC-4D4E-85D5-CCAE3A2E5B1F}" = HPLJUTCore
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86148F87-2666-42F9-A712-1306176C525C}" = Nalpeiron License Management
"{86F513F7-6CFD-4B07-A762-28E5ED2CEE97}" = hppLaserJetService
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Safaricom Broadband
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9767CBB5-2A81-427D-8F05-497737D56AA0}" = hpbDSService
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{99EE30D2-A7EA-486C-9AD4-57C8583375BF}" = hppSendFaxCM2320
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D1DE902-8058-4555-A16A-FBFAA49587DB}" = HP LJ300-400 color MFP M375-M475
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A62AEB2B-E2A0-4E77-8AAE-9645FE3B5487}" = ThinkVantage Access Connections
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78800AF-1779-4AE8-8EBE-16E1BE727C71}" = Integrated Camera Driver Installer Package Ver.1.2.1.16
"{A7BB9BBD-DFE4-4276-820A-7CD141FC09E6}" = Lenovo Patch Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{AE7C40B6-9C6D-4022-B017-A41A6B7FA4D3}" = hppManualsCM2320
"{B226235F-51A4-4090-B5DB-5482A28D1B0F}" = hppFaxDrvCM2320
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{B90FCEB7-2B0C-4D27-95B5-54238DF059ED}" = iPhone Configuration Utility
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{BD666C86-25CE-4D88-9F7D-C6266394C18D}" = hpStatusAlerts
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C894CC24-0DEC-4340-BCC9-DD4310DF3BED}_is1" = Able2Extract Professional 8.0
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Power Manager
"{DB6E615F-F0F3-4211-BD79-0D9B62D77B0E}" = hppM375_M475LaserJetService
"{DD7D788B-D6C2-4CB1-AACC-8614D6C21D7C}" = hppCLJCM2320
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE2E1909-12C2-4249-8003-7978BEA3A14F}" = Garmin City Navigator North America NT 2013.10 Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIP Access
"{EA9640BE-414E-4195-B53B-7905BF1A5A09}" = Mobile Broadband Drivers
"{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}" = LJDXPHelperUI
"{EC28FA6E-E38D-4F72-80EF-1FBE66B05668}" = Garmin City Navigator Europe NT 2013.10 Update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA1B7AB4-9FE9-47A8-9A2F-C9FCB2F03A26}" = HPLJUTM375-M475
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF841249-0D6B-41D7-8013-953EE3A33263}" = hppQFolderCM2320
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Allway Sync_is1" = Allway Sync version 12.14.11
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Fastboot" = RapidBoot HDD Accelerator
"Google Chrome" = Google Chrome
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Intel AppUp(SM) center 33057" = Intel AppUp(SM) center
"LastPass" = LastPass(uninstall only)
"MAGIX_{38DEE9EC-DB2A-4151-84AD-1263FC396262}" = Xara Web Designer MX Premium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NAV" = Norton AntiVirus
"NST" = Norton Identity Safe
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Opera 12.16.1860" = Opera 12.16
"OziExplorer 3.95_is1" = OziExplorer 3.95
"PRJPRO" = Microsoft Office Project Professional 2007
"T4A Maps Eastern Africa " = T4A Maps Eastern Africa
"T4A Maps Traveller's Africa" = T4A Maps Traveller's Africa
"TrueCrypt" = TrueCrypt
"WinLiveSuite" = Windows Live Essentials
"Winrar 3.93" = Winrar 3.93
"Wireless Presentation System_is1" = WPS

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27/07/2013 18:02:32 | Computer Name = JRackam | Source = Application Error | ID = 1000
Description = Faulting application name: winsat.exe, version: 6.1.7601.17514, time
stamp: 0x4ce798fc Faulting module name: winsat.exe, version: 6.1.7601.17514, time
stamp: 0x4ce798fc Exception code: 0xc0000005 Fault offset: 0x0000000000216317 Faulting
process id: 0x3eb8 Faulting application start time: 0x01ce8b14a598da13 Faulting application
path: C:\Windows\system32\winsat.exe Faulting module path: C:\Windows\system32\winsat.exe
Report
Id: 3c52e945-f708-11e2-bf1b-74e54395bc9a

Error - 28/07/2013 12:11:59 | Computer Name = JRackam | Source = WinMgmt | ID = 10
Description =

Error - 28/07/2013 12:13:12 | Computer Name = JRackam | Source = Application Error | ID = 1000
Description = Faulting application name: AcSvc.exe, version: 5.9.7.95, time stamp:
0x50487c7e Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x000326d1 Faulting process id:
0xee8 Faulting application start time: 0x01ce8bad2f7701e3 Faulting application path:
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: 9944f6a9-f7a0-11e2-82c6-74e54395bc9a

Error - 28/07/2013 12:23:55 | Computer Name = JRackam | Source = WinMgmt | ID = 10
Description =

Error - 28/07/2013 12:25:15 | Computer Name = JRackam | Source = Application Error | ID = 1000
Description = Faulting application name: AcSvc.exe, version: 5.9.7.95, time stamp:
0x50487c7e Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x000326d1 Faulting process id:
0xee8 Faulting application start time: 0x01ce8baed90cbe6e Faulting application path:
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: 4879455a-f7a2-11e2-907f-74e54395bc9a

Error - 29/07/2013 01:52:56 | Computer Name = JRackam | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Patrick\AppData\Local\Opera\Opera\temporary_downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 29/07/2013 06:43:05 | Computer Name = JRackam | Source = WinMgmt | ID = 10
Description =

Error - 29/07/2013 06:44:29 | Computer Name = JRackam | Source = Application Error | ID = 1000
Description = Faulting application name: AcSvc.exe, version: 5.9.7.95, time stamp:
0x50487c7e Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x000326d1 Faulting process id:
0xff8 Faulting application start time: 0x01ce8c48680aaa8a Faulting application path:
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: d7dca8da-f83b-11e2-8244-74e54395bc9a

Error - 29/07/2013 06:47:07 | Computer Name = JRackam | Source = WinMgmt | ID = 10
Description =

Error - 29/07/2013 06:48:38 | Computer Name = JRackam | Source = Application Error | ID = 1000
Description = Faulting application name: AcSvc.exe, version: 5.9.7.95, time stamp:
0x50487c7e Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x000326d1 Faulting process id:
0xebc Faulting application start time: 0x01ce8c48f7d4e0e7 Faulting application path:
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: 6c2b91c4-f83c-11e2-b24a-74e54395bc9a

[ Lenovo-Lenovo Patch Utility/Admin Events ]
Error - 25/07/2013 12:53:27 | Computer Name = JRockam | Source = Lenovo Patch Utility | ID = 1
Description = HttpFileDownloader failed to download the file "http://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches/x64//PM.manifest.xml".
Error message: The remote server returned an error: (404) Not Found.

Error - 25/07/2013 12:53:27 | Computer Name = JRockam | Source = Lenovo Patch Utility | ID = 2
Description = manifest file was not found on server

Error - 26/07/2013 02:28:38 | Computer Name = JRockam | Source = Lenovo Patch Utility | ID = 1
Description = HttpFileDownloader failed to download the file "http://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches/x64//PM.manifest.xml".
Error message: The remote server returned an error: (404) Not Found.

[ Lenovo-Message Center Plus/Admin Events ]
Error - 18/06/2013 13:32:02 | Computer Name = JRockam | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
is known

Error - 18/06/2013 13:32:11 | Computer Name = JRockam | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
is known

Error - 25/06/2013 07:28:09 | Computer Name = JRockam | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
is known

Error - 25/06/2013 07:28:09 | Computer Name = JRockam | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
is known

Error - 25/06/2013 07:28:09 | Computer Name = JRockam | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
is known

Error - 25/07/2013 10:05:29 | Computer Name = JRockam | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = A device attached to the system is not functioning -> Exception
message: A device attached to the system is not functioning

Error - 25/07/2013 10:05:29 | Computer Name = JRockam | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = The requested name is valid, but no data of the requested
type was found -> Exception message: The requested name is valid, but no data of
the requested type was found

Error - 25/07/2013 10:05:29 | Computer Name = JRockam | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = The requested name is valid, but no data of the requested
type was found -> Exception message: The requested name is valid, but no data of
the requested type was found

Error - 25/07/2013 10:05:29 | Computer Name = JRockam | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = The requested name is valid, but no data of the requested
type was found -> Exception message: The requested name is valid, but no data of
the requested type was found

Error - 28/07/2013 11:09:31 | Computer Name = JRockam | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = A device attached to the system is not functioning -> Exception
message: A device attached to the system is not functioning

[ System Events ]
Error - 28/07/2013 12:26:38 | Computer Name = JRockam | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 28/07/2013 12:26:39 | Computer Name = JRockam | Source = Service Control Manager | ID = 7034
Description = The AcSvc service terminated unexpectedly. It has done this 1 time(s).

Error - 28/07/2013 13:25:27 | Computer Name = JRockam | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{E996AACE-D258-4D1F-B3D5-1D9201BD9D27}
because another computer on the network has the same name. The server could not
start.

Error - 29/07/2013 06:42:56 | Computer Name = JRockam | Source = Service Control Manager | ID = 7000
Description = The SMI Helper Driver (smihlp2) service failed to start due to the
following error: %%2

Error - 29/07/2013 06:44:25 | Computer Name = JRockam | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 29/07/2013 06:45:04 | Computer Name = JRockam | Source = Service Control Manager | ID = 7034
Description = The AcSvc service terminated unexpectedly. It has done this 1 time(s).

Error - 29/07/2013 06:46:47 | Computer Name = JRockam | Source = Service Control Manager | ID = 7000
Description = The SMI Helper Driver (smihlp2) service failed to start due to the
following error: %%2

Error - 29/07/2013 06:50:06 | Computer Name = JRockam | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 29/07/2013 06:50:07 | Computer Name = JRockam | Source = Service Control Manager | ID = 7034
Description = The AcSvc service terminated unexpectedly. It has done this 1 time(s).

Error - 29/07/2013 07:02:35 | Computer Name = JRockam | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{E996AACE-D258-4D1F-B3D5-1D9201BD9D27}
because another computer on the network has the same name. The server could not
start.


< End of report >

Link to post
Share on other sites

Let´s see what svchost starts on your system:

 

Run OTL and copy the following code into OTL´s textbox:

 

activexnetsvcsmsconfig%SYSTEMDRIVE%\*.%PROGRAMFILES%\*.exe%LOCALAPPDATA%\*.exe%systemroot%\*. /mp /s/md5startexplorer.exeregedit.exewinlogon.exewininit.exeuserinit.exe/md5stopHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rsHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rsCREATERESTOREPOINT

 

Hit "Quick Scan" and post up the log it provides.

Link to post
Share on other sites

Cheers, here you go:

 

OTL logfile created on: 29/07/2013 19:23:52 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patrick\Desktop\Malware
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

11.73 Gb Total Physical Memory | 8.57 Gb Available Physical Memory | 73.04% Memory free
23.46 Gb Paging File | 20.23 Gb Available in Paging File | 86.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 464.29 Gb Total Space | 318.29 Gb Free Space | 68.55% Space Free | Partition Type: NTFS
Drive O: | 15.00 Gb Total Space | 2.72 Gb Free Space | 18.15% Space Free | Partition Type: NTFS

Computer Name: JROCKAM | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/29 15:08:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\Malware\OTL.exe
PRC - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/07/11 06:56:40 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2013/05/21 07:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/28 02:47:28 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/02/08 09:45:36 | 001,516,496 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe
PRC - [2013/01/10 15:35:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/11/08 18:08:50 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2012/09/07 08:09:02 | 000,366,480 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2012/09/07 08:08:48 | 000,133,008 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2012/08/19 04:03:19 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe
PRC - [2012/07/21 15:05:20 | 001,588,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
PRC - [2012/06/02 06:49:06 | 000,179,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
PRC - [2012/06/02 06:49:00 | 000,290,160 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2012/06/02 06:48:58 | 000,061,296 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2012/06/02 06:48:38 | 000,058,224 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2012/05/16 02:45:22 | 000,065,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2012/05/16 00:32:00 | 000,128,608 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2012/04/19 10:32:12 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/04/19 10:15:38 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2012/04/01 22:22:18 | 000,150,816 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
PRC - [2012/02/28 11:20:58 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/28 11:20:56 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/28 11:20:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/03 20:30:06 | 000,655,400 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
PRC - [2012/01/25 16:44:54 | 000,567,360 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2012/01/17 09:29:24 | 000,169,776 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
PRC - [2011/12/29 19:20:40 | 000,144,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/05/26 16:42:30 | 007,884,632 | ---- | M] () -- C:\Program Files (x86)\Safaricom Broadband\UIMain.exe
PRC - [2010/05/26 16:42:10 | 000,677,216 | ---- | M] () -- C:\Program Files (x86)\Safaricom Broadband\CMUpdater.exe
PRC - [2010/05/26 16:42:04 | 000,128,864 | ---- | M] () -- C:\Program Files (x86)\Safaricom Broadband\AutoDect.exe
PRC - [2010/03/12 00:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/01/10 22:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/30 17:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\wincfi39.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/05/26 16:42:50 | 001,185,120 | ---- | M] () -- C:\Program Files (x86)\Safaricom Broadband\WaitingForm.dll
MOD - [2010/05/26 16:42:40 | 000,617,312 | ---- | M] () -- C:\Program Files (x86)\Safaricom Broadband\UpdateAgent.dll
MOD - [2010/05/26 16:42:34 | 000,349,016 | ---- | M] () -- C:\Program Files (x86)\Safaricom Broadband\UISkin.dll
MOD - [2010/05/26 16:42:30 | 007,884,632 | ---- | M] () -- C:\Program Files (x86)\Safaricom Broadband\UIMain.exe
MOD - [2010/05/26 16:42:28 | 000,238,432 | ---- | M] () -- C:\Program Files (x86)\Safaricom Broadband\UICommonDlg.dll
MOD - [2010/05/26 16:42:14 | 001,004,904 | ---- | M] () -- C:\Program Files (x86)\Safaricom Broadband\DLL_Netcard_R.dll
MOD - [2010/05/26 16:42:10 | 000,677,216 | ---- | M] () -- C:\Program Files (x86)\Safaricom Broadband\CMUpdater.exe
MOD - [2010/05/26 16:42:08 | 000,165,208 | ---- | M] () -- C:\Program Files (x86)\Safaricom Broadband\BIXml.dll
MOD - [2010/05/26 16:42:04 | 000,128,864 | ---- | M] () -- C:\Program Files (x86)\Safaricom Broadband\AutoDect.exe
MOD - [2009/07/14 04:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 08:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/28 06:52:04 | 000,061,224 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2012/06/02 06:49:06 | 000,179,568 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM)
SRV:64bit: - [2012/06/02 06:48:58 | 000,061,296 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2012/06/02 06:48:38 | 000,058,224 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2012/05/30 01:27:14 | 000,144,992 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV:64bit: - [2012/04/01 22:21:52 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2012/02/26 15:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/02/26 15:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/02/26 15:07:32 | 000,626,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/02/26 15:07:26 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/02/03 08:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/12/29 19:20:40 | 000,144,960 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2011/12/29 08:48:24 | 000,049,480 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2011/07/12 16:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011/07/12 10:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2010/09/23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/07/21 12:24:08 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/06/26 15:57:38 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/21 07:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe -- (NAV)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/28 02:47:28 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/10 15:35:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/11/08 18:08:50 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012/09/07 08:08:50 | 000,272,272 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2012/09/07 08:08:48 | 000,133,008 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2012/09/03 12:52:48 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/08/19 04:03:19 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe -- (NCO)
SRV - [2012/07/21 15:05:20 | 001,588,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service)
SRV - [2012/05/16 00:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2012/05/16 00:32:00 | 001,662,560 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2012/05/16 00:32:00 | 000,320,576 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2012/04/19 10:15:38 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2012/02/28 11:20:58 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/28 11:20:56 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/28 11:20:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/03 20:30:06 | 000,655,400 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2012/01/17 09:29:24 | 000,169,776 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService)
SRV - [2011/07/08 08:11:06 | 000,162,816 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010/10/27 13:02:58 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe -- (HP DS Service)
SRV - [2010/03/19 00:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/12 00:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/10 22:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp2)
DRV:64bit: - [2013/06/11 00:06:49 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/23 08:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/21 08:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/16 08:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/04/28 06:52:04 | 000,044,800 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2013/04/25 03:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/24 01:23:00 | 000,460,528 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/04/16 05:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\ccsetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/05 04:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/05 04:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/02/28 02:47:56 | 000,284,448 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2013/02/28 02:47:42 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013/02/08 09:45:36 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/17 03:45:18 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/09/03 12:52:42 | 009,000,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/23 17:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 17:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 17:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/07 04:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DD01000.020\ccSetx64.sys -- (ccSet_NST)
DRV:64bit: - [2012/07/21 15:05:34 | 000,015,848 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\PGPwdefs.sys -- (Pgpwdefs)
DRV:64bit: - [2012/07/21 15:05:32 | 000,372,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PGPwded.sys -- (PGPwded)
DRV:64bit: - [2012/07/21 15:05:30 | 000,051,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PGPsdk.sys -- (PGPsdkDriver)
DRV:64bit: - [2012/07/21 15:05:22 | 000,273,848 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PGPdisk.sys -- (PGPdisk)
DRV:64bit: - [2012/07/21 15:05:22 | 000,178,552 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\PGPfsfd.sys -- (pgpfs)
DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/05/30 07:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/05/16 00:32:00 | 000,029,512 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2012/05/16 00:32:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2012/04/20 03:36:26 | 000,035,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012/04/20 03:36:26 | 000,025,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2012/04/19 10:32:08 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/04/19 10:32:06 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/04/19 10:32:06 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/04/01 05:52:30 | 000,184,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012/04/01 05:52:26 | 000,594,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012/04/01 05:52:24 | 000,163,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012/03/27 02:07:06 | 000,033,344 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV:64bit: - [2012/03/05 14:29:42 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012/03/05 14:29:40 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012/02/20 22:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/02/17 02:19:42 | 000,216,064 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2012/01/13 20:08:42 | 000,102,440 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l36wgps64.sys -- (l36wgps)
DRV:64bit: - [2012/01/11 06:30:58 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/12/29 08:48:24 | 000,147,784 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011/12/29 08:48:24 | 000,025,416 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011/12/26 12:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011/12/09 00:06:07 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/09 00:06:07 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/08 04:59:52 | 000,027,432 | ---- | M] (ThinkVantage Communications Utility) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvtvcamd.sys -- (tvtvcamd)
DRV:64bit: - [2011/12/07 20:54:20 | 000,282,152 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ)
DRV:64bit: - [2011/10/05 21:38:32 | 000,029,736 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2011/10/05 21:38:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2011/09/17 03:38:52 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/08/23 01:47:50 | 000,483,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
DRV:64bit: - [2011/08/23 01:47:50 | 000,430,664 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
DRV:64bit: - [2011/08/23 01:47:50 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
DRV:64bit: - [2011/08/23 01:47:44 | 000,419,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV:64bit: - [2011/05/29 13:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2011/05/26 03:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2010/11/21 06:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 06:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/08 08:56:54 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/09/08 08:56:52 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/09/08 08:56:52 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 03:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 02:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/07/20 19:08:01 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130728.020\ex64.sys -- (NAVEX15)
DRV - [2013/07/20 19:08:01 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130728.020\eng64.sys -- (NAVENG)
DRV - [2013/07/19 17:12:16 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130726.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/05/31 19:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/03/13 03:16:30 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/03/05 04:29:35 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.0.32\coFFPlgn\ [2013/07/29 19:06:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFFPlgn\ [2013/07/21 11:54:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP5X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2013/07/21 11:54:52 | 000,000,000 | ---D | M]

[2013/04/06 02:21:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\[opt]rs0\extensions
[2013/04/06 02:23:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Norton Safe Search (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Frostwire Toolbar = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaiognmpgbjoffachmpnnppfnokcbe\17.50820_0\
CHR - Extension: LastPass = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.25_0\
CHR - Extension: Skype Click to Call = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0\
CHR - Extension: Norton Identity Protection = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2013.1.0.32_0\

O1 HOSTS File: ([2013/07/28 19:15:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Color LaserJet CM2320 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HP LJ300-400 color MFP M375-M475 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [autodetect] C:\Program Files (x86)\Safaricom Broadband\AutoDect.exe ()
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo)
O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [statusAlerts] C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0




O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PGPlsp.dll (Symantec Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\PGPlsp.dll (Symantec Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\PGPlsp.dll (Symantec Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\PGPlsp.dll (Symantec Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36E88693-5C4A-46EB-998D-A5A891890B9D}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C2C20E9-079E-455A-9E87-D0598B592AF1}: DhcpNameServer = 4.2.2.2 213.55.96.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A826263E-40E6-4580-B101-AC1F8BC06C63}: NameServer = 196.201.216.19 209.244.0.3
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/07/29 19:16:31 | 000,123,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys
[2013/07/29 19:16:31 | 000,123,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys
[2013/07/29 19:16:31 | 000,123,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys
[2013/07/29 19:16:31 | 000,123,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbdvbh.sys
[2013/07/29 19:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\ISDBT_Assist_Driver
[2013/07/29 19:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safaricom Broadband
[2013/07/29 18:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safaricom Broadband
[2013/07/29 08:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/07/28 19:15:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/28 19:10:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/07/26 18:27:30 | 000,000,000 | ---D | C] -- C:\ldiag
[2013/07/26 17:13:52 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\GX
[2013/07/26 09:27:27 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\G Meeting Notes
[2013/07/25 15:25:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/25 15:25:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/25 15:25:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/25 15:24:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/25 15:24:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/07/25 15:17:07 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Jun
[2013/07/25 11:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/07/25 09:44:14 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Malware
[2013/07/22 15:53:39 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Mil
[2013/07/21 21:42:27 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\NPE
[2013/07/21 20:59:41 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Documents\mbam-chameleon-1.62.1.1000
[2013/07/21 20:52:33 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013/07/21 12:21:35 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Malwarebytes
[2013/07/21 12:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/21 12:21:26 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/21 12:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/21 12:12:42 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/07/21 12:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/21 11:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/07/21 11:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/07/16 13:14:45 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\ROE
[2013/07/15 21:15:35 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Al
[2013/07/15 09:38:46 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Summary
[2013/07/14 03:00:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/11 12:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pdf2Jpg
[2013/07/11 12:11:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pdf2Jpg
[2013/07/11 10:51:41 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\AO
[2013/07/09 16:26:22 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\OneNote Notebooks
[2013/07/09 10:29:40 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Strike
[2013/07/09 10:01:06 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Del
[2013/07/07 20:24:28 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Company
[2013/07/06 19:29:38 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\International
[2013/07/06 19:23:08 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Horn
[2013/07/06 13:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/07/06 13:15:17 | 000,489,392 | ---- | C] (Ask Partner Network) -- C:\Users\Patrick\Documents\APNSetup.exe
[2013/07/04 13:17:41 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Energy
[2013/07/02 12:36:01 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\TESLA
[2013/06/30 18:24:58 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Jord
[2013/02/17 13:13:27 | 014,823,424 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe

========== Files - Modified Within 30 Days ==========

[2013/07/29 19:20:52 | 000,730,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/29 19:20:52 | 000,631,778 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/29 19:20:52 | 000,111,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/29 19:16:30 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\Safaricom Broadband.lnk
[2013/07/29 19:15:06 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/29 19:15:06 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/29 19:07:28 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/29 19:05:57 | 000,431,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/29 19:05:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/29 19:05:42 | 856,616,958 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/29 18:51:22 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/29 18:51:22 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/28 20:27:00 | 000,062,333 | ---- | M] () -- C:\Users\Paul\Desktop\South Daily
[2013/07/28 19:15:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/26 15:51:06 | 000,001,263 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/07/26 13:59:21 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/24 16:13:10 | 000,000,196 | ---- | M] () -- C:\Users\Paul\Documents\cc_20130724_161307.reg
[2013/07/24 16:11:29 | 000,000,196 | ---- | M] () -- C:\Users\Paul\Documents\cc_20130724_161127.reg
[2013/07/24 16:11:14 | 000,000,396 | ---- | M] () -- C:\Users\Paul\Documents\cc_20130724_161111.reg
[2013/07/24 16:10:57 | 000,005,972 | ---- | M] () -- C:\Users\Paul\Documents\cc_20130724_161049.reg
[2013/07/24 16:10:30 | 000,138,166 | ---- | M] () -- C:\Users\Paul\Documents\cc_20130724_161022.reg
[2013/07/24 11:09:58 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/22 10:27:58 | 047,813,398 | ---- | M] () -- C:\Users\Paul\Desktop\semg 2013.pdf
[2013/07/21 12:21:28 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/21 12:13:09 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/07/21 12:13:09 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/07/21 12:13:09 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/07/21 12:12:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/07/01 22:37:58 | 000,238,336 | ---- | M] () -- C:\Users\Paul\Documents\Apple_iOS_5_Guide.pdf

========== Files Created - No Company Name ==========

[2013/07/29 19:16:19 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\Safaricom Broadband.lnk
[2013/07/28 20:27:00 | 000,062,333 | ---- | C] () -- C:\Users\Paul\Desktop\South Daily.pdf
[2013/07/25 15:25:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/25 15:25:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/25 15:25:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/25 15:25:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/25 15:25:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/24 16:13:08 | 000,000,196 | ---- | C] () -- C:\Users\Paul\Documents\cc_20130724_161307.reg
[2013/07/24 16:11:28 | 000,000,196 | ---- | C] () -- C:\Users\Paul\Documents\cc_20130724_161127.reg
[2013/07/24 16:11:13 | 000,000,396 | ---- | C] () -- C:\Users\Paul\Documents\cc_20130724_161111.reg
[2013/07/24 16:10:51 | 000,005,972 | ---- | C] () -- C:\Users\Paul\Documents\cc_20130724_161049.reg
[2013/07/24 16:10:26 | 000,138,166 | ---- | C] () -- C:\Users\Paul\Documents\cc_20130724_161022.reg
[2013/07/22 10:28:06 | 047,813,398 | ---- | C] () -- C:\Users\Paul\Desktop\2013.pdf
[2013/07/21 20:45:47 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/07/21 12:21:28 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/21 12:13:09 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/07/21 12:13:09 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/07/21 12:13:09 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/07/21 12:12:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/07/09 16:26:23 | 000,001,263 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/07/01 22:37:58 | 000,238,336 | ---- | C] () -- C:\Users\Patrick\Documents\Apple_iOS_5_Guide.pdf
[2013/05/23 18:43:07 | 000,208,556 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/04/09 14:22:23 | 000,000,017 | ---- | C] () -- C:\Users\Paul\AppData\Local\resmon.resmoncfg
[2013/02/26 16:00:58 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/24 14:02:38 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/02/24 14:02:38 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/02/24 14:02:38 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/02/24 14:02:38 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/02/24 14:02:38 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/02/24 14:02:38 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/02/24 14:02:38 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/02/24 14:02:38 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/02/24 14:02:38 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/02/24 14:02:38 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2013/02/24 14:02:38 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/02/24 14:02:38 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/02/24 14:02:38 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/02/24 14:02:38 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/02/24 14:02:38 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/02/24 14:02:38 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2013/02/24 14:02:38 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2013/02/24 14:02:38 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/02/24 14:02:38 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/02/22 10:40:01 | 000,001,032 | ---- | C] () -- C:\Users\Paul\Music - Shortcut.lnk
[2013/02/18 16:39:23 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\PROTOCOL.INI
[2013/02/18 16:17:14 | 000,176,798 | ---- | C] () -- C:\Windows\hppins12.dat
[2013/02/18 16:17:14 | 000,007,855 | ---- | C] () -- C:\Windows\hppmdl12.dat
[2013/02/12 16:45:25 | 000,000,762 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2013/01/24 12:24:30 | 000,255,312 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\wanancsp.dat
[2013/01/24 12:18:53 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
[2012/10/17 03:59:01 | 000,756,084 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/10/17 03:59:00 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/10/17 03:58:08 | 000,035,404 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat
[2012/09/03 12:52:50 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/09/03 12:52:40 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/09/03 12:52:32 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/07/21 15:07:34 | 000,000,280 | ---- | C] () -- C:\Windows\SysWow64\PGPsdk.dll.sig
[2012/02/03 08:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 08:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 07:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 06:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/06/07 22:37:58 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\.strongvpn
[2013/05/26 21:03:02 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Azureus
[2013/04/11 15:03:47 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GARMIN
[2013/01/24 12:25:38 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Leadertech
[2013/02/12 14:58:59 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Lenovo
[2013/01/24 12:28:53 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\LSC
[2013/02/22 15:55:43 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\MAGIX
[2013/02/18 16:52:59 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\MAPWEL_(64-bit)
[2013/02/08 09:51:55 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Nitro PDF
[2013/02/27 09:34:27 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Nuance
[2013/06/09 14:10:07 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Opera
[2013/02/15 14:11:01 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PGP Corporation
[2013/02/08 09:48:01 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PwrMgr
[2013/05/19 12:12:42 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Safaricom Broadband
[2013/05/06 09:35:27 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Sync App Settings
[2013/02/25 08:01:26 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\TrueCrypt
[2013/07/29 13:18:20 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2013/07/28 19:15:26 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/02/24 20:03:40 | 000,000,000 | ---D | M] -- C:\Boot
[2013/02/18 16:16:19 | 000,000,000 | ---D | M] -- C:\CM_2320_Full_Solution_Win7_3_1_AM-EMEA1
[2013/07/29 13:03:05 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009/07/14 08:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2013/02/18 15:26:52 | 000,000,000 | ---D | M] -- C:\Garmin
[2012/10/17 03:59:11 | 000,000,000 | ---D | M] -- C:\Intel
[2013/07/26 18:35:25 | 000,000,000 | ---D | M] -- C:\ldiag
[2012/10/17 03:38:49 | 000,000,000 | ---D | M] -- C:\mfg
[2013/02/12 13:47:55 | 000,000,000 | R--D | M] -- C:\MSOCache
[2013/04/03 10:43:07 | 000,000,000 | ---D | M] -- C:\OziExplorer
[2009/07/14 06:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/07/29 19:16:31 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/07/29 18:53:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2013/07/29 13:41:24 | 000,000,000 | ---D | M] -- C:\ProgramData
[2013/07/28 19:19:53 | 000,000,000 | ---D | M] -- C:\Qoobox
[2013/02/08 13:42:34 | 000,000,000 | ---D | M] -- C:\swshare
[2013/01/24 12:19:13 | 000,000,000 | ---D | M] -- C:\SWTOOLS
[2013/07/29 19:25:15 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013/01/24 12:18:44 | 000,000,000 | R--D | M] -- C:\Users
[2013/07/28 19:15:17 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2011/12/08 23:56:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/12/08 23:56:11 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/12/08 23:56:11 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/12/08 23:56:11 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/12/08 23:56:10 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 06:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/12/08 23:56:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/12/08 23:56:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 06:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009/07/14 04:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\erdnt\cache86\regedit.exe
[2009/07/14 04:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/14 04:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/14 04:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/14 04:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 06:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/21 06:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 06:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 06:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/21 06:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 06:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WININIT.EXE >
[2009/07/14 04:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\erdnt\cache64\wininit.exe
[2009/07/14 04:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 04:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache86\wininit.exe
[2009/07/14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 06:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/21 06:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 06:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2013/07/21 20:59:43 | 000,218,184 | ---- | M] () MD5=B6381489F9C8612AFFD4A2765ABD341C -- C:\Users\Patrick\Documents\mbam-chameleon-1.62.1.1000\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.