Jump to content

Recommended Posts

Hi

I have a Thinkpad Tablet 2 with Windows 8.1. I ran Malwarebytes twice and both times I had problems rebooting. I restored back to a restore point that so is still infected. DDS won't run on Win 8.1 so here is the log from Malwarebytes

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.20.01

Windows 8 x86 NTFS
Internet Explorer 11.0.9600.16518

Protection: Enabled

3/19/2014 10:30:11 PM
MBAM-log-2014-03-19 (22-54-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245541
Time elapsed: 24 minute(s), 11 second(s)

Memory Processes Detected: 2
C:\Program Files\RegClean Pro\RegCleanPro.exe (PUP.Optional.RegCleanPro.A) -> 4780 -> No action taken.
C:\Program Files\Linksicle\Service\lssvc.exe (PUP.Optional.Linksicle) -> 456 -> No action taken.

Memory Modules Detected: 3
C:\Program Files\RegClean Pro\isxdl.dll (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\RegCleanPro.dll (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\xmllite.dll (PUP.Optional.RegCleanPro.A) -> No action taken.

Registry Keys Detected: 15
HKLM\SYSTEM\CurrentControlSet\Services\lsnfd (PUP.Optional.Linksicle) -> No action taken.
HKCR\CLSID\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} (PUP.Optional.Linksicle.A) -> No action taken.
HKCR\TypeLib\{A073AC6F-0B69-494C-8D61-60618FA37B4A} (PUP.Optional.Linksicle.A) -> No action taken.
HKCR\Interface\{8A7BE212-5F53-4252-8DCA-1FB5451D4E2B} (PUP.Optional.Linksicle.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} (PUP.Optional.Linksicle.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} (PUP.Optional.Linksicle.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} (PUP.Optional.Linksicle.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} (PUP.Optional.Linksicle.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1 (PUP.Optional.RegCleanPro.A) -> No action taken.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> No action taken.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken.
HKCU\Software\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
HKCU\Software\Systweak\RegClean Pro (PUP.Optional.RegCleanerPro.A) -> No action taken.
HKLM\SOFTWARE\Linksicle (PUP.Optional.Linksicle.A) -> No action taken.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LSSVC (PUP.Optional.Linksicle) -> No action taken.

Registry Values Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\WINDOWS\system32\rundll32.exe "C:\Users\Elizabeth\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> No action taken.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0H1L1J1L1S1R1N -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\lsnfd|ImagePath (PUP.Optional.Linksicle) -> Data: system32\drivers\lsnfd.sys -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\lssvc|DisplayName (PUP.Optional.Linksicle) -> Data: Linksicle Client Service -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 11
C:\Program Files\RegClean Pro (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\2.1.1000.12580 (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\signatures (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\Users\Elizabeth\AppData\Roaming\systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\Users\Elizabeth\AppData\Roaming\systweak\Advanced System Protector\2.1.1000.12580 (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\Users\Elizabeth\AppData\Roaming\systweak\RegClean Pro (PUP.Optional.RegCleanerPro.A) -> No action taken.
C:\Users\Elizabeth\AppData\Roaming\systweak\RegClean Pro\Version 6.1 (PUP.Optional.RegCleanerPro.A) -> No action taken.
C:\Users\Elizabeth\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Elizabeth\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> No action taken.

Files Detected: 84
C:\Users\Elizabeth\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> No action taken.
C:\Windows\System32\Drivers\lsnfd.sys (PUP.Optional.Linksicle) -> No action taken.
C:\Program Files\Linksicle\IE\LinksicleClientIE.dll (PUP.Optional.Linksicle.A) -> No action taken.
C:\Users\Elizabeth\AppData\Local\Temp\is1275519350\314222721_stp\linksicle-setup-1.8.2.0.exe (PUP.Optional.Linksicle) -> No action taken.
C:\Users\Elizabeth\AppData\Local\genienext\nengine.dll (PUP.Optional.NextLive.A) -> No action taken.
C:\Windows\Tasks\RegClean Pro_UPDATES.job (PUP.Optional.RegCleanerPro.J) -> No action taken.
C:\Program Files\RegClean Pro\TraditionalCn_rcp_zh-tw.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\Chinese_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\Chinese_uninst.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\CleanSchedule.exe (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\Cloud_Backup_Setup.exe (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\Cloud_Backup_Setup_Intl.exe (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\Danish_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\Danish_uninst.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\Dutch_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\Dutch_uninst.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\eng_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\eng_uninst.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\Finnish_rcp_fi.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\Finnish_uninst_fi.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\French_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\French_uninst.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\German_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\German_uninst.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\greek_rcp_el.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\greek_uninst_el.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\isxdl.dll (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\Italian_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\Italian_uninst.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\Japanese_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\Japanese_uninst.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\korean_rcp_ko.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\korean_uninst_ko.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\Norwegian_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\Norwegian_uninst.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\polish_rcp_pl.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\polish_uninst_pl.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\portugese_rcp_pt.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\portugese_uninst_pt.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\Portuguese_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\Portuguese_uninst.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\RCPUninstall.exe (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\RegCleanPro.dll (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\RegCleanPro.exe (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\russian_rcp_ru.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\russian_uninst_ru.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\Spanish_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\spanish_uninst.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\SSDPTstub.exe (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\Swedish_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\swedish_uninst.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\systweakasp.exe (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\traditionalcn_uninst_zh-tw.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\turkish_rcp_tr.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\Turkish_uninst_tr.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\unins000.exe (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files\RegClean Pro\xmllite.dll (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Windows\Tasks\RegClean Pro_DEFAULT.job (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Windows\System32\roboot.exe (PUP.Optional.PCPerformer.A) -> No action taken.
C:\Program Files\Linksicle\Service\lssvc.exe (PUP.Optional.Linksicle) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\signatures\completedatabase.db (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Cookies.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\signatures\DigSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\signatures\FilePaths.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\signatures\FileSignature.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Folders.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Md5.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Registry.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\signatures\SetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\signatures\StrSetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1545completedatabase.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1720mupdate.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\Users\Elizabeth\AppData\Roaming\systweak\Advanced System Protector\QDetail.db (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\Users\Elizabeth\AppData\Roaming\systweak\Advanced System Protector\Settings.db (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\Users\Elizabeth\AppData\Roaming\systweak\Advanced System Protector\Update.ini (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\Users\Elizabeth\AppData\Roaming\systweak\Advanced System Protector\2.1.1000.12580\ASPLog.txt (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\Users\Elizabeth\AppData\Roaming\systweak\RegClean Pro\Version 6.1\eng_rcp.dat (PUP.Optional.RegCleanerPro.A) -> No action taken.
C:\Users\Elizabeth\AppData\Roaming\systweak\RegClean Pro\Version 6.1\ExcludeList.rcp (PUP.Optional.RegCleanerPro.A) -> No action taken.
C:\Users\Elizabeth\AppData\Roaming\systweak\RegClean Pro\Version 6.1\log_03-19-2014.log (PUP.Optional.RegCleanerPro.A) -> No action taken.
C:\Users\Elizabeth\AppData\Roaming\systweak\RegClean Pro\Version 6.1\rcpupdate.ini (PUP.Optional.RegCleanerPro.A) -> No action taken.
C:\Users\Elizabeth\AppData\Roaming\systweak\RegClean Pro\Version 6.1\results.rcp (PUP.Optional.RegCleanerPro.A) -> No action taken.
C:\Users\Elizabeth\AppData\Roaming\systweak\RegClean Pro\Version 6.1\TempHLList.rcp (PUP.Optional.RegCleanerPro.A) -> No action taken.
C:\Users\Elizabeth\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Elizabeth\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> No action taken.

(end)
 

Link to post
Share on other sites

Hello patrickosu and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites

I was having issues with cut & paste on tablet so attached the file..... used another computer to paste them in

 

OTL Extras logfile created on: 3/20/2014 4:01:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Elizabeth\Downloads
 An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.94 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 42.69% Memory free
3.44 Gb Paging File | 2.06 Gb Available in Paging File | 59.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.22 Gb Total Space | 28.06 Gb Free Space | 58.18% Space Free | Partition Type: NTFS
 
Computer Name: BETSYTABLET | User Name: Elizabeth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3053019411-198916098-2008047146-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030A6DF8-F1A7-4A84-9E5D-0AEBFB2B7829}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{11D65913-B674-43F1-A3D3-0154AB336614}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2801CB90-78FB-451A-A903-AE9733CA0E41}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2FE5A2E3-6E2F-44AC-A042-7512A6B9C612}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{390EB004-D31D-4E4D-8B37-9ED872ABA7CC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4FDE4BC6-655B-4504-8A3F-6C09F2B3C415}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7F268161-43DE-4635-8B8F-8BB6B2CE4D67}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85B83AD3-3AEB-469E-8917-ECABD7CF50DF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{AFE0B2B4-533B-48E6-84C2-93ABE62970EE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B1D2851D-AA12-4818-ACB3-F1CEB3BB7FB1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E3866A57-BA5B-43CD-8FAA-FB7E6147BD28}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024AAEB6-DFD2-4B42-9B99-D55E4F145471}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |

"{09791CCB-7487-4523-8322-433FE510879F}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{0A508EDD-62ED-4360-A2AE-B777CCD196FE}" = dir=out | name=lenovo settings |

"{0EBF48C6-FE43-48AE-88B4-AC4BE79F363A}" = dir=out | name=zinio |
"{108D72E1-EABD-4FA8-8623-71CD75FB9CBD}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |

"{1478F586-D9A1-4C08-829E-5A804F419847}" = dir=out | name=norton studio |
"{14BABC20-367D-41C2-BCD2-5977241BE8FB}" = dir=in | name=check point vpn |


"{1BA4AD90-EE72-46FD-8080-F6741E9939B6}" = dir=out | name=lenovo support |


"{234BC87D-07A1-4D9D-BEAC-2420DA9AA69A}" = dir=in | app=c:\users\elizabeth\appdata\local\microsoft\skydrive\skydrive.exe |
"{28778D8B-6798-4BED-8564-10F9B98D7E19}" = dir=out | name=juniper networks junos pulse |
"{288F382D-BFC8-488E-8D7D-E459CD8D114D}" = dir=out | name=microsoft mahjong |
"{2C71EF9C-BC8A-4E5D-8009-EEF47934A73E}" = dir=out | name=netflix |
"{2DF2E2B0-A588-4810-90EB-4C394CAB983F}" = dir=in | name=junipernetworks.junospulsevpn |
"{331D3F10-92E3-4211-9259-CAF9D02FCE86}" = dir=out | name=junipernetworks.junospulsevpn |
"{33D3A1C8-3DC5-4012-886F-7B072F17AE2E}" = dir=in | name=rara music |

"{3B248AD1-AD19-4CE8-BF98-704055D20387}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{42F4587B-B3B5-4B86-9390-2CB6E9AD054A}" = dir=out | name=f5 vpn |
"{43A83BFC-ADEC-4028-9285-4BE4453B3C77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |


"{4B956D22-A00D-4556-9249-69BCFF141D07}" = dir=out | name=taptiles |
"{4DD7E3E7-31F7-480B-9ADA-2397A2C6DDC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52B745EA-FED5-4E7D-AEA2-4714828A8DEA}" = dir=out | name=microsoft solitaire collection |

"{5792B4BF-C701-4504-B653-E8CDEE57D54C}" = dir=out | name=lenovo settings |
"{5BC62174-9A15-4AA8-961C-F816F8072FC1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5C893F8B-CE93-46D1-B1BF-4480BBA98A82}" = dir=out | name=sonicwall mobile connect |

"{62548784-7BFE-4067-8EBB-FB1417C12BE0}" = dir=out | name=skype |


"{6826BB80-D747-4B96-A0C8-EDF3BFA25718}" = dir=out | name=windows_ie_ac_001 |
"{68C16748-0B33-410F-817B-9D82944E4927}" = dir=in | app=c:\program files\intel\intelappstore\bin\ismagent.exe |
"{69960B5A-1119-44AE-AB22-21FF06780ABB}" = dir=out | name=rara music |


"{79602474-B98B-4977-A361-42F2A11D3510}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |


"{7FB28169-B4FE-45A2-BAD7-0391BBAA2D1D}" = dir=in | name=lenovo settings |
"{835E0E77-65D1-4FAA-AA5E-AC67565A94FB}" = dir=out | name=sonicwall.mobileconnect |
"{8D1AE9C0-F9B5-4F48-B63F-9F490DE1E8DF}" = dir=out | name=lenovo settings |
"{8E7CD301-D95A-4D70-BFC6-284CFC658CF3}" = dir=out | name=evernote touch |

"{9B8DFC88-81DC-41CC-862C-C4D63B82F378}" = dir=in | name=lenovo settings |
"{9C4C2BC9-1459-4677-824F-E3B587320A49}" = dir=out | name=windows_ie_ac_001 |
"{9E2D21D2-BF8E-42E0-84B8-877C3D28748E}" = dir=in | name=microsoft mahjong |

"{A1E5E0A3-4A85-483A-8D5A-CA13708A6839}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A59C912A-65CB-441D-9364-A44E11456711}" = dir=out | name=lenovo companion |

"{AA2F96F7-1BE9-412B-AC31-1268BDA8BD42}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |

"{AC11BFC9-ECA9-4929-9CF4-1EE91F1FF157}" = dir=in | name=taptiles |


"{AFB463F6-EB71-4438-BCD3-BE8095FFDA7B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AFD02E29-D0AE-4D3D-9192-747992DB742B}" = dir=in | name=f5 vpn |

"{B2AB8D46-DF6B-4D1B-B3F9-2FF275E3C0B2}" = dir=in | name=skype |
"{B9164D83-C58B-42D6-88E9-DE801DFEA41E}" = dir=in | name=zinio |
"{B971C210-DBF5-41D2-ABC4-277921BE549C}" = dir=out | name=accuweather for windows 8 |


"{BEBB26C8-47B9-4571-8A67-E390183707CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C248E3B8-C8E7-4955-A9C4-EB51083E9CF3}" = dir=out | name=windows_ie_ac_001 |
"{C4BB11A1-CD02-4DC9-936F-6A6479163EC6}" = dir=out | name=lenovo cloud storage by sugarsync |
"{C5DA6F7B-8764-4119-8A31-D50E8BDE182A}" = dir=in | name=juniper networks junos pulse |
"{C6182E4B-10FC-4083-A766-458080D68E73}" = dir=in | name=f5.vpn.client |
"{C917A856-FC64-4D53-9C6F-51646783C6F6}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{D1858C61-B127-425B-B2D7-DBF02018649C}" = dir=out | name=onenote |
"{D61D0B9A-9597-4E4D-818D-31C1593D9E8D}" = dir=out | name=amazon |
"{D7D50BF6-EC6C-407E-8243-F978EC40ACBF}" = dir=in | name=evernote touch |
"{D9B5476E-95A5-46B8-B902-73F2EC18202A}" = protocol=6 | dir=out | app=system |

"{E0D18D83-3AA2-445D-ABD4-67AF971C66F0}" = dir=out | name=skitch touch |
"{E129588B-1AB1-4DE9-965E-F3DEE27312D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E20BB53A-3BDC-460D-BAEE-FFDC117AB485}" = dir=in | name=sonicwall.mobileconnect |
"{E3FC7C69-E9E8-4E39-9B6F-1E31EA337E00}" = dir=in | name=microsoft solitaire collection |
"{E4568E32-264A-41F0-B6FE-B9249E22BAA7}" = dir=out | name=check point vpn |
"{E6A4BE21-4183-455E-8C07-84C78011B261}" = dir=out | name=checkpoint.vpn |

"{E8CEA7BA-7BC0-4034-AA8A-57D7F8DB3E6C}" = dir=out | name=lenovo quicksnip |
"{EAE430CE-5304-478A-8D85-F3859A56F0C6}" = dir=in | name=onenote |

"{EDE6EBED-63B6-4F2A-81C2-86EA41BD9282}" = dir=in | name=sonicwall mobile connect |

"{F70D86B0-2965-4A8C-99EE-3267B12FB95F}" = dir=out | name=kindle |


"{FA35BA80-EA4B-48FD-9FEF-74E9E0B3FEC7}" = dir=in | name=checkpoint.vpn |
"{FE5EA256-AD54-4FD8-B211-1263089653FF}" = dir=out | name=f5.vpn.client |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1" = Lenovo Settings Dependency Package
"{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}" = Broadcom Wireless Utility
"{5755F2B9-3D32-436C-9A96-0EE9FBD02DF6}" = Nitro Pro 8
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8244E9F7-691E-4C1A-B2FC-F79BFBBA2515}" = SMSC LAN9500 Device Driver
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = Lenovo Settings - Camera Audio
"{896CF264-EB1D-4322-8470-51229369D6E4}" = Update for Microsoft en-us Dictionary
"{89A448AA-3301-46AA-AFC3-34F2D7C670E8}" = Realtek I2S Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-007E-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AD32F5E9-6BDD-480A-8B7B-95571D04691C}" = Lenovo Patch Utility
"{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{C6FB6B4A-1378-4CD3-9CD3-42BA69FCBD43}" = Lenovo Patch Utility
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{E13C0407-3243-448C-BF1D-DC7C7E02C358}" = DPR
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector
"1080E59EFECB29ECA25B046AF1205496C742A8BD" = Windows Driver Package - Broadcom (BtwSerialBus) System  (10/16/2012 12.0.0.3320)
"2CB05254229E9DCC8DDD568B7690BFB58707A27B" = Windows Driver Package - Intel Corporation (camera) Image  (10/19/2012 6.2.9200.24722)
"31F3276AE3EB5F23FFF65CA6F833C7614C685603" = Windows Driver Package - Intel Corporation (ov8830) System  (10/19/2012 6.2.9200.24722)
"435337F05D5069260B5EEDFB425F4E8AF3BAD35D" = Windows Driver Package - Intel Corporation (mt9e013) System  (10/19/2012 6.2.9200.24722)
"700BCBB8787B6CE4474A610C5DE9CE3C95ACC556" = Windows Driver Package - Atmel Corp (mxtBootBridge) HardwarePatchDriver  (09/11/2012 6.2.9200.16384)
"7E9A68EF5A742D0A96318732F882C31EFF4B2A0B" = Windows Driver Package - Lenovo 1.66.00.17 (10/09/2012 1.66.00.17)
"8ACEFA31AC73553F5EEFA5785AD8D4D0E850401F" = Windows Driver Package - Broadcom (bcmfn2) System  (08/30/2012 20.43.14.119)
"A469BF3C31141065CC76DE6E0A5A0822037906FC" = Windows Driver Package - Intel Corporation (Lm3554) System  (10/19/2012 6.2.9200.24722)
"A7A806AF0E8576FDBCC68B0E6C969DC75032BABA" = Windows Driver Package - Intel Corporation (FlashLed) System  (10/19/2012 6.2.9200.24722)
"D59220782B6FD496B699CCA87DD2D1AE74E18663" = Windows Driver Package - Broadcom (BCMSDH43XX) Net  (10/18/2012 5.93.97.83)
"DF8E163CF1D6D335F2FDBFF52B139DBEAE5093FB" = Windows Driver Package - Intel Corporation (ov2720) System  (10/19/2012 6.2.9200.24722)
"F3293093CFAB6A179961B2E848076A9E32AC9302" = Windows Driver Package - Intel Corporation (imx175) System  (10/19/2012 6.2.9200.24722)
"FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C" = Intel® Dynamic Platform & Thermal Framework
"HomeStudentRetail - en-us" = Microsoft Office Home and Student 2013 - en-us
"Intel AppUp® center 41651" = Intel AppUp® center
"Lenovo Dependency Package_is1" = Lenovo Dependency Package
"Linksicle" = Linksicle
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mobogenie" = Mobogenie
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyPC Backup" = MyPC Backup
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = Lenovo Power Management Driver
"RealPlayer 16.0" = RealPlayer
"RegClean Pro_is1" = RegClean Pro
"SugarSync" = SugarSync Manager
"ThinkPad Optical TrackPoint Driver" = ThinkPad Optical TrackPoint Driver
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3053019411-198916098-2008047146-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UpdaterEX" = Extended Update
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/4/2014 11:25:00 PM | Computer Name = BetsyTablet | Source = Application Hang | ID = 1002
Description = The program LiveComm.exe version 17.5.9600.20315 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 2d30    Start
 Time: 01cf3822389053d9    Termination Time: 4294967295    Application Path: C:\Program
Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x86__8wekyb3d8bbwe\LiveComm.exe

Report
 Id: aa9fce2e-a415-11e3-afb5-1c3e8474a6e8    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20315_x86__8wekyb3d8bbwe

Faulting
 package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1  
 
Error - 3/8/2014 1:20:46 AM | Computer Name = BetsyTablet | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description =
 
Error - 3/8/2014 10:34:42 PM | Computer Name = BetsyTablet | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 3/14/2014 11:40:50 PM | Computer Name = BetsyTablet | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 3/14/2014 11:45:10 PM | Computer Name = BetsyTablet | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 3/16/2014 12:34:56 PM | Computer Name = BetsyTablet | Source = ESENT | ID = 455
Description = svchost (1608) SRUJet: Error -1811 (0xfffff8ed) occurred while opening
 logfile C:\WINDOWS\system32\SRU\SRU00695.log.
 
Error - 3/16/2014 12:50:58 PM | Computer Name = BetsyTablet | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 3/16/2014 12:51:15 PM | Computer Name = BetsyTablet | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description =
 
Error - 3/20/2014 | Computer Name = BetsyTablet | Source = ESENT | ID = 455
Description = svchost (1616) SRUJet: Error -1811 (0xfffff8ed) occurred while opening
 logfile C:\WINDOWS\system32\SRU\SRU00003.log.
 
Error - 3/20/2014 12:00:01 AM | Computer Name = BetsyTablet | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description =
 
[ System Events ]
Error - 3/13/2014 1:34:57 PM | Computer Name = BetsyTablet | Source = TPM | ID = 12
Description = The device driver for the Trusted Platform Module (TPM) encountered
 an error in the TPM hardware, which might prevent some applications using TPM services
 from operating correctly.  Please restart your computer to reset the TPM hardware.
  For further assistance on this hardware issue, please contact the computer manufacturer
 for more information.
 
Error - 3/14/2014 10:43:08 AM | Computer Name = BetsyTablet | Source = TPM | ID = 15
Description = The device driver for the Trusted Platform Module (TPM) encountered
 a non-recoverable error in the TPM hardware, which prevents TPM services (such
as data encryption) from being used. For further help, please contact the computer
 manufacturer.
 
Error - 3/14/2014 10:43:56 AM | Computer Name = BetsyTablet | Source = DCOM | ID = 10016
Description =
 
Error - 3/14/2014 10:49:32 AM | Computer Name = BetsyTablet | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
 but none of the cipher suites supported by the client application are supported
 by the server. The SSL connection request has failed.
 
Error - 3/14/2014 10:49:32 AM | Computer Name = BetsyTablet | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
 code is 40. The Windows SChannel error state is 107.
 
Error - 3/14/2014 6:20:38 PM | Computer Name = BetsyTablet | Source = DCOM | ID = 10016
Description =
 
Error - 3/15/2014 12:50:14 AM | Computer Name = BetsyTablet | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the WMPNetworkSvc service.
 
Error - 3/15/2014 12:56:56 AM | Computer Name = BetsyTablet | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the WMPNetworkSvc service.
 
Error - 3/15/2014 1:07:07 AM | Computer Name = BetsyTablet | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the WMPNetworkSvc service.
 
Error - 3/15/2014 3:14:53 PM | Computer Name = BetsyTablet | Source = DCOM | ID = 10016
Description =
 
 
< End of report >
 

 

OTL logfile created on: 3/20/2014 4:01:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Elizabeth\Downloads
 An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.94 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 42.69% Memory free
3.44 Gb Paging File | 2.06 Gb Available in Paging File | 59.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.22 Gb Total Space | 28.06 Gb Free Space | 58.18% Space Free | Partition Type: NTFS
 
Computer Name: BETSYTABLET | User Name: Elizabeth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/20 16:00:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elizabeth\Downloads\OTL.exe
PRC - [2014/03/19 22:17:43 | 008,236,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x86__8wekyb3d8bbwe\glcnd.exe
PRC - [2014/02/26 21:47:50 | 000,138,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe\livecomm.exe
PRC - [2014/02/17 15:00:35 | 000,853,496 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
PRC - [2014/01/16 00:43:30 | 000,194,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
PRC - [2014/01/09 00:58:50 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SkyDrive.exe
PRC - [2014/01/07 22:09:05 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2014/01/07 22:06:46 | 000,761,536 | ---- | M] () -- C:\Program Files\Mobogenie\DaemonProcess.exe
PRC - [2013/12/16 16:05:32 | 000,115,760 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2013/12/16 09:13:02 | 000,101,936 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\shtctky.exe
PRC - [2013/12/05 19:43:00 | 000,545,840 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tposd.exe
PRC - [2013/12/05 16:22:04 | 000,186,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2013/12/05 16:21:46 | 000,110,128 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2013/11/30 12:18:52 | 002,065,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2013/11/30 12:18:52 | 000,518,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WWAHost.exe
PRC - [2013/11/22 21:48:55 | 000,479,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SettingSyncHost.exe
PRC - [2013/10/31 09:48:02 | 001,320,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
PRC - [2013/10/30 14:25:40 | 000,409,352 | ---- | M] (Wistron Corp.) -- C:\Program Files\DPR\DPR.exe
PRC - [2013/10/30 14:24:20 | 000,119,608 | ---- | M] (Wistron Corp.) -- C:\Program Files\DPR\WisLMSvc.exe
PRC - [2013/10/02 15:14:52 | 000,272,936 | ---- | M] (Linksicle) -- C:\Program Files\Linksicle\Service\lssvc.exe
PRC - [2013/09/29 21:53:58 | 000,086,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\ImmersiveControlPanel\SystemSettings.exe
PRC - [2013/09/19 16:45:18 | 000,038,440 | ---- | M] (Just Develop It) -- C:\Program Files\MyPC Backup\BackupStack.exe
PRC - [2013/09/17 18:22:40 | 000,585,032 | ---- | M] (LENOVO INCORPORATED.) -- C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe
PRC - [2013/09/17 18:21:48 | 000,205,128 | ---- | M] (LENOVO INCORPORATED.) -- C:\Program Files\Lenovo\QuickSnipService\QuickSnipService.exe
PRC - [2013/09/17 18:21:46 | 000,323,400 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\QuickSnipService\QuickSnipInput.exe
PRC - [2013/08/21 23:30:48 | 000,066,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhostex.exe
PRC - [2013/08/21 23:21:42 | 000,029,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RuntimeBroker.exe
PRC - [2013/08/21 20:45:10 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dasHost.exe
PRC - [2013/08/21 20:45:01 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/08/01 09:42:00 | 001,668,904 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2013/07/17 18:47:54 | 002,044,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
PRC - [2013/07/04 21:10:20 | 000,687,104 | ---- | M] (Lenovo Corporation) -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
PRC - [2013/07/04 21:10:02 | 000,593,408 | ---- | M] (Lenovo Corporation) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2013/07/04 21:09:56 | 000,608,256 | ---- | M] (Lenovo Corporation) -- C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
PRC - [2013/07/04 21:09:44 | 000,504,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2013/07/04 21:09:44 | 000,504,320 | ---- | M] (Lenovo Corporation) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2013/06/21 17:42:30 | 000,465,912 | ---- | M] () -- C:\Program Files\Lenovo\LocationAware\loctaskmgr.exe
PRC - [2013/06/21 17:42:24 | 000,014,328 | ---- | M] () -- C:\Program Files\Lenovo\LocationAware\lpdagent.exe
PRC - [2013/06/20 16:05:42 | 000,244,728 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\extapsup.exe
PRC - [2013/04/25 19:12:42 | 002,646,016 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/10 02:12:20 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2013/01/10 02:12:12 | 000,196,616 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
PRC - [2012/12/02 23:51:54 | 000,249,632 | ---- | M] (PARTRON) -- C:\Program Files\TrackPoint\TrackPointApp.exe
PRC - [2012/10/31 11:21:28 | 000,074,624 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DptfPolicyCriticalService.exe
PRC - [2012/10/31 11:21:26 | 000,081,792 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DptfParticipantProcessorService.exe
PRC - [2012/10/31 11:21:20 | 000,109,440 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DptfParticipantDisplayService.exe
PRC - [2012/10/26 15:49:22 | 000,786,808 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
PRC - [2012/10/26 15:47:58 | 000,436,088 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2012/10/26 15:47:34 | 002,039,160 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/13 16:15:45 | 001,169,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\5d657eb91c57cf9b4f121a1a98874136\System.Management.ni.dll
MOD - [2014/02/13 16:08:15 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\ab8978239d891c4afffd6a6df3996a6e\System.Core.ni.dll
MOD - [2014/02/13 16:07:45 | 010,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\8455c031f8ffe82a0109c563873260e8\System.ni.dll
MOD - [2014/01/16 00:40:46 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2014/01/16 00:40:06 | 000,359,592 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
MOD - [2014/01/07 22:06:46 | 000,761,536 | ---- | M] () -- C:\Program Files\Mobogenie\DaemonProcess.exe
MOD - [2013/12/02 18:37:02 | 017,376,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\ebdd49343f711b2029293f8e621b28a2\mscorlib.ni.dll
MOD - [2013/08/01 09:42:00 | 000,095,232 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2013/06/21 17:42:24 | 000,014,328 | ---- | M] () -- C:\Program Files\Lenovo\LocationAware\lpdagent.exe
MOD - [2012/12/02 23:52:04 | 000,439,584 | ---- | M] () -- C:\Program Files\TrackPoint\TrackPointDll.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/02/22 00:44:54 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/06 03:47:18 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/12/16 16:05:32 | 000,115,760 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2013/12/05 16:21:46 | 000,110,128 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2013/11/30 12:18:52 | 001,210,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\workfolderssvc.dll -- (workfolderssvc)
SRV - [2013/11/30 12:18:52 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AppReadiness.dll -- (AppReadiness)
SRV - [2013/11/27 08:09:45 | 002,872,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService)
SRV - [2013/11/27 03:01:56 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure)
SRV - [2013/11/22 22:23:17 | 000,202,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV - [2013/11/07 21:30:03 | 001,128,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AppXDeploymentServer.dll -- (AppXSvc)
SRV - [2013/10/31 09:48:02 | 001,320,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe -- (OfficeSvc)
SRV - [2013/10/30 14:24:20 | 000,119,608 | ---- | M] (Wistron Corp.) [Auto | Running] -- C:\Program Files\DPR\WisLMSvc.exe -- (WisLMSvc)
SRV - [2013/10/02 15:14:52 | 000,272,936 | ---- | M] (Linksicle) [Auto | Running] -- C:\Program Files\Linksicle\Service\lssvc.exe -- (lssvc)
SRV - [2013/09/29 21:53:57 | 001,198,592 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc)
SRV - [2013/09/29 21:53:57 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/09/29 21:53:57 | 000,301,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc)
SRV - [2013/09/29 21:47:38 | 000,174,080 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2013/09/19 16:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/09/17 18:30:48 | 000,022,888 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2013/09/17 18:22:40 | 000,585,032 | ---- | M] (LENOVO INCORPORATED.) [Auto | Running] -- C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe -- (Lenovo System Agent Service)
SRV - [2013/09/17 18:21:48 | 000,205,128 | ---- | M] (LENOVO INCORPORATED.) [Auto | Running] -- C:\Program Files\Lenovo\QuickSnipService\QuickSnipService.exe -- (Lenovo QuickSnip Service)
SRV - [2013/08/21 23:18:20 | 000,278,264 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV - [2013/08/21 23:18:20 | 000,022,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2013/08/21 23:17:49 | 002,407,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 22:03:29 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wephostsvc.dll -- (WEPHOSTSVC)
SRV - [2013/08/21 22:03:12 | 000,028,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\efssvc.dll -- (EFS)
SRV - [2013/08/21 21:56:08 | 000,052,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)
SRV - [2013/08/21 21:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 21:54:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc)
SRV - [2013/08/21 21:50:48 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc)
SRV - [2013/08/21 21:10:39 | 000,141,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc)
SRV - [2013/08/21 21:05:56 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss)
SRV - [2013/08/21 21:05:56 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync)
SRV - [2013/08/21 21:05:56 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown)
SRV - [2013/08/21 21:05:56 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv)
SRV - [2013/08/21 21:05:56 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange)
SRV - [2013/08/21 21:05:56 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat)
SRV - [2013/08/21 21:05:56 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicguestinterface)
SRV - [2013/08/21 20:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\smphost.dll -- (smphost)
SRV - [2013/08/21 20:49:34 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV - [2013/08/21 20:48:12 | 000,044,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\keyiso.dll -- (KeyIso)
SRV - [2013/08/21 20:45:36 | 000,173,056 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker)
SRV - [2013/08/21 20:44:38 | 000,415,744 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)
SRV - [2013/08/21 20:41:55 | 000,124,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ncbservice.dll -- (NcbService)
SRV - [2013/08/21 20:39:05 | 000,196,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc)
SRV - [2013/08/21 20:38:43 | 000,306,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService)
SRV - [2013/08/21 20:37:53 | 000,173,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV - [2013/08/21 20:36:04 | 000,614,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM)
SRV - [2013/08/21 20:31:45 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc)
SRV - [2013/08/21 20:21:32 | 000,064,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/08/01 09:42:00 | 001,668,904 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2013/07/17 18:47:54 | 002,044,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe -- (Lenovo Settings Service)
SRV - [2013/07/04 21:10:20 | 000,687,104 | ---- | M] (Lenovo Corporation) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM)
SRV - [2013/07/04 21:09:44 | 000,504,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2013/07/04 21:09:44 | 000,504,320 | ---- | M] (Lenovo Corporation) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2013/07/04 21:09:34 | 000,565,760 | ---- | M] (Lenovo Corporation) [On_Demand | Stopped] -- C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe -- (AVControlCenter)
SRV - [2013/06/21 17:42:30 | 000,465,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\LocationAware\loctaskmgr.exe -- (LocationTaskManager)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/10 02:12:20 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2013/01/10 02:12:12 | 000,196,616 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe -- (NitroDriverReadSpool8)
SRV - [2012/10/31 11:21:32 | 000,087,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Windows\System32\DptfPolicyLpmService.exe -- (DptfPolicyLpmService)
SRV - [2012/10/31 11:21:28 | 000,074,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\DptfPolicyCriticalService.exe -- (DptfPolicyCriticalService)
SRV - [2012/10/31 11:21:26 | 000,081,792 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService)
SRV - [2012/10/31 11:21:20 | 000,109,440 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\DptfParticipantDisplayService.exe -- (DptfParticipantDisplayService)
SRV - [2012/10/26 15:49:22 | 000,786,808 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013/11/30 12:21:14 | 000,069,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV - [2013/11/30 12:18:52 | 000,321,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\spaceport.sys -- (spaceport)
DRV - [2013/11/30 12:18:52 | 000,047,960 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\stornvme.sys -- (stornvme)
DRV - [2013/11/29 22:34:03 | 000,016,560 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\bcmfn2.sys -- (bcmfn2)
DRV - [2013/11/29 22:34:02 | 000,521,392 | ---- | M] (Broadcom) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\bcmdhd63.sys -- (BCMSDH43XX)
DRV - [2013/11/20 19:54:50 | 000,114,968 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\BtwSerialBus.sys -- (BtwSerialBus)
DRV - [2013/11/20 15:13:38 | 000,406,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\igddim32.sys -- (igddim32)
DRV - [2013/11/20 15:13:38 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\igdperf32.sys -- (igdperf32)
DRV - [2013/11/10 18:50:33 | 000,036,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\intelpep.sys -- (intelpep)
DRV - [2013/11/09 04:54:52 | 000,261,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV - [2013/11/01 04:17:26 | 000,077,144 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\pdc.sys -- (pdc)
DRV - [2013/10/26 14:28:41 | 000,120,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SerCx2.sys -- (SerCx2)
DRV - [2013/10/02 15:14:50 | 000,052,688 | ---- | M] (Linksicle) [Kernel | System | Running] -- C:\Windows\System32\Drivers\lsnfd.sys -- (lsnfd)
DRV - [2013/09/29 21:53:57 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV - [2013/09/29 21:53:57 | 000,142,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VerifierExt.sys -- (VerifierExt)
DRV - [2013/09/29 21:47:37 | 000,023,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2013/09/29 21:47:36 | 000,030,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\terminpt.sys -- (terminpt)
DRV - [2013/08/22 00:13:53 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\condrv.sys -- (condrv)
DRV - [2013/08/21 23:35:21 | 000,053,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\dam.sys -- (dam)
DRV - [2013/08/21 23:35:20 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\acpiex.sys -- (acpiex)
DRV - [2013/08/21 23:34:52 | 000,133,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\tpm.sys -- (TPM)
DRV - [2013/08/21 23:33:32 | 000,058,208 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\mvumis.sys -- (mvumis)
DRV - [2013/08/21 23:33:31 | 000,033,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV - [2013/08/21 23:33:30 | 000,122,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV - [2013/08/21 23:33:30 | 000,068,960 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV - [2013/08/21 23:33:29 | 000,069,472 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV - [2013/08/21 23:33:26 | 000,086,368 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\3ware.sys -- (3ware)
DRV - [2013/08/21 23:33:25 | 000,773,472 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\adp80xx.sys -- (ADP80XX)
DRV - [2013/08/21 23:33:25 | 000,100,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV - [2013/08/21 23:33:24 | 000,073,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorClass.sys -- (EhStorClass)
DRV - [2013/08/21 23:33:01 | 000,276,832 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV - [2013/08/21 23:32:57 | 000,163,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\UCX01000.SYS -- (UCX01000)
DRV - [2013/08/21 23:32:57 | 000,090,976 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storahci.sys -- (storahci)
DRV - [2013/08/21 23:32:57 | 000,064,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\sdstor.sys -- (sdstor)
DRV - [2013/08/21 23:32:57 | 000,059,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SpbCx.sys -- (SpbCx)
DRV - [2013/08/21 23:32:57 | 000,058,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SerCx.sys -- (SerCx)
DRV - [2013/08/21 23:32:57 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\uaspstor.sys -- (UASPStor)
DRV - [2013/08/21 23:32:38 | 000,031,584 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cnghwassist.sys -- (cnghwassist)
DRV - [2013/08/21 23:25:38 | 000,046,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\wpcfltr.sys -- (wpcfltr)
DRV - [2013/08/21 23:25:37 | 000,284,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\clfs.sys -- (CLFS)
DRV - [2013/08/21 23:24:56 | 000,023,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\uefi.sys -- (UEFI)
DRV - [2013/08/21 23:24:36 | 000,023,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV - [2013/08/21 23:20:49 | 000,093,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\WdNisDrv.sys -- (WdNisDrv)
DRV - [2013/08/21 23:20:48 | 000,214,368 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\WdFilter.sys -- (WdFilter)
DRV - [2013/08/21 23:20:22 | 000,093,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmbus.sys -- (vmbus)
DRV - [2013/08/21 23:20:22 | 000,045,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmstorfl.sys -- (storflt)
DRV - [2013/08/21 23:20:22 | 000,042,304 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storvsc.sys -- (storvsc)
DRV - [2013/08/21 23:17:00 | 000,029,128 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\WdBoot.sys -- (WdBoot)
DRV - [2013/08/21 22:11:29 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\ahcache.sys -- (ahcache)
DRV - [2013/08/21 22:11:04 | 000,043,520 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV - [2013/08/21 22:10:58 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicRender.sys -- (BasicRender)
DRV - [2013/08/21 22:10:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\HyperVideo.sys -- (HyperVideo)
DRV - [2013/08/21 22:10:37 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mshidumdf.sys -- (mshidumdf)
DRV - [2013/08/21 22:10:28 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\acpitime.sys -- (acpitime)
DRV - [2013/08/21 22:10:21 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpipagr.sys -- (acpipagr)
DRV - [2013/08/21 22:10:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\npsvctrig.sys -- (npsvctrig)
DRV - [2013/08/21 22:10:01 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV - [2013/08/21 22:09:59 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\kdnic.sys -- (kdnic)
DRV - [2013/08/21 22:09:58 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\BthMini.SYS -- (BthMini)
DRV - [2013/08/21 22:09:57 | 000,006,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vms3cap.sys -- (s3cap)
DRV - [2013/08/21 22:09:50 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vmgencounter.sys -- (gencounter)
DRV - [2013/08/21 22:09:37 | 000,023,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthhfHid.sys -- (bthhfhid)
DRV - [2013/08/21 22:09:15 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV - [2013/08/21 22:09:10 | 000,026,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2013/08/21 22:09:09 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hyperkbd.sys -- (hyperkbd)
DRV - [2013/08/21 22:09:03 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/08/21 22:09:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\hidi2c.sys -- (hidi2c)
DRV - [2013/08/21 22:09:01 | 000,018,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2013/08/21 22:08:37 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\dmvsc.sys -- (dmvsc)
DRV - [2013/08/21 22:08:18 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\netvsc63.sys -- (netvsc)
DRV - [2013/08/21 22:08:17 | 000,185,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV - [2013/08/21 22:08:06 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV - [2013/08/21 22:07:57 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV - [2013/08/21 22:07:55 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mslldp.sys -- (MsLldp)
DRV - [2013/08/21 22:07:53 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\vwifimp.sys -- (vwifimp)
DRV - [2013/08/21 22:07:19 | 000,091,136 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\Ndu.sys -- (Ndu)
DRV - [2013/08/21 19:58:35 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\fxppm.sys -- (FxPPM)
DRV - [2013/08/09 18:39:44 | 000,524,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\iaStorAV.sys -- (iaStorAV)
DRV - [2013/08/01 09:42:00 | 000,019,712 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\Drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2013/07/23 15:18:30 | 000,061,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\iaioi2c.sys -- (iaioi2c)
DRV - [2013/07/23 15:18:30 | 000,022,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\iaiogpio.sys -- (GPIO)
DRV - [2013/05/06 21:54:40 | 000,138,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\rtii2sac.sys -- (rtii2sac)
DRV - [2013/04/10 17:51:08 | 000,237,056 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\isstrtc.sys -- (IntelSST)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/10/29 12:36:38 | 000,077,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\BcmGnssBus.sys -- (BcmGnssBus)
DRV - [2012/10/23 23:13:08 | 000,081,648 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\clvpep.sys -- (clvpep)
DRV - [2012/10/19 03:43:14 | 000,178,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\camera.sys -- (camera)
DRV - [2012/10/19 03:41:46 | 000,030,720 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\lm3554.sys -- (Lm3554)
DRV - [2012/10/19 03:41:42 | 000,054,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\ov8830.sys -- (ov8830)
DRV - [2012/10/19 03:41:32 | 000,034,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\ov2720.sys -- (ov2720)
DRV - [2012/10/18 02:04:42 | 000,072,280 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ChaabiDriver.sys -- (ChaabiDriver)
DRV - [2012/10/16 08:30:30 | 000,163,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\DptfManager.sys -- (DptfManager)
DRV - [2012/10/16 08:30:30 | 000,068,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\DptfDevProc.sys -- (DptfDevProc)
DRV - [2012/10/16 08:30:30 | 000,049,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\DptfDevGen.sys -- (DptfDevGen)
DRV - [2012/10/16 08:30:30 | 000,043,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\DptfDevDisplay.sys -- (DptfDevDisplay)
DRV - [2012/10/05 14:48:58 | 000,040,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\Uart16550pc.sys -- (Uart16550pc)
DRV - [2012/09/20 23:10:44 | 000,025,840 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\LNWIPC.sys -- (LNWIPC)
DRV - [2012/09/20 23:10:42 | 000,048,880 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\inteli2c.sys -- (inteli2c)
DRV - [2012/09/20 23:04:40 | 000,022,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\GPIOCLV.sys -- (GPIOCLV)
DRV - [2012/09/17 08:32:10 | 000,017,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\MSICReg.sys -- (MSICReg)
DRV - [2012/09/17 08:32:06 | 000,046,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\spi.sys -- (spi)
DRV - [2012/09/16 23:07:24 | 000,011,264 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\GpioVirtual.sys -- (GpioVirtual)
DRV - [2012/09/10 23:18:08 | 000,025,088 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\mxtBootBridge.sys -- (mxtBootBridge)
DRV - [2012/08/21 23:34:28 | 000,016,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\MBI.sys -- (MBI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {2B8655C1-E32C-404A-9721-7081C228FF8C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2B8655C1-E32C-404A-9721-7081C228FF8C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3053019411-198916098-2008047146-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13-comm.msn.com
IE - HKU\S-1-5-21-3053019411-198916098-2008047146-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com [binary data]
IE - HKU\S-1-5-21-3053019411-198916098-2008047146-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com [binary data]
IE - HKU\S-1-5-21-3053019411-198916098-2008047146-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13-comm.msn.com
IE - HKU\S-1-5-21-3053019411-198916098-2008047146-1001\..\SearchScopes,DefaultScope = {2B8655C1-E32C-404A-9721-7081C228FF8C}
IE - HKU\S-1-5-21-3053019411-198916098-2008047146-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-3053019411-198916098-2008047146-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/01/07 22:12:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2014/01/07 22:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Extensions
[2014/02/22 00:41:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/22 00:45:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/08/22 00:13:55 | 000,000,824 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts
O2 - BHO: (Linksicle) - {2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} - C:\Program Files\Linksicle\IE\LinksicleClientIE.dll (Linksicle)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [{E13C0407-3243-448C-BF1D-DC7C7E02C358}] C:\Program Files\DPR\DPR.exe (Wistron Corp.)
O4 - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\System32\DptfPolicyLpmServiceHelper.exe (Intel Corporation)
O4 - HKLM..\Run: [intel AppUp® center] C:\Program Files\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Corporation)
O4 - HKLM..\Run: [LenovoOptMouseUpdate] C:\Program Files\Lenovo\HOTKEY\extapsup.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RtkNGUI] C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3053019411-198916098-2008047146-1001..\Run: [NextLive] C:\Users\Elizabeth\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - Startup: C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O4 - Startup: C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 148.87.112.101 148.87.112.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82C78921-7FDE-4812-A0A3-200C72AF8486}: DhcpNameServer = 148.87.112.101 148.87.112.102
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/26 00:52:25 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/19 23:05:18 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth
[2014/03/19 22:12:32 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/03/19 21:06:33 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2014/03/16 11:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/15 15:14:57 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Roaming\Malwarebytes
[2014/03/15 15:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/15 15:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/03/15 14:23:56 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Roaming\SUPERAntiSpyware.com
[2014/03/15 14:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/03/15 14:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/02/22 00:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/20 16:02:00 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\UpdaterEX.job
[2014/03/20 15:02:15 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job
[2014/03/20 08:46:23 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/20 08:04:08 | 000,733,198 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/20 08:04:08 | 000,136,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/19 22:29:44 | 000,001,338 | ---- | M] () -- C:\Users\Elizabeth\Desktop\Clean Registry for Free!.lnk
[2014/03/19 22:28:29 | 000,000,369 | ---- | M] () -- C:\Users\Elizabeth\AppData\Local\RegisteredPackageInformation.xml
[2014/03/19 22:27:27 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys
[2014/03/19 22:27:26 | 1666,531,328 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/19 22:13:06 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/12 21:03:19 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_UPDATES.job
[2014/03/07 23:18:26 | 000,367,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/03/07 23:02:09 | 000,000,114 | ---- | M] () -- C:\Users\Elizabeth\AppData\Roaming\WB.CFG
 
========== Files Created - No Company Name ==========
 
[2014/03/19 22:13:06 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/14 21:33:34 | 000,103,936 | ---- | C] () -- C:\WINDOWS\System32\OEMLicense.dll
[2014/01/07 23:02:08 | 000,000,114 | ---- | C] () -- C:\Users\Elizabeth\AppData\Roaming\WB.CFG
[2014/01/07 22:03:23 | 000,017,136 | ---- | C] () -- C:\WINDOWS\System32\sasnative32.exe
[2013/12/04 15:48:36 | 000,000,369 | ---- | C] () -- C:\Users\Elizabeth\AppData\Local\RegisteredPackageInformation.xml
[2013/11/30 12:34:54 | 000,021,316 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/11/29 22:35:42 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTKIDSPEXT3.DAT
[2013/11/29 22:35:39 | 000,640,436 | ---- | C] () -- C:\WINDOWS\System32\drivers\realtek_fw_sst.bin
[2013/11/29 22:34:29 | 000,466,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\43241b0rtecdc.bin
[2013/11/29 22:34:29 | 000,405,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\43241b4rtecdc.bin
[2013/11/29 22:34:29 | 000,239,820 | ---- | C] () -- C:\WINDOWS\System32\drivers\4330b2rtecdc.bin
[2013/11/20 19:59:38 | 000,000,198 | -H-- | C] () -- C:\ProgramData\Lenovo-21379.vbs
[2013/11/20 19:29:15 | 000,000,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTKIEQ.dat
[2013/11/20 19:29:15 | 000,000,154 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTKIDSPEXT5.DAT
[2013/11/20 19:29:15 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTKIDSPEXT2.DAT
[2013/11/20 19:29:15 | 000,000,116 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTKIDRC.dat
[2013/11/20 19:29:15 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTKIGEN.dat
[2013/11/20 19:29:15 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTKIDSPEXT1.DAT
[2013/11/20 15:13:46 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\pvrscopeservices.dll
[2013/11/20 15:13:38 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2013/11/20 15:13:38 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\igdperf32.sys
[2013/11/20 02:21:32 | 001,659,946 | ---- | C] () -- C:\WINDOWS\System32\drivers\isp_firmware.bin
[2013/08/22 02:19:09 | 000,733,198 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/22 02:19:09 | 000,296,742 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2013/08/22 02:19:09 | 000,136,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/22 02:19:09 | 000,033,362 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2013/08/22 02:17:31 | 000,000,389 | ---- | C] () -- C:\WINDOWS\System32\AutoWorkplace.exe.config
[2013/08/22 02:17:30 | 000,215,943 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2013/08/22 02:17:29 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2013/08/22 01:24:03 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 01:22:45 | 000,367,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/21 21:33:54 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\BthpanContextHandler.dll
[2013/08/21 21:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\BWContextHandler.dll
[2013/08/21 17:57:03 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 17:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2013/08/21 17:52:35 | 001,520,828 | ---- | C] () -- C:\WINDOWS\System32\WpcNBModel.bin
[2013/08/21 17:52:35 | 000,526,068 | ---- | C] () -- C:\WINDOWS\System32\staticurllist.bin
[2013/08/21 17:50:57 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\settings.dat
[2013/08/21 17:48:14 | 000,049,963 | ---- | C] () -- C:\WINDOWS\System32\srms.dat
[2012/07/25 14:25:51 | 000,963,376 | ---- | C] () -- C:\WINDOWS\System32\igcodeckrng600.bin
[2012/07/25 14:25:51 | 000,267,284 | ---- | C] () -- C:\WINDOWS\System32\igvpkrng600.bin
 
========== ZeroAccess Check ==========
 
[2014/01/07 22:05:52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/23 02:19:35 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 20:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2013/08/21 20:42:12 | 000,390,144 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/03/19 22:29:03 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\newnext.me
[2014/03/19 22:29:58 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\Nitro PDF
[2013/11/29 21:34:08 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\Sierra Wireless
[2014/03/19 23:36:03 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\systweak
[2014/01/07 22:02:42 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\UpdaterEX
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\Elizabeth\SkyDrive:ms-properties

< End of report >
 

Link to post
Share on other sites

Step 1

Please uninstall the following applications:

Mobogenie

MyPC Backup

RegClean Pro

Extended Update

Step 2

Please run a Quick Scan with Malwarebytes and post the log:

Open up Malwarebytes => Settings Tab => Scanner Settings => Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Link to post
Share on other sites

Hi - When I try to uninstall "extended update" it immediately wants to reboot my tablet.  Should I? I canceled it

 

For RegCleanPro it has an error stating ....messages file "C:\Program Files\RegCleanPro\unins000.msg is missing" Please correct the problem or obrain a new copy of the program.

 

i removed the others

Link to post
Share on other sites

below i pasted the malwarebytes log. i still have regCleanPro imstalled. i got a few pop-ups stating that IP addreases were blocked after the scan.

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.21.10

Windows 8 x86 NTFS
Internet Explorer 11.0.9600.16521
Elizabeth :: BETSYTABLET [administrator]

Protection: Enabled

3/21/2014 9:51:22 PM
mbam-log-2014-03-21 (21-51-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM
Scan options disabled: PUP | P2P
Objects scanned: 246335
Time elapsed: 13 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites

ADWCLEANER

# AdwCleaner v3.022 - Report created 23/03/2014 at 18:13:05
# Updated 13/03/2014 by Xplode
# Operating System : Windows 8.1  (32 bits)
# Username : Elizabeth - BETSYTABLET
# Running from : C:\Users\Elizabeth\AppData\Local\Microsoft\Windows\INetCache\IE\CH2CJVJ5\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : lssvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\Program Files\Advanced System Protector
Folder Deleted : C:\Program Files\Linksicle
Folder Deleted : C:\Program Files\RegClean Pro
Folder Deleted : C:\Users\Elizabeth\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Elizabeth\Documents\Mobogenie
File Deleted : C:\Users\Public\Desktop\Advanced System Protector.lnk
File Deleted : C:\Users\Public\Desktop\RegClean Pro.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
File Deleted : C:\WINDOWS\system32\roboot.exe
File Deleted : C:\WINDOWS\System32\Tasks\Advanced System Protector_startup
File Deleted : C:\WINDOWS\System32\Tasks\RegClean Pro
File Deleted : C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job
File Deleted : C:\WINDOWS\System32\Tasks\RegClean Pro_DEFAULT
File Deleted : C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job
File Deleted : C:\WINDOWS\System32\Tasks\RegClean Pro_UPDATES
File Deleted : C:\WINDOWS\Tasks\UpdaterEX.job
File Deleted : C:\WINDOWS\System32\Tasks\UpdaterEX

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDF7E86C-87F3-485D-9947-A6F69CE5F186}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DDF7E86C-87F3-485D-9947-A6F69CE5F186}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0E154118-FDA0-4B8A-971D-D3F2F1965FFF}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E154118-FDA0-4B8A-971D-D3F2F1965FFF}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BABF3F3-918D-4A56-8A95-8CE7614456CF}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4432540-CE67-49C6-B154-2FC42ABCE95B}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8BABF3F3-918D-4A56-8A95-8CE7614456CF}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4432540-CE67-49C6-B154-2FC42ABCE95B}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2950692-082D-4862-AF5D-819A427379D4}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2950692-082D-4862-AF5D-819A427379D4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\vrf4kz8y.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [4459 octets] - [23/03/2014 18:10:02]
AdwCleaner[s0].txt - [4159 octets] - [23/03/2014 18:13:05]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4219 octets] ##########
 

Link to post
Share on other sites

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 8.1 x86
Ran by Elizabeth on Sun 03/23/2014 at 17:26:44.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [service] lssvc



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nextlive



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\regclean pro_is1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}



~~~ Files

Failed to delete: [File] "C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job"
Failed to delete: [File] "C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job"
Failed to delete: [File] "C:\WINDOWS\system32\roboot.exe"



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\systweak"
Failed to delete: [Folder] "C:\ProgramData\application data\systweak"
Successfully deleted: [Folder] "C:\Users\Elizabeth\AppData\Roaming\newnext.me"
Successfully deleted: [Folder] "C:\Users\Elizabeth\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Elizabeth\appdata\local\genienext"
Successfully deleted: [Folder] "C:\Users\Elizabeth\appdata\local\mobogenie"
Failed to delete: [Folder] "C:\Program Files\advanced system protector"
Failed to delete: [Folder] "C:\Program Files\linksicle"
Successfully deleted: [Folder] "C:\Program Files\mypc backup"
Failed to delete: [Folder] "C:\Program Files\regclean pro"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\advanced system protector"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\regclean pro"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/23/2014 at 17:38:03.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Please run a Quick Scan with Malwarebytes and post the log:

Open up Malwarebytes => Settings Tab => Scanner Settings => Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.26.07

Windows 8 x86 NTFS
Internet Explorer 11.0.9600.16521
Elizabeth :: BETSYTABLET [administrator]

Protection: Enabled

3/26/2014 8:33:20 PM
mbam-log-2014-03-26 (20-33-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM
Scan options disabled: PUP | P2P
Objects scanned: 248219
Time elapsed: 13 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Well it didn't reboot...I guess this is what happens when I don't follow directions. The tablet booted up to a blue screen and I am now doing a system restore. The restore point is March 26th. Here's the text of the Malwarebytes log:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.26.07

Windows 8 x86 NTFS
Internet Explorer 11.0.9600.16521
Elizabeth :: BETSYTABLET [administrator]

Protection: Enabled

3/26/2014 10:21:27 PM
mbam-log-2014-03-26 (22-21-27).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM
Scan options disabled: PUP | P2P
Objects scanned: 349229
Time elapsed: 56 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LENOVO.TPKNRRES (Trojan.Agent) -> Data: rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
 

Link to post
Share on other sites

After restoring i ran a quick scan and a full scan. Did not find anything. Below is the contents of the file attached above this post. This is the result of the Full scan.

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.27.05

Windows 8 x86 NTFS
Internet Explorer 11.0.9600.16521
Elizabeth :: BETSYTABLET [administrator]

Protection: Enabled

3/27/2014 12:15:17 PM
mbam-log-2014-03-27 (12-15-17).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM
Scan options disabled: PUP | P2P
Objects scanned: 349652
Time elapsed: 55 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.