kmengarelli Posted June 10, 2014 ID:840110 Share Posted June 10, 2014 Premium member of Malwarebytes. I have attached the logs from farbar. Malwarebytes when I scan shows mysearchdial and I quarantine it but it returns on every scan. Can you please help me remove it?thanks,Kris Link to post Share on other sites More sharing options...
kmengarelli Posted June 10, 2014 Author ID:840111 Share Posted June 10, 2014 Sorry I forgot to attach the log files"Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014Ran by kmengarelli (administrator) on PHS-KMENGARELLI on 10-06-2014 16:35:28Running from C:\Users\kmengarelli\Desktop\malwarebytes helpPlatform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe(Lenovo.) C:\Windows\System32\ibmpmsvc.exe(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe(Collobos Software) C:\Program Files\PrintKit\printkitd.exe(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe(Lenovo.) C:\Windows\System32\TpShocks.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Collobos Software) C:\Program Files\Presto\PrestoHelper.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe(Dropbox, Inc.) C:\Users\kmengarelli\AppData\Roaming\Dropbox\bin\Dropbox.exe(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Joyent, Inc) C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Microsoft Corporation) C:\Windows\splwow64.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\audiodg.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [297008 2014-01-28] (Lenovo Group Limited)HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)HKLM\...\Run: [MSC] => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyHKLM\...\Run: [ResetACGauge] => C:\Program Files (x86)\Lenovo\Access Connections\smbhlpr.exe [147456 2014-03-14] (Lenovo)HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()HKLM\...\Run: [bTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11586944 2012-06-18] (Motorola Solutions, Inc.)HKLM\...\Run: [] => [X]HKLM\...\Run: [bLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-05-31] (Intel Corporation)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3029744 2013-04-26] (Synaptics Incorporated)HKLM\...\Run: [PrestoHelper] => C:\Program Files\Presto\PrestoHelper.exe [3468800 2013-09-10] (Collobos Software)HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exeHKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-14] (Intel Corporation)HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-31] (Intel Corporation)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitorHKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)HKLM-x32\...\Run: [sMART Ink] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [147248 2014-02-11] (SMART Technologies)HKLM-x32\...\Run: [sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-01-11] (Sophos Limited)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [sMART Floating Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe [9024304 2013-11-20] (SMART Technologies ULC)HKLM-x32\...\Run: [sMARTNotification] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe [204592 2014-02-12] (SMART Technologies)HKLM-x32\...\Run: [sMART Tray Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe [744752 2014-02-12] (SMART Technologies)HKLM-x32\...\Run: [sMART Board Service] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [1933616 2014-02-12] (SMART Technologies)HKLM-x32\...\Run: [sbsdk-server] => C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62768 2013-08-22] (SMART Technologies)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)HKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)HKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\Run: [Google Update] => C:\Users\kmengarelli\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-03-01] (Google Inc.)HKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\RunOnce: [uninstall C:\Users\kmengarelli\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\kmengarelli\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"HKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\RunOnce: [uninstall C:\Users\kmengarelli\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\kmengarelli\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"HKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\MountPoints2: {4680a533-d21c-11e3-af28-b888e3350297} - E:\setup.exe -aHKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\MountPoints2: {b75e3514-f0ca-11e2-ad3b-b888e3350297} - E:\iStudio.exeHKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\MountPoints2: {c068f0c6-60dc-11e1-ac10-806e6f6e6963} - Q:\LenovoQDrive.exeAppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [218256 2012-09-21] (Sophos Limited)AppInit_DLLs-x32: c:\progra~2\sophos\sophos~1\sophos~1.dll => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [221840 2012-09-21] (Sophos Limited)Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGinaStartup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnkShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)Startup: C:\Users\kmengarelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\kmengarelli\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\kmengarelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Presto.lnkShortcutTarget: Presto.lnk -> C:\Program Files\Presto\Presto.exe (Collobos Software) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpadHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENPHKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpadSearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtAyDtDtBzyyBzyzztD0BtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0Ezz0BtCtDtGtDyDtB0AtGyE0EyD0EtGtB0DtA0CtGtB0DyE0EzztD0C0E0ByC0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByB0AtB0EtAzytG0F0CtCtDtGtC0CtC0BtG0F0B0BtAtGtC0EtDtBtByB0EyByCtA0B0C2Q&cr=531881053&ir=SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtAyDtDtBzyyBzyzztD0BtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0Ezz0BtCtDtGtDyDtB0AtGyE0EyD0EtGtB0DtA0CtGtB0DyE0EzztD0C0E0ByC0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByB0AtB0EtAzytG0F0CtCtDtGtC0CtC0BtG0F0B0BtAtGtC0EtDtBtByB0EyByCtA0B0C2Q&cr=531881053&ir=SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtAyDtDtBzyyBzyzztD0BtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0Ezz0BtCtDtGtDyDtB0AtGyE0EyD0EtGtB0DtA0CtGtB0DyE0EzztD0C0E0ByC0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByB0AtB0EtAzytG0F0CtCtDtGtC0CtC0BtG0F0B0BtAtGtC0EtDtBtByB0EyByCtA0B0C2Q&cr=531881053&ir=SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtAyDtDtBzyyBzyzztD0BtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0Ezz0BtCtDtGtDyDtB0AtGyE0EyD0EtGtB0DtA0CtGtB0DyE0EzztD0C0E0ByC0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByB0AtB0EtAzytG0F0CtCtDtGtC0CtC0BtG0F0B0BtAtGtC0EtDtBtByB0EyByCtA0B0C2Q&cr=531881053&ir=SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS494BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Android\adt-bundle-windows-x86_64-20130729\adt-bundle-windows-x86_64-20130729\eclipse\jre\bin\ssv.dll (Oracle Corporation)BHO: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Android\adt-bundle-windows-x86_64-20130729\adt-bundle-windows-x86_64-20130729\eclipse\jre\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll (SMART Technologies ULC.)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileToolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileWinsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 FireFox:========FF ProfilePath: C:\Users\kmengarelli\AppData\Roaming\Mozilla\Firefox\Profiles\9b71g888.defaultFF SelectedSearchEngine: MysearchdialFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Android\adt-bundle-windows-x86_64-20130729\adt-bundle-windows-x86_64-20130729\eclipse\jre\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @emusic.com/eMusicPlugin DLM6 - C:\Program Files (x86)\eMusic Download Manager 6\npEMusic604.dll No FileFF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\kmengarelli\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\kmengarelli\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\kmengarelli\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\kmengarelli\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF user.js: detected! => C:\Users\kmengarelli\AppData\Roaming\Mozilla\Firefox\Profiles\9b71g888.default\user.jsFF Plugin ProgramFiles/Appdata: C:\Users\kmengarelli\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\kmengarelli\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF Extension: No Name - C:\Users\kmengarelli\AppData\Roaming\Mozilla\Firefox\Profiles\9b71g888.default\Extensions\staged [2014-05-05]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-23]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-12]FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ []FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-03] Chrome: =======CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENPCHR StartupUrls: "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP", "hxxp://start.mysearchdial.com/?f=1&a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtAyDtDtBzyyBzyzztD0BtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0Ezz0BtCtDtGtDyDtB0AtGyE0EyD0EtGtB0DtA0CtGtB0DyE0EzztD0C0E0ByC0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByB0AtB0EtAzytG0F0CtCtDtGtC0CtC0BtG0F0B0BtAtGtC0EtDtBtByB0EyByCtA0B0C2Q&cr=531881053&ir="CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (TrueSuite) - C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc)CHR Plugin: (Google Update) - C:\Users\kmengarelli\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No FileCHR Plugin: (Google Talk Plugin) - C:\Users\kmengarelli\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\kmengarelli\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No FileCHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\kmengarelli\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No FileCHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No FileCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]CHR Extension: (YouTube) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-23]CHR Extension: (GeoGebra) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2014-02-10]CHR Extension: (Google Search) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-23]CHR Extension: (IBA Opt-out (by Google)) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2014-02-01]CHR Extension: (Keep My Opt-Outs) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2014-02-01]CHR Extension: (Wolfram|Alpha (Official)) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2012-11-15]CHR Extension: (Save to Pocket) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-06-01]CHR Extension: (Google Wallet) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]CHR Extension: (Readability) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2013-05-15]CHR Extension: (dotEPUB) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\okpfiebkkmjcnodegbbbiellepfhoglm [2013-01-21]CHR Extension: (Gmail) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-23]CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\KMENGA~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-04-30]CHR HKCU\...\Chrome\Extension: [cgiaikfpllchefojlnehlmpekeogihnm] - C:\Users\kmengarelli\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx [2013-01-20]CHR HKLM-x32\...\Chrome\Extension: [cgiaikfpllchefojlnehlmpekeogihnm] - C:\Users\kmengarelli\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx [2013-01-20]CHR HKLM-x32\...\Chrome\Extension: [clglhglbidpdbjffpfcldkifhdegdfle] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2013-04-01] ==================== Services (Whitelisted) ================= R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139944 2013-08-07] (AuthenTec, Inc)R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-05-31] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-05-31] (Intel Corporation)R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [198704 2014-01-28] (Lenovo Group Limited)R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()R2 PrintKit Service; C:\Program Files\PrintKit\printkitd.exe [4307224 2013-09-10] (Collobos Software)R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-01-11] (Sophos Limited)R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2012-09-21] (Sophos Limited)R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [538416 2014-02-12] (SMART Technologies)R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-01-11] (Sophos Limited)S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-02-04] (Sophos Limited)S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2012-11-12] (Sophos Limited)R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401704 2013-07-22] (AuthenTec, Inc.)R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2011-12-05] (Symantec Corporation)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [X]S3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [X] ==================== Drivers (Whitelisted) ==================== S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [111104 2012-05-21] (Motorola Solutions, Inc.)S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [849408 2012-06-09] (Motorola Solutions, Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-10] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2012-09-21] (Sophos Limited)R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2013-08-12] (SMART Technologies)R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2013-08-12] (SMART Technologies)S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2013-03-07] (SMART Technologies ULC)R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-26] (Synaptics Incorporated)R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2011-08-25] (Sophos Plc)R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)S3 5U877; system32\DRIVERS\5U877.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-10 16:35 - 2014-06-10 16:35 - 00000000 ____D () C:\FRST2014-06-10 16:34 - 2014-06-10 16:35 - 00000000 ____D () C:\Users\kmengarelli\Desktop\malwarebytes help2014-06-09 13:52 - 2014-06-09 13:52 - 00001676 _____ () C:\Users\kmengarelli\Desktop\1234.txt2014-06-07 19:57 - 2014-06-07 19:57 - 00001675 _____ () C:\1234.txt2014-06-06 13:58 - 2014-05-08 02:14 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-06-06 13:58 - 2014-05-08 01:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-06-06 13:58 - 2014-05-08 00:52 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-06-06 13:58 - 2014-05-08 00:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-06-06 13:58 - 2014-05-07 23:57 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-06-06 13:58 - 2014-05-07 23:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-06-06 13:31 - 2014-03-24 21:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-06-06 13:31 - 2014-03-24 21:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-06-06 13:30 - 2014-05-09 01:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-06-06 13:30 - 2014-05-09 01:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-06-06 13:30 - 2014-04-11 21:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2014-06-06 13:30 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2014-06-06 13:30 - 2014-04-11 21:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-06-06 13:30 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2014-06-06 13:30 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2014-06-06 13:30 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2014-06-06 13:30 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2014-06-06 13:30 - 2014-04-11 21:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-06-06 13:30 - 2014-04-11 21:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-06-06 13:30 - 2014-03-04 04:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-06-06 13:30 - 2014-03-04 04:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-06-06 13:30 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll2014-06-06 13:30 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2014-06-06 13:30 - 2014-03-04 04:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-06-06 13:30 - 2014-03-04 04:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-06-06 13:30 - 2014-03-04 04:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-06-06 13:30 - 2014-03-04 04:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-06-06 13:30 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll2014-06-06 13:30 - 2014-03-04 04:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-06-06 13:30 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll2014-06-06 13:30 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll2014-06-06 13:30 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll2014-06-06 13:30 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll2014-06-06 13:30 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll2014-06-06 13:30 - 2014-03-04 04:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-06-06 13:30 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2014-06-06 13:30 - 2014-03-04 04:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2014-06-06 13:30 - 2014-03-04 04:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-06-06 13:30 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2014-06-06 13:14 - 2014-06-06 13:14 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\LSC2014-06-05 07:39 - 2014-06-05 07:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fingerprint Reader2014-06-03 21:21 - 2014-06-03 21:21 - 00003498 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Update2014-06-03 21:21 - 2014-06-03 21:21 - 00003480 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Engine2014-06-03 21:21 - 2014-06-03 21:21 - 00003306 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Initial Update2014-05-30 20:55 - 2014-05-30 20:55 - 00033382 _____ () C:\Users\kmengarelli\Desktop\functional-resume.ott2014-05-29 10:39 - 2014-05-29 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-05-29 10:38 - 2014-05-29 10:38 - 00000000 ____D () C:\Program Files\iPod2014-05-29 10:37 - 2014-05-29 10:39 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-05-29 10:37 - 2014-05-29 10:39 - 00000000 ____D () C:\Program Files\iTunes2014-05-29 10:37 - 2014-05-29 10:39 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-05-23 10:57 - 2014-05-23 10:57 - 00007578 _____ () C:\Users\kmengarelli\Desktop\2014 Summer School.xlsx2014-05-21 15:17 - 2014-05-21 15:25 - 00000000 ____D () C:\Users\kmengarelli\Desktop\Map Recommend Export2014-05-21 12:41 - 2014-05-21 15:37 - 00017103 _____ () C:\Users\kmengarelli\Desktop\Mengarelli Map.xlsx2014-05-15 08:26 - 2014-05-15 08:26 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\GeoGebra 4.42014-05-11 17:58 - 2013-11-27 15:44 - 06226807 _____ () C:\Users\kmengarelli\Documents\Tutorial for SMART Notebook 11.4.notebook ==================== One Month Modified Files and Folders ======= 2014-06-10 16:36 - 2013-09-12 20:44 - 00000000 ____D () C:\ProgramData\PrintKit2014-06-10 16:36 - 2012-07-23 14:41 - 00000000 ____D () C:\Users\kmengarelli\AppData\Local\Temp2014-06-10 16:36 - 2012-02-26 19:57 - 01607625 _____ () C:\Windows\WindowsUpdate.log2014-06-10 16:35 - 2014-06-10 16:35 - 00000000 ____D () C:\FRST2014-06-10 16:35 - 2014-06-10 16:34 - 00000000 ____D () C:\Users\kmengarelli\Desktop\malwarebytes help2014-06-10 16:33 - 2012-02-26 20:17 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-06-10 16:26 - 2013-04-05 10:03 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510UA.job2014-06-10 16:26 - 2012-02-26 20:17 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-06-10 16:25 - 2012-05-02 08:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-06-10 10:52 - 2012-07-27 14:06 - 00000000 ____D () C:\Users\kmengarelli\AppData\Local\Deployment2014-06-10 09:54 - 2012-05-03 00:54 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl2014-06-10 07:20 - 2014-04-15 13:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-06-10 07:19 - 2014-03-31 18:37 - 00000618 _____ () C:\Windows\Tasks\New scan.job2014-06-10 07:19 - 2009-07-13 23:51 - 00145714 _____ () C:\Windows\setupact.log2014-06-09 19:14 - 2014-05-06 19:12 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\DropboxMaster2014-06-09 19:14 - 2012-12-02 21:40 - 00000000 ___RD () C:\Users\kmengarelli\Dropbox2014-06-09 19:14 - 2012-09-20 10:28 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\Dropbox2014-06-09 19:13 - 2014-05-05 20:59 - 00000000 ____D () C:\Temp2014-06-09 19:13 - 2012-07-25 22:09 - 00000000 ___RD () C:\Users\kmengarelli\Desktop\Google Drive2014-06-09 19:12 - 2013-05-14 12:40 - 00000000 ____D () C:\Users\phslib2014-06-09 19:12 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-06-09 19:12 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-06-09 19:10 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI2014-06-09 19:05 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-06-09 18:50 - 2013-04-30 07:41 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\Mozilla2014-06-09 17:47 - 2013-04-05 10:03 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510Core.job2014-06-09 14:11 - 2010-11-20 22:47 - 00749676 _____ () C:\Windows\PFRO.log2014-06-09 13:52 - 2014-06-09 13:52 - 00001676 _____ () C:\Users\kmengarelli\Desktop\1234.txt2014-06-09 12:27 - 2012-07-23 14:43 - 00000000 ____D () C:\Users\kmengarelli\AppData\Local\CrashDumps2014-06-07 19:57 - 2014-06-07 19:57 - 00001675 _____ () C:\1234.txt2014-06-06 18:32 - 2012-07-23 14:42 - 00000000 ___RD () C:\Users\kmengarelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-06-06 18:32 - 2012-07-23 14:42 - 00000000 ___RD () C:\Users\kmengarelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-06-06 14:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-06-06 14:06 - 2014-05-06 18:14 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-06-06 14:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-06-06 13:58 - 2012-05-02 08:23 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-06-06 13:52 - 2013-09-05 15:23 - 00000000 ____D () C:\Windows\system32\MRT2014-06-06 13:38 - 2012-07-24 23:06 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-06-06 13:14 - 2014-06-06 13:14 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\LSC2014-06-06 07:33 - 2012-02-26 20:09 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo2014-06-06 07:33 - 2012-02-26 19:54 - 00000000 ____D () C:\Program Files\Lenovo2014-06-06 07:30 - 2012-02-26 20:09 - 00000000 ____D () C:\Windows\Downloaded Installations2014-06-05 07:41 - 2014-04-25 07:00 - 00001934 _____ () C:\Users\kmengarelli\.powerschool_gradebook.properties2014-06-05 07:41 - 2012-07-23 14:41 - 00000000 ____D () C:\Users\kmengarelli2014-06-05 07:39 - 2014-06-05 07:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fingerprint Reader2014-06-04 07:33 - 2013-08-26 08:09 - 00001116 _____ () C:\SSUUpdater.log2014-06-03 21:21 - 2014-06-03 21:21 - 00003498 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Update2014-06-03 21:21 - 2014-06-03 21:21 - 00003480 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Engine2014-06-03 21:21 - 2014-06-03 21:21 - 00003306 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Initial Update2014-06-03 21:21 - 2014-05-05 20:58 - 00000000 ____D () C:\Program Files (x86)\Motorola Mobility2014-06-02 07:32 - 2013-03-29 08:40 - 00001054 _____ () C:\Users\kmengarelli\Desktop\Dropbox.lnk2014-06-02 07:32 - 2013-03-29 08:38 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-06-02 07:26 - 2014-04-15 13:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-02 07:12 - 2014-04-15 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-30 20:55 - 2014-05-30 20:55 - 00033382 _____ () C:\Users\kmengarelli\Desktop\functional-resume.ott2014-05-29 10:39 - 2014-05-29 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-05-29 10:39 - 2014-05-29 10:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-05-29 10:39 - 2014-05-29 10:37 - 00000000 ____D () C:\Program Files\iTunes2014-05-29 10:39 - 2014-05-29 10:37 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-05-29 10:38 - 2014-05-29 10:38 - 00000000 ____D () C:\Program Files\iPod2014-05-23 10:57 - 2014-05-23 10:57 - 00007578 _____ () C:\Users\kmengarelli\Desktop\2014 Summer School.xlsx2014-05-21 15:37 - 2014-05-21 12:41 - 00017103 _____ () C:\Users\kmengarelli\Desktop\Mengarelli Map.xlsx2014-05-21 15:25 - 2014-05-21 15:17 - 00000000 ____D () C:\Users\kmengarelli\Desktop\Map Recommend Export2014-05-20 09:00 - 2014-04-23 14:17 - 00140616 _____ () C:\Users\kmengarelli\Desktop\Mandatory Tutoring.xlsx2014-05-16 09:51 - 2013-05-01 07:41 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-05-15 08:26 - 2014-05-15 08:26 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\GeoGebra 4.42014-05-14 06:59 - 2012-05-02 08:20 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-05-14 06:59 - 2012-05-02 08:20 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-05-14 06:59 - 2012-05-02 08:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-05-12 07:26 - 2014-04-15 13:21 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-05-12 07:26 - 2014-04-15 13:21 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-05-12 07:25 - 2012-05-02 10:08 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-05-11 17:58 - 2012-07-23 20:07 - 00000000 ____D () C:\Users\kmengarelli\Documents\SMART Notebook Some content of TEMP:====================C:\Users\Administrator\AppData\Local\Temp\InstallAX.exeC:\Users\kmengarelli\AppData\Local\Temp\adb.exeC:\Users\kmengarelli\AppData\Local\Temp\AdbWinApi.dllC:\Users\kmengarelli\AppData\Local\Temp\AdbWinUsbApi.dllC:\Users\kmengarelli\AppData\Local\Temp\AutoItX3.dllC:\Users\kmengarelli\AppData\Local\Temp\converter.exeC:\Users\kmengarelli\AppData\Local\Temp\DeviceRooter.exeC:\Users\kmengarelli\AppData\Local\Temp\DIFxAPI.dllC:\Users\kmengarelli\AppData\Local\Temp\DPInstx64.exeC:\Users\kmengarelli\AppData\Local\Temp\DPInstx86.exeC:\Users\kmengarelli\AppData\Local\Temp\DPInst_Monx64.exeC:\Users\kmengarelli\AppData\Local\Temp\DPInst_Monx86.exeC:\Users\kmengarelli\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpedrx0v.dllC:\Users\kmengarelli\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfpyusq.dllC:\Users\kmengarelli\AppData\Local\Temp\fx-runtime.exeC:\Users\kmengarelli\AppData\Local\Temp\javagiac0.8644454434339026.dllC:\Users\kmengarelli\AppData\Local\Temp\jna6178250079325307547.dllC:\Users\kmengarelli\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exeC:\Users\kmengarelli\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exeC:\Users\kmengarelli\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exeC:\Users\kmengarelli\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exeC:\Users\kmengarelli\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exeC:\Users\kmengarelli\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\kmengarelli\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exeC:\Users\kmengarelli\AppData\Local\Temp\KUIU.EXEC:\Users\kmengarelli\AppData\Local\Temp\LMkRstPt.exeC:\Users\kmengarelli\AppData\Local\Temp\OneClickRoot.exeC:\Users\kmengarelli\AppData\Local\Temp\OS_Detect.exeC:\Users\kmengarelli\AppData\Local\Temp\SMARTProductUpdate.exeC:\Users\kmengarelli\AppData\Local\Temp\uninst.exeC:\Users\kmengarelli\AppData\Local\Temp\Updater.exeC:\Users\kmengarelli\AppData\Local\Temp\vlc-2.0.4-win32.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-08 09:15 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
kmengarelli Posted June 10, 2014 Author ID:840116 Share Posted June 10, 2014 And Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-06-2014Ran by kmengarelli at 2014-06-10 16:37:03Running from C:\Users\kmengarelli\Desktop\malwarebytes helpBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Sophos Anti-Virus (Enabled - Out of date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Sophos Anti-Virus (Enabled - Out of date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337} ==================== Installed Programs ====================== Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) HiddenAdobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) HiddenAdobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe Creative Suite 4 Design Premium (HKLM-x32\...\Adobe_55230b0b70661df0f212e88f0b655f7) (Version: 4.0 - Adobe Systems Incorporated)Adobe Creative Suite 4 Design Premium (x32 Version: 4.0 - Adobe Systems Incorporated) HiddenAdobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) HiddenAdobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) HiddenAdobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) HiddenAdobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe Fireworks CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) HiddenAdobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe Media Encoder CS4 Importer (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) HiddenAdobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) HiddenAdobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) HiddenAdobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAppInventor Setup (HKLM-x32\...\AppInventor Setup) (Version: 1.1 - Google Inc.)Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)BirdBrain Technologies Snap (HKLM-x32\...\{45A8FCE4-4553-4FE9-9EBA-99F3286E01E4}) (Version: 0.2.0 - BirdBrain Technologies LLC)BisonCam Twain Pro (HKLM-x32\...\{F2672232-FF17-4DC9-8F24-A1E1829FE086}) (Version: 1.5.4.7 - Bison WebCam Ap)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2200 - Broadcom Corporation)Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) HiddenConexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.48.0 - Conexant)Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) HiddenCorel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) HiddenCorel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft)Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) HiddenDisable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) HiddenExtreme Collaboration AddOn (beta) 1.1.27 (HKLM-x32\...\{F92CDDDC-99F7-4CF2-829B-D4C98617F254}_is1) (Version: 1.1.27 - Freiland Netzlösungen GmbH)Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0981 - Ezvid, inc.)File Extractor Packages (HKCU\...\File Extractor Packages) (Version: - ) <==== ATTENTIONFingerprint Reader (HKLM\...\{7DD99174-299B-4450-A179-7F27F4C2D042}) (Version: 6.0.200.105 - AuthenTec, Inc.)GeoGebra 4 (HKCU\...\GeoGebra 4) (Version: - International GeoGebra Institute)GeoGebra 4.4 (HKLM-x32\...\GeoGebra 4.4) (Version: 4.4.11.0 - International GeoGebra Institute)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) HiddenGoToMeeting 5.5.0.1132 (HKCU\...\GoToMeeting) (Version: 5.5.0.1132 - CitrixOnline)HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{7D220A57-969F-4D09-9297-D48195A8ABDD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3190 - Intel Corporation)Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.6.1.0536 - Intel Corporation) HiddenIntel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{A10B1524-63B5-40F2-B272-D841CF671C16}) (Version: 2.2.0.0266 - Intel Corporation)Intel® PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0167 - Intel Corporation) HiddenIntel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)Intel® WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142 - Intel Corporation) HiddenIntel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) HiddeniTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) HiddenJava 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.350 - Oracle)Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hiddenkuler (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenLenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.10 - )Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.9.0 - Lenovo)Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) HiddenLenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) HiddenLenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Mathematics (64-bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)Microsoft Mathematics Add-in (32-bit) (HKLM-x32\...\{E2C98732-F973-4985-A9C5-DC06178E16EE}) (Version: 2.0.040811.01 - Microsoft Corporation)Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Standard 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Security Client (Version: 4.3.0215.0 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2006.0314 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) HiddenMotorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) HiddenMotorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)MouseServer version 1.5.0.0 (HKLM-x32\...\{E13018F5-FFC7-4729-9C1B-1A85807D03E6}_is1) (Version: 1.5.0.0 - Necta Co.)Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenMozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) HiddenMSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)NBC Learn Offline Player (HKLM-x32\...\com.nbcuni.aodplayer.38154C9B00B8386E5872F08BE16716F44323C112.1) (Version: 3.03 - NBC Universal)NBC Learn Offline Player (x32 Version: 3.03 - NBC Universal) HiddenOn Screen Display (HKLM\...\OnScreenDisplay) (Version: 7.12.27 - )OneClickRoot (HKLM-x32\...\OneClickRoot) (Version: 1.0 - OneClickRoot)OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenPhotoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) HiddenPlanbook (HKLM-x32\...\{87EA1B44-0FB0-4EE9-A153-0D3BD026337E}) (Version: 4.00.051 - Hellmansoft)Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.64.4 - Lenovo Group Limited)Presto 1.0.319.0 (HKLM\...\{D65F74D9-5FD6-42E5-BE65-474AF84A5591}_is1) (Version: 1.0.319.0 - Collobos Software)PrintKit (HKLM\...\{41CCC6A9-EB5F-482C-AAB5-38849B7143EE}) (Version: 1.0.319.0 - Collobos Software)Publishly (HKLM-x32\...\Publishly) (Version: 1.0 - The Pretendery)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)Reflection (HKLM-x32\...\{63D5463D-0FED-4E4E-846A-CCB3245A2F28}) (Version: 1.2.1 - Squirrels)Reflector (HKLM\...\{F9C41F10-A70A-4717-8E86-19A4179FE689}) (Version: 1.2.3 - Squirrels)Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) HiddenRICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)SAMSUNG USB Driver for Mobile Phones V5.16.0.0 (HKLM-x32\...\{C0C1D2BC-72FE-4F77-A2F9-CD10D5AA8F93}) (Version: 1.2.2200.0 - SAMSUNG Electronics CO., LTD.)SamsungSimpleDownloaderTool for SPH-D710 (HKLM-x32\...\InstallShield_{8C9EBE06-8BA2-4AEB-BFD8-6614072FE75F}) (Version: 1.0.047 - Samsung Electronics)SamsungSimpleDownloaderTool for SPH-D710 (x32 Version: 1.0.047 - Samsung Electronics) HiddenScratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) HiddenSMART Common Files (HKLM-x32\...\{26A95DBF-A866-4838-A8C9-FA219FCBD22E}) (Version: 11.5.159.0 - SMART Technologies ULC)SMART Ink (HKLM-x32\...\{5ABC49B5-D0DC-428D-A082-4AEFF6490F04}) (Version: 2.0.723.0 - SMART Technologies ULC)SMART Notebook (HKLM-x32\...\{79660EE7-9C0B-4962-B566-2693FE34719D}) (Version: 11.4.564.0 - SMART Technologies ULC)SMART Notebook Gallery 2.0 Beta (HKLM-x32\...\{8FA9260A-062C-4F52-B2B2-08F4CE73CBB3}) (Version: 2.0.141.0 - SMART Technologies)SMART Product Drivers (HKLM-x32\...\{53330A17-78DE-458E-9997-292A2D6D3ADD}) (Version: 11.4.872.1 - SMART Technologies ULC)Songsmith (HKLM-x32\...\{30906093-42C6-4968-AEDD-B915972CF0DB}) (Version: 12.08.2700 - Microsoft Research)Sophos Anti-Virus (HKLM-x32\...\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}) (Version: 10.2.7 - Sophos Limited)Sophos AutoUpdate (HKLM-x32\...\{15C418EB-7675-42be-B2B3-281952DA014D}) (Version: 2.9.0.344 - Sophos Limited)Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.5.8.4 - Splashtop Inc.)Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2200 - Broadcom Corporation)ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.0.0 - )ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)ThinkVantage Access Connections (HKLM-x32\...\{9C551D9B-5D36-46A2-9414-F658D934B129}) (Version: 5.93 - Lenovo)ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARD_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARD_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARD_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.3.64 - VeriSign)VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)Windows Driver Package - Intel (iaStor) hdc (11/06/2010 10.1.0.1008) (HKLM\...\73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12) (Version: 11/06/2010 10.1.0.1008 - Intel)Windows Driver Package - Lenovo 1.64.00.00 (07/28/2011 1.64.00.00) (HKLM\...\01E3B64834B04ABAC85D8E1D3EBDC567D83AD29B) (Version: 07/28/2011 1.64.00.00 - Lenovo)Windows Driver Package - Realtek (RTL8167) Net (12/29/2010 7.037.1229.2010) (HKLM\...\828B05D2B647CDAEA22493F7BFB96847265EE596) (Version: 12/29/2010 7.037.1229.2010 - Realtek)Windows Driver Package - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 07-05-2014 01:26:50 Device Driver Package Install: Google, Inc. SAMSUNG Android Phone07-05-2014 01:36:35 Installed SamsungSimpleDownloaderTool for SPH-D71004-06-2014 02:20:12 Installed Motorola Device Manager06-06-2014 18:31:18 Windows Update ==================== Hosts content: ========================== 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {083E6C5A-B97C-489B-B795-CDB992B40380} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exeTask: {0866F271-C42F-4F66-A4FA-DF3E7BCE6C2F} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)Task: {0FEE389C-4C8A-49E5-AA4A-42ADD803E018} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-03-07] (Lenovo Group Limited)Task: {215C8BB4-AA95-4F94-9B38-406CC720DF09} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"Task: {5649AA3C-6C74-498F-9F1D-734D1F02499C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26] (Google Inc.)Task: {670D78CD-D01B-45E8-907B-C0285B9F9704} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510Core => C:\Users\kmengarelli\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-01] (Google Inc.)Task: {6B6CF214-BC27-44F1-AA76-F7AF5F9FB33F} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()Task: {72B3D271-C6EF-4FA8-98EA-5726D7722F51} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()Task: {77F50C04-4ADA-4B56-9DB1-E02FE55336AD} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()Task: {89C573F3-FA78-41B5-832A-FB1EA3BF1A99} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {95A44E88-C9C9-40ED-BFF7-4C462D4D43C1} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exeTask: {96C46302-7E7E-4D03-909B-DB1A1616C97C} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)Task: {99AD77A1-2C53-47DE-8105-B19F4CAE2905} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510UA => C:\Users\kmengarelli\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-01] (Google Inc.)Task: {B9A7D700-5323-41CD-9C74-CB3BE1FBA6E0} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()Task: {BCFC2974-7AA2-4228-80FA-DF6B7E60BB6E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)Task: {BF442980-691B-43B6-A6CB-E7570B446A50} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()Task: {C2DF1B3B-04BC-4C98-AAD3-D62626C80130} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-05-06] ()Task: {CD6D1CB7-93C7-402C-A840-5D9ACCA85817} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)Task: {D6996255-6DBA-4AB8-9B25-7C77B90C32D4} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()Task: {D94C961F-4FD7-48F0-B8A4-15D7B9D7B8FD} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)Task: {E99A7816-C486-490D-89F6-77C66CE08C8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26] (Google Inc.)Task: {FA1B8EB2-6669-4048-942B-3D312BE0F3AE} - System32\Tasks\New scan => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2012-09-21] (Sophos Limited)Task: {FB769969-7E67-460B-AE82-6A18DECF40ED} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)Task: {FBCBD813-DE95-4C98-8C3B-45175E8FF94C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)Task: {FD6C5330-3F9B-4C89-B98A-F3DB33D0D478} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510Core.job => C:\Users\kmengarelli\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510UA.job => C:\Users\kmengarelli\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\New scan.job => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-07 20:34 - 2012-10-04 19:49 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll2013-09-10 11:15 - 2013-09-10 11:15 - 01575936 _____ () C:\Program Files\PrintKit\libcups2.dll2012-02-26 20:08 - 2014-03-07 06:04 - 00104448 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL2013-04-03 09:59 - 2010-10-26 12:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe2012-02-26 20:06 - 2011-08-19 00:20 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2013-08-07 03:03 - 2013-08-07 03:03 - 01130792 _____ () C:\Program Files\Lenovo Fingerprint Reader\DataManager.dll2013-08-07 03:04 - 2013-08-07 03:04 - 00087848 _____ () C:\Program Files\Lenovo Fingerprint Reader\ssutil.dll2014-03-14 17:47 - 2014-03-14 17:47 - 00092504 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2013-09-05 15:12 - 2011-08-02 20:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll2013-09-05 15:12 - 2011-08-02 20:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll2012-02-06 03:50 - 2012-02-06 03:50 - 02402304 _____ () C:\Program Files (x86)\SAMSUNG\Intelli-studio\Filters\HTH264VD.dll2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll2014-03-31 16:26 - 2013-05-14 06:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll2012-02-26 20:09 - 2010-04-06 12:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll2012-02-26 20:09 - 2010-04-06 12:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll2014-06-09 19:14 - 2014-06-09 19:14 - 00043008 _____ () C:\Users\kmengarelli\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpedrx0v.dll2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\kmengarelli\AppData\Roaming\Dropbox\bin\libcef.dll2014-06-09 19:13 - 2014-06-09 19:13 - 00098816 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32api.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00110080 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\PyWinTypes27.dll2014-06-09 19:13 - 2014-06-09 19:13 - 00364544 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\pythoncom27.dll2014-06-09 19:13 - 2014-06-09 19:13 - 00045568 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\_socket.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 01159680 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\_ssl.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00320512 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32com.shell.shell.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00713216 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\_hashlib.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 01175040 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\wx._core_.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00805888 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\wx._gdi_.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00811008 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\wx._windows_.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 01062400 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\wx._controls_.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00735232 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\wx._misc_.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00128512 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\_elementtree.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00127488 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\pyexpat.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00557056 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\pysqlite2._sqlite.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00087552 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\_ctypes.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00119808 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32file.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00108544 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32security.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00018432 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32event.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00038912 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32inet.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00070656 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\wx._html2.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00167936 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32gui.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00011264 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32crypt.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00027136 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\_multiprocessing.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00122368 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\wx._wizard.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00010240 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\select.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00024064 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32pipe.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00686080 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\unicodedata.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00025600 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32pdh.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00525640 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\windows._lib_cacheinvalidation.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00035840 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32process.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00017408 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32profile.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00022528 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\win32ts.pyd2014-06-09 19:13 - 2014-06-09 19:13 - 00078336 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI57842\wx._animate.pyd2013-08-22 19:43 - 2013-08-22 19:43 - 00272688 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK.node2013-08-22 19:44 - 2013-08-22 19:44 - 00039216 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\HWR.node2013-08-22 19:44 - 2013-08-22 19:44 - 00053040 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SWR.node2013-08-22 19:44 - 2013-08-22 19:44 - 00057648 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\MWR.node2013-08-22 19:44 - 2013-08-22 19:44 - 00014848 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SessionNotification.node2011-08-15 20:12 - 2011-08-15 20:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll2011-08-15 20:15 - 2011-08-15 20:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll2011-08-17 16:41 - 2011-08-17 16:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll2011-08-17 16:48 - 2011-08-17 16:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll2012-06-14 11:57 - 2012-06-14 11:57 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll2011-08-15 20:12 - 2011-08-15 20:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll2011-08-17 16:48 - 2011-08-17 16:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll2011-08-15 19:23 - 2011-08-15 19:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll2012-06-14 11:56 - 2012-06-14 11:56 - 00481792 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll2012-06-14 12:06 - 2012-06-14 12:06 - 00500064 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll2012-06-14 11:55 - 2012-06-14 11:55 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf2014-05-21 23:02 - 2014-05-13 18:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll2014-05-21 23:02 - 2014-05-13 18:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll2014-05-21 23:02 - 2014-05-13 18:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll2014-05-21 23:02 - 2014-05-13 18:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll2014-05-21 23:02 - 2014-05-13 18:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbyloginMSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: BLEServicesCtrl => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exeMSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostartMSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: Lenovo Registration => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /bootMSCONFIG\startupreg: PWMTRV => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitorMSCONFIG\startupreg: Response Desktop Menu => "C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe"MSCONFIG\startupreg: sbsdk-server => "C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe"MSCONFIG\startupreg: SkyDrive => "C:\Users\kmengarelli\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /backgroundMSCONFIG\startupreg: SMART Board Service => "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe" -dMSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==================== Faulty Device Manager Devices ============= Name: SMART Virtual TabletPCDescription: SMART Virtual TabletPCClass Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}Manufacturer: SMART Technologies ULCService: SMARTVTabletPCx64Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: SMART Virtual TabletPCDescription: SMART Virtual TabletPCClass Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}Manufacturer: SMART Technologies ULCService: SMARTVTabletPCx64Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (06/10/2014 04:25:50 PM) (Source: PrintKit Service) (EventID: 1) (User: )Description: 3268:5508 Tue Jun 10 16:25:43 2014 NKAddress.cpp:226 netkit::ip::address::resolve::<lambda_556c6c5232b365839ca913f34624bc95>::operator () error in getaddrinfo: N Error: (06/10/2014 11:08:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 31325 Error: (06/10/2014 11:08:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 31325 Error: (06/10/2014 11:08:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/10/2014 11:08:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 30311 Error: (06/10/2014 11:08:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 30311 Error: (06/10/2014 11:08:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/10/2014 11:08:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 29219 Error: (06/10/2014 11:08:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 29219 Error: (06/10/2014 11:08:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second System errors:=============Error: (06/10/2014 04:25:50 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: USD250)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (06/10/2014 04:25:50 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (06/10/2014 04:25:43 PM) (Source: NETLOGON) (EventID: 5719) (User: )Description: This computer was not able to set up a secure session with a domaincontroller in domain USD250 due to the following: %%1311 This may lead to authentication problems. Make sure that thiscomputer is connected to the network. If the problem persists,please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, itsets up the secure session to the primary domain controller emulator in the specifieddomain. Otherwise, this computer sets up the secure session to any domain controllerin the specified domain. Error: (06/10/2014 08:03:30 AM) (Source: TermService) (EventID: 1067) (User: )Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.. Error: (06/10/2014 07:29:46 AM) (Source: TermService) (EventID: 1067) (User: )Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.. Error: (06/10/2014 07:24:16 AM) (Source: TermService) (EventID: 1067) (User: )Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.. Error: (06/10/2014 07:19:28 AM) (Source: NETLOGON) (EventID: 5719) (User: )Description: This computer was not able to set up a secure session with a domaincontroller in domain USD250 due to the following: %%1311 This may lead to authentication problems. Make sure that thiscomputer is connected to the network. If the problem persists,please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, itsets up the secure session to the primary domain controller emulator in the specifieddomain. Otherwise, this computer sets up the secure session to any domain controllerin the specified domain. Error: (06/10/2014 07:19:03 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (06/09/2014 07:12:58 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: USD250)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (06/09/2014 07:10:59 PM) (Source: TermService) (EventID: 1067) (User: )Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.. Microsoft Office Sessions:=========================Error: (06/10/2014 04:25:50 PM) (Source: PrintKit Service) (EventID: 1) (User: )Description: 3268:5508 Tue Jun 10 16:25:43 2014 NKAddress.cpp:226 netkit::ip::address::resolve::<lambda_556c6c5232b365839ca913f34624bc95>::operator () error in getaddrinfo: N Error: (06/10/2014 11:08:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 31325 Error: (06/10/2014 11:08:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 31325 Error: (06/10/2014 11:08:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/10/2014 11:08:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 30311 Error: (06/10/2014 11:08:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 30311 Error: (06/10/2014 11:08:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/10/2014 11:08:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 29219 Error: (06/10/2014 11:08:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 29219 Error: (06/10/2014 11:08:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second ==================== Memory info =========================== Percentage of memory in use: 76%Total physical RAM: 3688.15 MBAvailable physical RAM: 874.54 MBTotal Pagefile: 7374.48 MBAvailable Pagefile: 4214.91 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:448.67 GB) (Free:223.35 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (1991_PITT_ST_FOOTBALL_CHAMPIONSH) (CDROM) (Total:3.1 GB) (Free:0 GB) UDFDrive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.61 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 466 GB) (Disk ID: 478F2F74)Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=449 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
MrCharlie Posted June 11, 2014 ID:840173 Share Posted June 11, 2014 Welcome to the forum. Please run a Quick Scan with Malwarebytes For Malwarebytes ver: 1.75 Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. For Malwarebytes 2.0, please run a Threat Scan Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware Same for PUM (Potentially Unwanted Modifications) Quarantine all that's found General P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. 2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. Then....... Please download and run RogueKiller 32 bit to your desktop. RogueKiller<---use this one for 64 bit systems Which system am I using? Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes and use the default font) MrC Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running. Create a new restore point Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- If I don't respond within 24 hours, please send me a PM Link to post Share on other sites More sharing options...
kmengarelli Posted June 11, 2014 Author ID:840408 Share Posted June 11, 2014 RogueKiller V9.0.2.0 (x64) [Jun 3 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : kmengarelli [Admin rights]Mode : Scan -- Date : 06/11/2014 13:22:45 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1090334920-1458969583-549785860-23510\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1090334920-1458969583-549785860-23510\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤[suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> FOUND ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: HITACHI HTS727550A9E364 +++++--- User ---[MBR] cce895c4ba458e3c1cbc06e7c2823d52[bSP] ef412d77646346af1adb49e220a2187d : Lenovo MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 459436 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 944003072 | Size: 16000 MBUser = LL1 ... OKUser != LL2 ... KO!--- LL2 ---[MBR] eeb048d272e15ba0de821772635b505e[bSP] 60b4dd6963259b25adca021abb6d053a : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 459438 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 944003072 | Size: 16000 MB Link to post Share on other sites More sharing options...
MrCharlie Posted June 11, 2014 ID:840414 Share Posted June 11, 2014 Did you run Malwarebytes??? MrC Link to post Share on other sites More sharing options...
kmengarelli Posted June 11, 2014 Author ID:840474 Share Posted June 11, 2014 yes I did that prior to running rogue killer Link to post Share on other sites More sharing options...
MrCharlie Posted June 11, 2014 ID:840505 Share Posted June 11, 2014 Can you post the log from Malwarebytes.-----------------------------------------------Make sure you have created a restore point and.....Download Delfix from Here and save it to your desktop.Place a check mark in front of .......Create registry backup <---only!Uncheck the rest!Click the Run button.Close the tool out when it's done....we'll use it later.Then..................Please download AdwCleaner from HERE or HERE to your desktop.Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Next.................. Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Next.........Run a Threat Scan:If you're using Malwarebytes 2.0, please run a Threat ScanClick on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malwareSame for PUM (Potentially Unwanted Modifications)Quarantine All that's foundLast......Re-scan with FRST and make sure the Addition box is checked.Post or attach the 2 logs.MrC Link to post Share on other sites More sharing options...
kmengarelli Posted June 12, 2014 Author ID:840520 Share Posted June 12, 2014 Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 6/11/2014Scan Time: 5:58:09 PMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.06.11.08Rootkit Database: v2014.06.02.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: kmengarelli Scan Type: Threat ScanResult: CompletedObjects Scanned: 417122Time Elapsed: 36 min, 34 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
kmengarelli Posted June 12, 2014 Author ID:840528 Share Posted June 12, 2014 # AdwCleaner v3.212 - Report created 11/06/2014 at 20:05:40# Updated 05/06/2014 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : kmengarelli - PHS-KMENGARELLI# Running from : C:\Users\kmengarelli\Desktop\malwarebytes help\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\PartnerFolder Deleted : C:\Users\KMENGA~1\AppData\Local\Temp\webgetFolder Deleted : C:\Users\kmengarelli\AppData\LocalLow \ConduitFolder Deleted : C:\Users\kmengarelli\AppData\Roaming\1H1QFolder Deleted : C:\Users\kmengarelli\Documents\Optimizer ProFolder Deleted : C:\Users\Administrator\AppData\Roaming \Mozilla\Firefox\Profiles\scqf1i9s.default\Extensions\staged \{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}Folder Deleted : C:\Users\kmengarelli\AppData\Roaming \Mozilla\Firefox\Profiles\9b71g888.default\Extensions\staged \{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}Folder Deleted : C:\Users\Administrator\AppData\Local\Google \Chrome\User Data\Default\Extensions \cgiaikfpllchefojlnehlmpekeogihnmFile Deleted : C:\Users\Administrator\AppData\Roaming \Mozilla\Firefox\Profiles\scqf1i9s.default\user.jsFile Deleted : C:\Users\kmengarelli\AppData\Roaming\Mozilla \Firefox\Profiles\9b71g888.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Google\Chrome\Extensions \cgiaikfpllchefojlnehlmpekeogihnmKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions \cgiaikfpllchefojlnehlmpekeogihnmKey Deleted : HKLM\SOFTWARE\Classes\SKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing \updatewebget_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing \updatewebget_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9- 4F99-9A55-D0FBFBE7ECD3}Key Deleted : HKCU\Software\Microsoft\Internet Explorer \SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431- B4FD-889BC837521F}Key Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD- 889BC837521F}Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96- 5467DA2C4EF0}Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002- C014AF797E9C}Key Deleted : HKLM\Software\InstallCore ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Users\Administrator\AppData\Roaming\Mozilla \Firefox\Profiles\scqf1i9s.default\prefs.js ] Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial"); [ File : C:\Users\kmengarelli\AppData\Roaming\Mozilla \Firefox\Profiles\9b71g888.default\prefs.js ] Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial"); -\\ Google Chrome v35.0.1916.114 [ File : C:\Users\Administrator\AppData\Local\Google\Chrome \User Data\Default\preferences ] Deleted [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q= {searchTerms} &a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtAyDtDtBz yyBzyzztD0BtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutC yEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0Ezz0BtCtDtGtDyDtB0 AtGyE0EyD0EtGtB0DtA0CtGtB0DyE0EzztD0C0E0ByC0DyD2QtN1M1F1B2Z1V 1N2Y1L1Qzu2SyBtByB0AtB0EtAzytG0F0CtCtDtGtC0CtC0BtG0F0B0BtAtGt C0EtDtBtByB0EyByCtA0B0C2Q&cr=531881053&ir=Deleted [Extension] : cgiaikfpllchefojlnehlmpekeogihnmDeleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoeboDeleted [Extension] : hphibigbodkkohoglgfkddblldpfohjlDeleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbejDeleted [Extension] : kincjchfokkeneeofpeefomkikfkiedlDeleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpcDeleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc [ File : C:\Users\kmengarelli\AppData\Local\Google\Chrome \User Data\Default\preferences ] Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}Deleted [search Provider] : hxxp://www.ask.com/web?q= {searchTerms}Deleted [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q= {searchTerms} &a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtAyDtDtBz yyBzyzztD0BtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutC yEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0Ezz0BtCtDtGtDyDtB0 AtGyE0EyD0EtGtB0DtA0CtGtB0DyE0EzztD0C0E0ByC0DyD2QtN1M1F1B2Z1V 1N2Y1L1Qzu2SyBtByB0AtB0EtAzytG0F0CtCtDtGtC0CtC0BtG0F0B0BtAtGt C0EtDtBtByB0EyByCtA0B0C2Q&cr=531881053&ir=Deleted [Extension] : cgiaikfpllchefojlnehlmpekeogihnmDeleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff [ File : C:\Users\phslib\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q= {searchTerms} &a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtAyDtDtBz yyBzyzztD0BtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutC yEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0Ezz0BtCtDtGtDyDtB0 AtGyE0EyD0EtGtB0DtA0CtGtB0DyE0EzztD0C0E0ByC0DyD2QtN1M1F1B2Z1V 1N2Y1L1Qzu2SyBtByB0AtB0EtAzytG0F0CtCtDtGtC0CtC0BtG0F0B0BtAtGt C0EtDtBtByB0EyByCtA0B0C2Q&cr=531881053&ir=Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoeboDeleted [Extension] : hphibigbodkkohoglgfkddblldpfohjlDeleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbejDeleted [Extension] : kincjchfokkeneeofpeefomkikfkiedlDeleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpcDeleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc [ File : C:\Users\USD No. 250\AppData\Local\Google\Chrome \User Data\Default\preferences ] Deleted [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q= {searchTerms} &a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtAyDtDtBz yyBzyzztD0BtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutC yEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0Ezz0BtCtDtGtDyDtB0 AtGyE0EyD0EtGtB0DtA0CtGtB0DyE0EzztD0C0E0ByC0DyD2QtN1M1F1B2Z1V 1N2Y1L1Qzu2SyBtByB0AtB0EtAzytG0F0CtCtDtGtC0CtC0BtG0F0B0BtAtGt C0EtDtBtByB0EyByCtA0B0C2Q&cr=531881053&ir= ************************* AdwCleaner[R0].txt - [5815 octets] - [11/06/2014 19:43:47]AdwCleaner[s0].txt - [6301 octets] - [11/06/2014 20:05:40] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6361 octets] ########## Link to post Share on other sites More sharing options...
kmengarelli Posted June 12, 2014 Author ID:840532 Share Posted June 12, 2014 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.4 (04.06.2014:1)OS: Windows 7 Professional x64Ran by kmengarelli on Wed 06/11/2014 at 20:17:40.85~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayNameSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [Folder] C:\Users\kmengarelli\AppData\Roaming\mozilla\firefox\profiles\9b71g888.default\extensions\stagedEmptied folder: C:\Users\kmengarelli\AppData\Roaming\mozilla\firefox\profiles\9b71g888.default\minidumps [4 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 06/11/2014 at 20:26:41.67End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
kmengarelli Posted June 12, 2014 Author ID:840535 Share Posted June 12, 2014 Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 6/11/2014Scan Time: 8:31:56 PMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.06.12.01Rootkit Database: v2014.06.02.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: kmengarelli Scan Type: Hyper ScanResult: CompletedObjects Scanned: 319710Time Elapsed: 5 min, 52 sec Memory: EnabledStartup: EnabledFilesystem: DisabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
kmengarelli Posted June 12, 2014 Author ID:840537 Share Posted June 12, 2014 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 01Ran by kmengarelli (administrator) on PHS-KMENGARELLI on 11-06-2014 20:39:43Running from C:\Users\kmengarelli\Desktop\malwarebytes helpPlatform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe(Lenovo.) C:\Windows\System32\ibmpmsvc.exe(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe(Collobos Software) C:\Program Files\PrintKit\printkitd.exe(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe(Lenovo.) C:\Windows\System32\TpShocks.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Collobos Software) C:\Program Files\Presto\PrestoHelper.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe(Dropbox, Inc.) C:\Users\kmengarelli\AppData\Roaming\Dropbox\bin\Dropbox.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE(Joyent, Inc) C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google) C:\Users\kmengarelli\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [297008 2014-01-28] (Lenovo Group Limited)HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)HKLM\...\Run: [MSC] => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyHKLM\...\Run: [ResetACGauge] => C:\Program Files (x86)\Lenovo\Access Connections\smbhlpr.exe [147456 2014-03-14] (Lenovo)HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()HKLM\...\Run: [bTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11586944 2012-06-18] (Motorola Solutions, Inc.)HKLM\...\Run: [] => [X]HKLM\...\Run: [bLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-05-31] (Intel Corporation)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3029744 2013-04-26] (Synaptics Incorporated)HKLM\...\Run: [PrestoHelper] => C:\Program Files\Presto\PrestoHelper.exe [3468800 2013-09-10] (Collobos Software)HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exeHKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-14] (Intel Corporation)HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-31] (Intel Corporation)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitorHKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)HKLM-x32\...\Run: [sMART Ink] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [147248 2014-02-11] (SMART Technologies)HKLM-x32\...\Run: [sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-01-11] (Sophos Limited)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [sMART Floating Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe [9024304 2013-11-20] (SMART Technologies ULC)HKLM-x32\...\Run: [sMARTNotification] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe [204592 2014-02-12] (SMART Technologies)HKLM-x32\...\Run: [sMART Tray Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe [744752 2014-02-12] (SMART Technologies)HKLM-x32\...\Run: [sMART Board Service] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [1933616 2014-02-12] (SMART Technologies)HKLM-x32\...\Run: [sbsdk-server] => C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62768 2013-08-22] (SMART Technologies)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)HKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)HKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\Run: [Google Update] => C:\Users\kmengarelli\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-03-01] (Google Inc.)HKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\RunOnce: [uninstall C:\Users\kmengarelli\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\kmengarelli\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"HKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\RunOnce: [uninstall C:\Users\kmengarelli\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\kmengarelli\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"HKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\MountPoints2: {4680a533-d21c-11e3-af28-b888e3350297} - E:\setup.exe -aHKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\MountPoints2: {b75e3514-f0ca-11e2-ad3b-b888e3350297} - E:\iStudio.exeHKU\S-1-5-21-1090334920-1458969583-549785860-23510\...\MountPoints2: {c068f0c6-60dc-11e1-ac10-806e6f6e6963} - Q:\LenovoQDrive.exeAppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [218256 2012-09-21] (Sophos Limited)AppInit_DLLs-x32: c:\progra~2\sophos\sophos~1\sophos~1.dll => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [221840 2012-09-21] (Sophos Limited)Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGinaStartup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnkShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)Startup: C:\Users\kmengarelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\kmengarelli\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\kmengarelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Presto.lnkShortcutTarget: Presto.lnk -> C:\Program Files\Presto\Presto.exe (Collobos Software) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpadHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENPHKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpadSearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtAyDtDtBzyyBzyzztD0BtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0Ezz0BtCtDtGtDyDtB0AtGyE0EyD0EtGtB0DtA0CtGtB0DyE0EzztD0C0E0ByC0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByB0AtB0EtAzytG0F0CtCtDtGtC0CtC0BtG0F0B0BtAtGtC0EtDtBtByB0EyByCtA0B0C2Q&cr=531881053&ir=SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAtAyDtDtBzyyBzyzztD0BtN0D0Tzu0SzzyDyCtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyC0D0Ezz0BtCtDtGtDyDtB0AtGyE0EyD0EtGtB0DtA0CtGtB0DyE0EzztD0C0E0ByC0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtByB0AtB0EtAzytG0F0CtCtDtGtC0CtC0BtG0F0B0BtAtGtC0EtDtBtByB0EyByCtA0B0C2Q&cr=531881053&ir=SearchScopes: HKLM-x32 - DefaultScope value is missing.SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/searchBHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Android\adt-bundle-windows-x86_64-20130729\adt-bundle-windows-x86_64-20130729\eclipse\jre\bin\ssv.dll (Oracle Corporation)BHO: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Android\adt-bundle-windows-x86_64-20130729\adt-bundle-windows-x86_64-20130729\eclipse\jre\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll (SMART Technologies ULC.)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileToolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileWinsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 FireFox:========FF ProfilePath: C:\Users\kmengarelli\AppData\Roaming\Mozilla\Firefox\Profiles\9b71g888.defaultFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Android\adt-bundle-windows-x86_64-20130729\adt-bundle-windows-x86_64-20130729\eclipse\jre\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @emusic.com/eMusicPlugin DLM6 - C:\Program Files (x86)\eMusic Download Manager 6\npEMusic604.dll No FileFF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\kmengarelli\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\kmengarelli\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\kmengarelli\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\kmengarelli\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\kmengarelli\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\kmengarelli\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-23]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-12]FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ []FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-03] Chrome: =======CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENPCHR StartupUrls: "hxxp://www.google.com/"CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (TrueSuite) - C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc)CHR Plugin: (Google Update) - C:\Users\kmengarelli\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No FileCHR Plugin: (Google Talk Plugin) - C:\Users\kmengarelli\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\kmengarelli\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No FileCHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\kmengarelli\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No FileCHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No FileCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]CHR Extension: (YouTube) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-23]CHR Extension: (GeoGebra) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2014-02-10]CHR Extension: (Google Search) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-23]CHR Extension: (Wolfram|Alpha (Official)) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2012-11-15]CHR Extension: (Save to Pocket) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-06-01]CHR Extension: (Google Wallet) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]CHR Extension: (Readability) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2013-05-15]CHR Extension: (Gmail) - C:\Users\kmengarelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-23]CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\KMENGA~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-04-30]CHR HKLM-x32\...\Chrome\Extension: [clglhglbidpdbjffpfcldkifhdegdfle] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2013-04-01] ==================== Services (Whitelisted) ================= R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139944 2013-08-07] (AuthenTec, Inc)R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-05-31] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-05-31] (Intel Corporation)R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [198704 2014-01-28] (Lenovo Group Limited)R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()R2 PrintKit Service; C:\Program Files\PrintKit\printkitd.exe [4307224 2013-09-10] (Collobos Software)R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-01-11] (Sophos Limited)R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2012-09-21] (Sophos Limited)R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [538416 2014-02-12] (SMART Technologies)R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-01-11] (Sophos Limited)S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-02-04] (Sophos Limited)S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2012-11-12] (Sophos Limited)R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401704 2013-07-22] (AuthenTec, Inc.)R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2011-12-05] (Symantec Corporation)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [X]S3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [X] ==================== Drivers (Whitelisted) ==================== S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [111104 2012-05-21] (Motorola Solutions, Inc.)S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [849408 2012-06-09] (Motorola Solutions, Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-11] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2012-09-21] (Sophos Limited)R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2013-08-12] (SMART Technologies)R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2013-08-12] (SMART Technologies)S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2013-03-07] (SMART Technologies ULC)R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-26] (Synaptics Incorporated)R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2011-08-25] (Sophos Plc)R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)S3 5U877; system32\DRIVERS\5U877.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-11 19:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-06-11 19:43 - 2014-06-11 20:06 - 00000000 ____D () C:\AdwCleaner2014-06-11 19:42 - 2014-06-11 20:17 - 00000000 ____D () C:\Windows\ERUNT2014-06-11 19:42 - 2014-06-11 19:42 - 00000273 _____ () C:\DelFix.txt2014-06-11 13:04 - 2014-06-11 13:04 - 00000000 ____D () C:\ProgramData\RogueKiller2014-06-11 13:03 - 2014-06-11 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fingerprint Reader2014-06-10 16:35 - 2014-06-11 20:39 - 00000000 ____D () C:\FRST2014-06-10 16:34 - 2014-06-11 20:39 - 00000000 ____D () C:\Users\kmengarelli\Desktop\malwarebytes help2014-06-09 13:52 - 2014-06-09 13:52 - 00001676 _____ () C:\Users\kmengarelli\Desktop\1234.txt2014-06-07 19:57 - 2014-06-07 19:57 - 00001675 _____ () C:\1234.txt2014-06-06 13:58 - 2014-05-08 02:14 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-06-06 13:58 - 2014-05-08 01:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-06-06 13:58 - 2014-05-08 00:52 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-06-06 13:58 - 2014-05-08 00:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-06-06 13:58 - 2014-05-07 23:57 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-06-06 13:58 - 2014-05-07 23:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-06-06 13:31 - 2014-03-24 21:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-06-06 13:31 - 2014-03-24 21:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-06-06 13:30 - 2014-05-09 01:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-06-06 13:30 - 2014-05-09 01:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-06-06 13:30 - 2014-04-11 21:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2014-06-06 13:30 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2014-06-06 13:30 - 2014-04-11 21:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-06-06 13:30 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2014-06-06 13:30 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2014-06-06 13:30 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2014-06-06 13:30 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2014-06-06 13:30 - 2014-04-11 21:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-06-06 13:30 - 2014-04-11 21:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-06-06 13:30 - 2014-03-04 04:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-06-06 13:30 - 2014-03-04 04:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-06-06 13:30 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll2014-06-06 13:30 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2014-06-06 13:30 - 2014-03-04 04:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-06-06 13:30 - 2014-03-04 04:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-06-06 13:30 - 2014-03-04 04:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-06-06 13:30 - 2014-03-04 04:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-06-06 13:30 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll2014-06-06 13:30 - 2014-03-04 04:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-06-06 13:30 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll2014-06-06 13:30 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll2014-06-06 13:30 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll2014-06-06 13:30 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll2014-06-06 13:30 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll2014-06-06 13:30 - 2014-03-04 04:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-06-06 13:30 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2014-06-06 13:30 - 2014-03-04 04:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2014-06-06 13:30 - 2014-03-04 04:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll2014-06-06 13:30 - 2014-03-04 04:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-06-06 13:30 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2014-06-06 13:14 - 2014-06-06 13:14 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\LSC2014-06-03 21:21 - 2014-06-03 21:21 - 00003498 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Update2014-06-03 21:21 - 2014-06-03 21:21 - 00003480 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Engine2014-06-03 21:21 - 2014-06-03 21:21 - 00003306 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Initial Update2014-05-30 20:55 - 2014-05-30 20:55 - 00033382 _____ () C:\Users\kmengarelli\Desktop\functional-resume.ott2014-05-29 10:39 - 2014-05-29 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-05-29 10:38 - 2014-05-29 10:38 - 00000000 ____D () C:\Program Files\iPod2014-05-29 10:37 - 2014-05-29 10:39 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-05-29 10:37 - 2014-05-29 10:39 - 00000000 ____D () C:\Program Files\iTunes2014-05-29 10:37 - 2014-05-29 10:39 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-05-23 10:57 - 2014-05-23 10:57 - 00007578 _____ () C:\Users\kmengarelli\Desktop\2014 Summer School.xlsx2014-05-21 15:17 - 2014-05-21 15:25 - 00000000 ____D () C:\Users\kmengarelli\Desktop\Map Recommend Export2014-05-21 12:41 - 2014-05-21 15:37 - 00017103 _____ () C:\Users\kmengarelli\Desktop\Mengarelli Map.xlsx2014-05-15 08:26 - 2014-05-15 08:26 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\GeoGebra 4.4 ==================== One Month Modified Files and Folders ======= 2014-06-11 20:40 - 2012-07-23 14:41 - 00000000 ____D () C:\Users\kmengarelli\AppData\Local\Temp2014-06-11 20:40 - 2012-02-26 20:17 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-06-11 20:39 - 2014-06-10 16:35 - 00000000 ____D () C:\FRST2014-06-11 20:39 - 2014-06-10 16:34 - 00000000 ____D () C:\Users\kmengarelli\Desktop\malwarebytes help2014-06-11 20:36 - 2012-02-26 19:57 - 01837575 _____ () C:\Windows\WindowsUpdate.log2014-06-11 20:31 - 2014-04-15 13:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-06-11 20:20 - 2009-07-13 23:51 - 00146273 _____ () C:\Windows\setupact.log2014-06-11 20:18 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-06-11 20:18 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-06-11 20:17 - 2014-06-11 19:42 - 00000000 ____D () C:\Windows\ERUNT2014-06-11 20:14 - 2013-09-12 20:44 - 00000000 ____D () C:\ProgramData\PrintKit2014-06-11 20:14 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI2014-06-11 20:12 - 2012-09-20 10:28 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\Dropbox2014-06-11 20:11 - 2014-05-06 19:12 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\DropboxMaster2014-06-11 20:11 - 2012-12-02 21:40 - 00000000 ___RD () C:\Users\kmengarelli\Dropbox2014-06-11 20:11 - 2012-07-25 22:09 - 00000000 ___RD () C:\Users\kmengarelli\Desktop\Google Drive2014-06-11 20:10 - 2012-02-26 20:17 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-06-11 20:09 - 2014-05-05 20:59 - 00000000 ____D () C:\Temp2014-06-11 20:09 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-06-11 20:08 - 2010-11-20 22:47 - 00749986 _____ () C:\Windows\PFRO.log2014-06-11 20:06 - 2014-06-11 19:43 - 00000000 ____D () C:\AdwCleaner2014-06-11 19:53 - 2012-05-02 08:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-06-11 19:47 - 2013-04-05 10:03 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510UA.job2014-06-11 19:42 - 2014-06-11 19:42 - 00000273 _____ () C:\DelFix.txt2014-06-11 17:47 - 2013-04-05 10:03 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510Core.job2014-06-11 13:04 - 2014-06-11 13:04 - 00000000 ____D () C:\ProgramData\RogueKiller2014-06-11 13:03 - 2014-06-11 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fingerprint Reader2014-06-11 09:51 - 2012-05-03 00:54 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl2014-06-11 09:18 - 2012-07-27 14:06 - 00000000 ____D () C:\Users\kmengarelli\AppData\Local\Deployment2014-06-11 09:17 - 2014-04-25 07:00 - 00001934 _____ () C:\Users\kmengarelli\.powerschool_gradebook.properties2014-06-11 09:17 - 2012-07-23 14:41 - 00000000 ____D () C:\Users\kmengarelli2014-06-11 08:03 - 2014-03-31 18:37 - 00000618 _____ () C:\Windows\Tasks\New scan.job2014-06-09 19:12 - 2013-05-14 12:40 - 00000000 ____D () C:\Users\phslib2014-06-09 18:50 - 2013-04-30 07:41 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\Mozilla2014-06-09 13:52 - 2014-06-09 13:52 - 00001676 _____ () C:\Users\kmengarelli\Desktop\1234.txt2014-06-09 12:27 - 2012-07-23 14:43 - 00000000 ____D () C:\Users\kmengarelli\AppData\Local\CrashDumps2014-06-07 19:57 - 2014-06-07 19:57 - 00001675 _____ () C:\1234.txt2014-06-06 18:32 - 2012-07-23 14:42 - 00000000 ___RD () C:\Users\kmengarelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-06-06 18:32 - 2012-07-23 14:42 - 00000000 ___RD () C:\Users\kmengarelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-06-06 14:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-06-06 14:06 - 2014-05-06 18:14 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-06-06 14:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-06-06 13:58 - 2012-05-02 08:23 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-06-06 13:52 - 2013-09-05 15:23 - 00000000 ____D () C:\Windows\system32\MRT2014-06-06 13:38 - 2012-07-24 23:06 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-06-06 13:14 - 2014-06-06 13:14 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\LSC2014-06-06 07:33 - 2012-02-26 20:09 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo2014-06-06 07:33 - 2012-02-26 19:54 - 00000000 ____D () C:\Program Files\Lenovo2014-06-06 07:30 - 2012-02-26 20:09 - 00000000 ____D () C:\Windows\Downloaded Installations2014-06-04 07:33 - 2013-08-26 08:09 - 00001116 _____ () C:\SSUUpdater.log2014-06-03 21:21 - 2014-06-03 21:21 - 00003498 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Update2014-06-03 21:21 - 2014-06-03 21:21 - 00003480 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Engine2014-06-03 21:21 - 2014-06-03 21:21 - 00003306 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Initial Update2014-06-03 21:21 - 2014-05-05 20:58 - 00000000 ____D () C:\Program Files (x86)\Motorola Mobility2014-06-02 07:32 - 2013-03-29 08:40 - 00001054 _____ () C:\Users\kmengarelli\Desktop\Dropbox.lnk2014-06-02 07:32 - 2013-03-29 08:38 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-06-02 07:26 - 2014-04-15 13:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-02 07:12 - 2014-04-15 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-30 20:55 - 2014-05-30 20:55 - 00033382 _____ () C:\Users\kmengarelli\Desktop\functional-resume.ott2014-05-29 10:39 - 2014-05-29 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-05-29 10:39 - 2014-05-29 10:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-05-29 10:39 - 2014-05-29 10:37 - 00000000 ____D () C:\Program Files\iTunes2014-05-29 10:39 - 2014-05-29 10:37 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-05-29 10:38 - 2014-05-29 10:38 - 00000000 ____D () C:\Program Files\iPod2014-05-23 10:57 - 2014-05-23 10:57 - 00007578 _____ () C:\Users\kmengarelli\Desktop\2014 Summer School.xlsx2014-05-21 15:37 - 2014-05-21 12:41 - 00017103 _____ () C:\Users\kmengarelli\Desktop\Mengarelli Map.xlsx2014-05-21 15:25 - 2014-05-21 15:17 - 00000000 ____D () C:\Users\kmengarelli\Desktop\Map Recommend Export2014-05-20 09:00 - 2014-04-23 14:17 - 00140616 _____ () C:\Users\kmengarelli\Desktop\Mandatory Tutoring.xlsx2014-05-16 09:51 - 2013-05-01 07:41 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-05-15 08:26 - 2014-05-15 08:26 - 00000000 ____D () C:\Users\kmengarelli\AppData\Roaming\GeoGebra 4.42014-05-14 06:59 - 2012-05-02 08:20 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-05-14 06:59 - 2012-05-02 08:20 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-05-14 06:59 - 2012-05-02 08:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-05-12 07:26 - 2014-04-15 13:21 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-05-12 07:26 - 2014-04-15 13:21 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-05-12 07:25 - 2012-05-02 10:08 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys Some content of TEMP:====================C:\Users\Administrator\AppData\Local\Temp\InstallAX.exeC:\Users\kmengarelli\AppData\Local\Temp\adb.exeC:\Users\kmengarelli\AppData\Local\Temp\AdbWinApi.dllC:\Users\kmengarelli\AppData\Local\Temp\AdbWinUsbApi.dllC:\Users\kmengarelli\AppData\Local\Temp\AutoItX3.dllC:\Users\kmengarelli\AppData\Local\Temp\converter.exeC:\Users\kmengarelli\AppData\Local\Temp\DeviceRooter.exeC:\Users\kmengarelli\AppData\Local\Temp\DIFxAPI.dllC:\Users\kmengarelli\AppData\Local\Temp\DPInstx64.exeC:\Users\kmengarelli\AppData\Local\Temp\DPInstx86.exeC:\Users\kmengarelli\AppData\Local\Temp\DPInst_Monx64.exeC:\Users\kmengarelli\AppData\Local\Temp\DPInst_Monx86.exeC:\Users\kmengarelli\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpasvdvd.dllC:\Users\kmengarelli\AppData\Local\Temp\ERUNT.exeC:\Users\kmengarelli\AppData\Local\Temp\fx-runtime.exeC:\Users\kmengarelli\AppData\Local\Temp\javagiac0.8644454434339026.dllC:\Users\kmengarelli\AppData\Local\Temp\jna6178250079325307547.dllC:\Users\kmengarelli\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exeC:\Users\kmengarelli\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exeC:\Users\kmengarelli\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exeC:\Users\kmengarelli\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exeC:\Users\kmengarelli\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exeC:\Users\kmengarelli\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\kmengarelli\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exeC:\Users\kmengarelli\AppData\Local\Temp\KUIU.EXEC:\Users\kmengarelli\AppData\Local\Temp\LMkRstPt.exeC:\Users\kmengarelli\AppData\Local\Temp\OneClickRoot.exeC:\Users\kmengarelli\AppData\Local\Temp\OS_Detect.exeC:\Users\kmengarelli\AppData\Local\Temp\Quarantine.exeC:\Users\kmengarelli\AppData\Local\Temp\SMARTProductUpdate.exeC:\Users\kmengarelli\AppData\Local\Temp\uninst.exeC:\Users\kmengarelli\AppData\Local\Temp\Updater.exeC:\Users\kmengarelli\AppData\Local\Temp\vlc-2.0.4-win32.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-08 09:15 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
kmengarelli Posted June 12, 2014 Author ID:840540 Share Posted June 12, 2014 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 01Ran by kmengarelli at 2014-06-11 20:40:38Running from C:\Users\kmengarelli\Desktop\malwarebytes helpBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Sophos Anti-Virus (Enabled - Out of date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Sophos Anti-Virus (Enabled - Out of date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337} ==================== Installed Programs ====================== Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) HiddenAdobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) HiddenAdobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe Creative Suite 4 Design Premium (HKLM-x32\...\Adobe_55230b0b70661df0f212e88f0b655f7) (Version: 4.0 - Adobe Systems Incorporated)Adobe Creative Suite 4 Design Premium (x32 Version: 4.0 - Adobe Systems Incorporated) HiddenAdobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) HiddenAdobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) HiddenAdobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) HiddenAdobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe Fireworks CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) HiddenAdobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe Media Encoder CS4 Importer (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) HiddenAdobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAdobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) HiddenAdobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) HiddenAdobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenAppInventor Setup (HKLM-x32\...\AppInventor Setup) (Version: 1.1 - Google Inc.)Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)BirdBrain Technologies Snap (HKLM-x32\...\{45A8FCE4-4553-4FE9-9EBA-99F3286E01E4}) (Version: 0.2.0 - BirdBrain Technologies LLC)BisonCam Twain Pro (HKLM-x32\...\{F2672232-FF17-4DC9-8F24-A1E1829FE086}) (Version: 1.5.4.7 - Bison WebCam Ap)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2200 - Broadcom Corporation)Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) HiddenConexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.48.0 - Conexant)Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) HiddenCorel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) HiddenCorel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft)Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) HiddenDisable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) HiddenExtreme Collaboration AddOn (beta) 1.1.27 (HKLM-x32\...\{F92CDDDC-99F7-4CF2-829B-D4C98617F254}_is1) (Version: 1.1.27 - Freiland Netzlösungen GmbH)Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0981 - Ezvid, inc.)File Extractor Packages (HKCU\...\File Extractor Packages) (Version: - ) <==== ATTENTIONFingerprint Reader (HKLM\...\{7DD99174-299B-4450-A179-7F27F4C2D042}) (Version: 6.0.200.105 - AuthenTec, Inc.)GeoGebra 4 (HKCU\...\GeoGebra 4) (Version: - International GeoGebra Institute)GeoGebra 4.4 (HKLM-x32\...\GeoGebra 4.4) (Version: 4.4.11.0 - International GeoGebra Institute)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) HiddenGoToMeeting 5.5.0.1132 (HKCU\...\GoToMeeting) (Version: 5.5.0.1132 - CitrixOnline)HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{7D220A57-969F-4D09-9297-D48195A8ABDD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3190 - Intel Corporation)Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.6.1.0536 - Intel Corporation) HiddenIntel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{A10B1524-63B5-40F2-B272-D841CF671C16}) (Version: 2.2.0.0266 - Intel Corporation)Intel® PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0167 - Intel Corporation) HiddenIntel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)Intel® WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142 - Intel Corporation) HiddenIntel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) HiddeniTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) HiddenJava 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.350 - Oracle)Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hiddenkuler (x32 Version: 2.0 - Adobe Systems Incorporated) HiddenLenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.10 - )Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.9.0 - Lenovo)Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) HiddenLenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) HiddenLenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Mathematics (64-bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)Microsoft Mathematics Add-in (32-bit) (HKLM-x32\...\{E2C98732-F973-4985-A9C5-DC06178E16EE}) (Version: 2.0.040811.01 - Microsoft Corporation)Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Standard 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Security Client (Version: 4.3.0215.0 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2006.0314 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) HiddenMotorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) HiddenMotorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)MouseServer version 1.5.0.0 (HKLM-x32\...\{E13018F5-FFC7-4729-9C1B-1A85807D03E6}_is1) (Version: 1.5.0.0 - Necta Co.)Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenMozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) HiddenMSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)NBC Learn Offline Player (HKLM-x32\...\com.nbcuni.aodplayer.38154C9B00B8386E5872F08BE16716F44323C112.1) (Version: 3.03 - NBC Universal)NBC Learn Offline Player (x32 Version: 3.03 - NBC Universal) HiddenOn Screen Display (HKLM\...\OnScreenDisplay) (Version: 7.12.27 - )OneClickRoot (HKLM-x32\...\OneClickRoot) (Version: 1.0 - OneClickRoot)OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenPhotoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) HiddenPlanbook (HKLM-x32\...\{87EA1B44-0FB0-4EE9-A153-0D3BD026337E}) (Version: 4.00.051 - Hellmansoft)Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.64.4 - Lenovo Group Limited)Presto 1.0.319.0 (HKLM\...\{D65F74D9-5FD6-42E5-BE65-474AF84A5591}_is1) (Version: 1.0.319.0 - Collobos Software)PrintKit (HKLM\...\{41CCC6A9-EB5F-482C-AAB5-38849B7143EE}) (Version: 1.0.319.0 - Collobos Software)Publishly (HKLM-x32\...\Publishly) (Version: 1.0 - The Pretendery)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)Reflection (HKLM-x32\...\{63D5463D-0FED-4E4E-846A-CCB3245A2F28}) (Version: 1.2.1 - Squirrels)Reflector (HKLM\...\{F9C41F10-A70A-4717-8E86-19A4179FE689}) (Version: 1.2.3 - Squirrels)Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) HiddenRICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)SAMSUNG USB Driver for Mobile Phones V5.16.0.0 (HKLM-x32\...\{C0C1D2BC-72FE-4F77-A2F9-CD10D5AA8F93}) (Version: 1.2.2200.0 - SAMSUNG Electronics CO., LTD.)SamsungSimpleDownloaderTool for SPH-D710 (HKLM-x32\...\InstallShield_{8C9EBE06-8BA2-4AEB-BFD8-6614072FE75F}) (Version: 1.0.047 - Samsung Electronics)SamsungSimpleDownloaderTool for SPH-D710 (x32 Version: 1.0.047 - Samsung Electronics) HiddenScratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) HiddenSMART Common Files (HKLM-x32\...\{26A95DBF-A866-4838-A8C9-FA219FCBD22E}) (Version: 11.5.159.0 - SMART Technologies ULC)SMART Ink (HKLM-x32\...\{5ABC49B5-D0DC-428D-A082-4AEFF6490F04}) (Version: 2.0.723.0 - SMART Technologies ULC)SMART Notebook (HKLM-x32\...\{79660EE7-9C0B-4962-B566-2693FE34719D}) (Version: 11.4.564.0 - SMART Technologies ULC)SMART Notebook Gallery 2.0 Beta (HKLM-x32\...\{8FA9260A-062C-4F52-B2B2-08F4CE73CBB3}) (Version: 2.0.141.0 - SMART Technologies)SMART Product Drivers (HKLM-x32\...\{53330A17-78DE-458E-9997-292A2D6D3ADD}) (Version: 11.4.872.1 - SMART Technologies ULC)Songsmith (HKLM-x32\...\{30906093-42C6-4968-AEDD-B915972CF0DB}) (Version: 12.08.2700 - Microsoft Research)Sophos Anti-Virus (HKLM-x32\...\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}) (Version: 10.2.7 - Sophos Limited)Sophos AutoUpdate (HKLM-x32\...\{15C418EB-7675-42be-B2B3-281952DA014D}) (Version: 2.9.0.344 - Sophos Limited)Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.5.8.4 - Splashtop Inc.)Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2200 - Broadcom Corporation)ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.0.0 - )ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)ThinkVantage Access Connections (HKLM-x32\...\{9C551D9B-5D36-46A2-9414-F658D934B129}) (Version: 5.93 - Lenovo)ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARD_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARD_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARD_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.3.64 - VeriSign)VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)Windows Driver Package - Intel (iaStor) hdc (11/06/2010 10.1.0.1008) (HKLM\...\73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12) (Version: 11/06/2010 10.1.0.1008 - Intel)Windows Driver Package - Lenovo 1.64.00.00 (07/28/2011 1.64.00.00) (HKLM\...\01E3B64834B04ABAC85D8E1D3EBDC567D83AD29B) (Version: 07/28/2011 1.64.00.00 - Lenovo)Windows Driver Package - Realtek (RTL8167) Net (12/29/2010 7.037.1229.2010) (HKLM\...\828B05D2B647CDAEA22493F7BFB96847265EE596) (Version: 12/29/2010 7.037.1229.2010 - Realtek)Windows Driver Package - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 07-05-2014 01:26:50 Device Driver Package Install: Google, Inc. SAMSUNG Android Phone07-05-2014 01:36:35 Installed SamsungSimpleDownloaderTool for SPH-D71004-06-2014 02:20:12 Installed Motorola Device Manager06-06-2014 18:31:18 Windows Update12-06-2014 00:38:16 before malware fix ==================== Hosts content: ========================== 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {083E6C5A-B97C-489B-B795-CDB992B40380} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exeTask: {0866F271-C42F-4F66-A4FA-DF3E7BCE6C2F} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)Task: {0FEE389C-4C8A-49E5-AA4A-42ADD803E018} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-03-07] (Lenovo Group Limited)Task: {215C8BB4-AA95-4F94-9B38-406CC720DF09} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"Task: {5649AA3C-6C74-498F-9F1D-734D1F02499C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26] (Google Inc.)Task: {670D78CD-D01B-45E8-907B-C0285B9F9704} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510Core => C:\Users\kmengarelli\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-01] (Google Inc.)Task: {6B6CF214-BC27-44F1-AA76-F7AF5F9FB33F} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()Task: {72B3D271-C6EF-4FA8-98EA-5726D7722F51} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()Task: {77F50C04-4ADA-4B56-9DB1-E02FE55336AD} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()Task: {89C573F3-FA78-41B5-832A-FB1EA3BF1A99} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {95A44E88-C9C9-40ED-BFF7-4C462D4D43C1} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exeTask: {96C46302-7E7E-4D03-909B-DB1A1616C97C} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)Task: {99AD77A1-2C53-47DE-8105-B19F4CAE2905} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510UA => C:\Users\kmengarelli\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-01] (Google Inc.)Task: {B9A7D700-5323-41CD-9C74-CB3BE1FBA6E0} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()Task: {BCFC2974-7AA2-4228-80FA-DF6B7E60BB6E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)Task: {BF442980-691B-43B6-A6CB-E7570B446A50} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()Task: {C2DF1B3B-04BC-4C98-AAD3-D62626C80130} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-05-06] ()Task: {CD6D1CB7-93C7-402C-A840-5D9ACCA85817} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)Task: {D6996255-6DBA-4AB8-9B25-7C77B90C32D4} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()Task: {D94C961F-4FD7-48F0-B8A4-15D7B9D7B8FD} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)Task: {E99A7816-C486-490D-89F6-77C66CE08C8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26] (Google Inc.)Task: {FA1B8EB2-6669-4048-942B-3D312BE0F3AE} - System32\Tasks\New scan => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2012-09-21] (Sophos Limited)Task: {FB769969-7E67-460B-AE82-6A18DECF40ED} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)Task: {FBCBD813-DE95-4C98-8C3B-45175E8FF94C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)Task: {FD6C5330-3F9B-4C89-B98A-F3DB33D0D478} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510Core.job => C:\Users\kmengarelli\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1090334920-1458969583-549785860-23510UA.job => C:\Users\kmengarelli\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\New scan.job => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-07 20:34 - 2012-10-04 19:49 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll2013-09-10 11:15 - 2013-09-10 11:15 - 01575936 _____ () C:\Program Files\PrintKit\libcups2.dll2013-08-07 03:03 - 2013-08-07 03:03 - 01130792 _____ () C:\Program Files\Lenovo Fingerprint Reader\DataManager.dll2013-08-07 03:04 - 2013-08-07 03:04 - 00087848 _____ () C:\Program Files\Lenovo Fingerprint Reader\ssutil.dll2013-04-03 09:59 - 2010-10-26 12:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe2012-02-26 20:06 - 2011-08-19 00:20 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2012-02-26 20:08 - 2014-03-07 06:04 - 00104448 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL2014-03-14 17:47 - 2014-03-14 17:47 - 00092504 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2013-09-05 15:12 - 2011-08-02 20:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll2013-09-05 15:12 - 2011-08-02 20:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll2012-02-06 03:50 - 2012-02-06 03:50 - 02402304 _____ () C:\Program Files (x86)\SAMSUNG\Intelli-studio\Filters\HTH264VD.dll2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll2012-02-26 20:09 - 2010-04-06 12:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll2012-02-26 20:09 - 2010-04-06 12:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll2014-06-11 20:11 - 2014-06-11 20:11 - 00043008 _____ () C:\Users\kmengarelli\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpasvdvd.dll2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\kmengarelli\AppData\Roaming\Dropbox\bin\libcef.dll2013-08-22 19:43 - 2013-08-22 19:43 - 00272688 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK.node2013-08-22 19:44 - 2013-08-22 19:44 - 00039216 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\HWR.node2013-08-22 19:44 - 2013-08-22 19:44 - 00053040 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SWR.node2013-08-22 19:44 - 2013-08-22 19:44 - 00057648 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\MWR.node2013-08-22 19:44 - 2013-08-22 19:44 - 00014848 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SessionNotification.node2014-06-11 20:09 - 2014-06-11 20:09 - 00098816 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32api.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00110080 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\PyWinTypes27.dll2014-06-11 20:09 - 2014-06-11 20:09 - 00364544 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\pythoncom27.dll2014-06-11 20:09 - 2014-06-11 20:09 - 00045568 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\_socket.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 01159680 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\_ssl.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00320512 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32com.shell.shell.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00713216 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\_hashlib.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 01175040 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\wx._core_.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00805888 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\wx._gdi_.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00811008 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\wx._windows_.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 01062400 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\wx._controls_.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00735232 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\wx._misc_.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00128512 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\_elementtree.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00127488 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\pyexpat.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00557056 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\pysqlite2._sqlite.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00087552 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\_ctypes.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00119808 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32file.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00108544 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32security.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00018432 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32event.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00038912 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32inet.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00070656 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\wx._html2.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00167936 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32gui.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00011264 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32crypt.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00027136 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\_multiprocessing.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00122368 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\wx._wizard.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00010240 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\select.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00024064 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32pipe.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00686080 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\unicodedata.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00025600 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32pdh.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00525640 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\windows._lib_cacheinvalidation.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00035840 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32process.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00017408 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32profile.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00022528 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\win32ts.pyd2014-06-11 20:09 - 2014-06-11 20:09 - 00078336 _____ () C:\Users\kmengarelli\AppData\Local\Temp\_MEI51562\wx._animate.pyd2014-03-31 16:26 - 2013-05-14 06:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll2014-05-21 23:02 - 2014-05-13 18:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll2014-05-21 23:02 - 2014-05-13 18:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll2014-05-21 23:02 - 2014-05-13 18:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll2014-05-21 23:02 - 2014-05-13 18:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll2014-05-21 23:02 - 2014-05-13 18:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbyloginMSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: BLEServicesCtrl => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exeMSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostartMSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: Lenovo Registration => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /bootMSCONFIG\startupreg: PWMTRV => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitorMSCONFIG\startupreg: Response Desktop Menu => "C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe"MSCONFIG\startupreg: sbsdk-server => "C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe"MSCONFIG\startupreg: SkyDrive => "C:\Users\kmengarelli\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /backgroundMSCONFIG\startupreg: SMART Board Service => "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe" -dMSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==================== Faulty Device Manager Devices ============= Name: SMART Virtual TabletPCDescription: SMART Virtual TabletPCClass Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}Manufacturer: SMART Technologies ULCService: SMARTVTabletPCx64Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: SMART Virtual TabletPCDescription: SMART Virtual TabletPCClass Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}Manufacturer: SMART Technologies ULCService: SMARTVTabletPCx64Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft Virtual WiFi Miniport Adapter #3Description: Microsoft Virtual WiFi Miniport AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: vwifimpProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft Virtual WiFi Miniport Adapter #4Description: Microsoft Virtual WiFi Miniport AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: vwifimpProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (06/11/2014 08:28:16 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: devmonsrv.exe, version: 2.2.0.212, time stamp: 0x4fcc6a90Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000Faulting process id: 0xbc4Faulting application start time: 0xdevmonsrv.exe0Faulting application path: devmonsrv.exe1Faulting module path: devmonsrv.exe2Report Id: devmonsrv.exe3 System errors:=============Error: (06/11/2014 08:28:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Bluetooth Device Monitor service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions:=========================Error: (06/11/2014 08:28:16 PM) (Source: Application Error) (EventID: 1000) (User: )Description: devmonsrv.exe2.2.0.2124fcc6a90unknown0.0.0.000000000c000000500000000bc401cf85db64342105C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exeunknownd39df8cf-f1d0-11e3-83f4-b888e3350297 ==================== Memory info =========================== Percentage of memory in use: 68%Total physical RAM: 3688.15 MBAvailable physical RAM: 1172.77 MBTotal Pagefile: 7374.48 MBAvailable Pagefile: 4148.73 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:448.67 GB) (Free:222.57 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (1991_PITT_ST_FOOTBALL_CHAMPIONSH) (CDROM) (Total:3.1 GB) (Free:0 GB) UDFDrive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.61 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 466 GB) (Disk ID: 478F2F74)Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=449 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
MrCharlie Posted June 12, 2014 ID:840543 Share Posted June 12, 2014 Download the attached fixlist.txt to the same folder as FRST.exe. Run FRST.exe and click Fix only once and wait The tool will create a log (Fixlog.txt) in the folder, please post it to your reply. -------------------------------- Clean out temp files: Download TFC from here and save it to your desktop. http://oldtimer.geekstogo.com/TFC.exe http://www.bleepingcomputer.com/download/tfc/dl/92/ Close any open programs and Internet browsers. Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning. Please be patient as clearing out temp files may take a while. Once it completes you may be prompted to restart your computer, please do so. Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files. Let me know how it is, MrC Link to post Share on other sites More sharing options...
kmengarelli Posted June 12, 2014 Author ID:840545 Share Posted June 12, 2014 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-06-2014 01Ran by kmengarelli at 2014-06-11 20:58:38 Run:1Running from C:\Users\kmengarelli\Desktop\malwarebytes helpBoot Mode: Normal============================================== Content of fixlist:*****************SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearc...r=531881053&ir=SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearc...r=531881053&ir=SearchScopes: HKLM-x32 - DefaultScope value is missing. ***************** HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}' => Key deleted successfully.'HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}'=> Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. ==== End of Fixlog ==== Link to post Share on other sites More sharing options...
kmengarelli Posted June 12, 2014 Author ID:840551 Share Posted June 12, 2014 Getting user folders. Stopping running processes. Emptying Temp folders. User: Administrator->Temp folder emptied: 129346349 bytes->Temporary Internet Files folder emptied: 185874205 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 52034878 bytes->Google Chrome cache emptied: 39919864 bytes->Flash cache emptied: 57969 bytes User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 57311 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: kmengarelli->Temp folder emptied: 3861793662 bytes->Temporary Internet Files folder emptied: 494086001 bytes->Java cache emptied: 10826835 bytes->FireFox cache emptied: 52426869 bytes->Google Chrome cache emptied: 245962278 bytes->Flash cache emptied: 74572 bytes User: phslib->Temp folder emptied: 1637479 bytes->Temporary Internet Files folder emptied: 5552418 bytes->Java cache emptied: 0 bytes->Google Chrome cache emptied: 7677177 bytes->Flash cache emptied: 56504 bytes User: Public User: USD No. 250->Temp folder emptied: 107924 bytes->Temporary Internet Files folder emptied: 87455 bytes->Google Chrome cache emptied: 819568 bytes->Flash cache emptied: 56475 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 3229552 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 1977375817 bytes%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 761 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67758 bytes Emptying RecycleBin. Do not interrupt. RecycleBin emptied: 10891199 bytesProcess complete! Total Files Cleaned = 6,752.00 mb Link to post Share on other sites More sharing options...
MrCharlie Posted June 12, 2014 ID:840553 Share Posted June 12, 2014 How is it??????? MrC Link to post Share on other sites More sharing options...
kmengarelli Posted June 12, 2014 Author ID:840554 Share Posted June 12, 2014 I didn't really notice much in the way of issues before, just Malwarebytes finding mysearchdial. I would say that the browser is working better and it isn't opening mysearchdial as the search page. What else should I look for to know that I got it cleaned up?Thank You! for your help. Link to post Share on other sites More sharing options...
MrCharlie Posted June 12, 2014 ID:840558 Share Posted June 12, 2014 We got it all.....Lets check your computers security before you go and we have a little cleanup to do also:Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.If you get Unsupported operating system. Aborting now, just reboot and try again.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC (Be back in the AM) Link to post Share on other sites More sharing options...
kmengarelli Posted June 12, 2014 Author ID:840714 Share Posted June 12, 2014 Results of screen317's Security Check version 0.99.84 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Sophos Anti-Virus WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 6 Update 35 Java 7 Update 25 Java version out of Date! Adobe Flash Player 13.0.0.214 Adobe Reader XI Mozilla Firefox (28.0) Google Chrome 34.0.1847.137 Google Chrome 35.0.1916.114 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Sophos Sophos Anti-Virus SavService.exe Sophos Sophos Anti-Virus SAVAdminService.exe Sophos Sophos Anti-Virus Web Intelligence swi_service.exe Malwarebytes Anti-Malware mbamscheduler.exe kmengarelli Desktop malwarebytes help SecurityCheck.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
MrCharlie Posted June 12, 2014 ID:840718 Share Posted June 12, 2014 Out dated programs on the system are vulnerable to malware.Please update or uninstall them:~~~~~~~~~~~~~~~~~~~~~~~~~~Java™ 6 Update 35 <----uninstall from your add/remove programsJava 7 Update 25 <---update, should be Update 60Java version out of Date! <--------Go to control panel > Java > Update Tab > Update NowUncheck the box to install the Ask toolbar!!!, McAfee Security Scan Plus or any other free "stuff".If there's no update tab in Java, uninstall it and Download and install the latest version from HereUncheck the box to install the Ask toolbar!!!, McAfee Security Scan Plus or any other free "stuff".------------------------------------------------------A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter. (it may look like CF is re-installing but it's not)This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)---------------------------------Download Delfix from here and save it to your desktop. (you may already have this)Ensure Remove disinfection tools is checked.Click the Run button.RebootAny other programs or logs that are still remaining, you can manually delete. (right click.....Delete)IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.Note:If you used FRST and can't delete the quarantine folder:Download the fixlist.txt to the same folder as FRST.exe.Run FRST.exe and click Fix only once and waitThat will delete the quarantine folder created by FRST.The rest you can manually delete.-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again. (My Preventive Maintenance also found HERE)Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
kmengarelli Posted June 12, 2014 Author ID:840752 Share Posted June 12, 2014 I don't think we got it all cleaned up because when I open a new tab I get the following "google" page https://www.dropbox.com/s/rjr84juwlej490u/Screenshot%202014-06-12%2012.09.43.png There is nothing in the address bar and it doesn't match the actual google page if I type in the actual google page in the address bar.Kris Link to post Share on other sites More sharing options...
kmengarelli Posted June 12, 2014 Author ID:840756 Share Posted June 12, 2014 maybe it is okay, here is the log from a malwarebytes scan. Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 6/12/2014Scan Time: 12:11:53 PMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.06.12.08Rootkit Database: v2014.06.02.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: kmengarelli Scan Type: Threat ScanResult: CompletedObjects Scanned: 395209Time Elapsed: 16 min, 44 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
MrCharlie Posted June 12, 2014 ID:840763 Share Posted June 12, 2014 Chrome has to be manually set, here's 2 links that will help: https://support.google.com/chrome/answer/95421?hl=en https://support.google.com/chrome/answer/95314?hl=en MrC Link to post Share on other sites More sharing options...
Recommended Posts