Inactive [A] Tons of viruses. Help! trojan.zeroaccess

Sal Pennah · Sep 11, 2012

Hi all,

I've spent the entire day trying to figure this out, and it's been driving me absolutely nuts. I currently have McAfee Total Protection and it kept popping up trojan.zeroaccess. It asked me to restart so it could fix the problem and it appeared to do so. This seemed to keep popping up random ad windows primarily from ad.xertive.com and then it stopped.

Soon after, it happened again. I found a post in here https://www.techspot.com/community/topics/infected-with-trojan-zeroaccess.184669/page-2 and it seems that the user was able to solve the problem with the help of some of the forum members, so I signed up for an account with the hope that someone will be able to help.

It eventually came to a point where there were 47 trojan viruses found, and then mcafee would automatically fix it or quarantine them and it would come back to 0. It seems that the viruses are being found after about 30 minutes of being online...

I downloaded malware bytes and did a full scan and 3 objects were detected.

The mbam log looks as follows:

Protection: Enabled

9/11/2012 11:21:34 AM
mbam-log-2012-09-11 (18-52-41).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 668299
Time elapsed: 6 hour(s), 36 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\$Recycle.Bin\S-1-5-18\$0777cfe37d3bfd5a401954926157210b\U\00000001.@ (Trojan.0Access) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$0777cfe37d3bfd5a401954926157210b\U\800000cb.@ (Trojan.0Access) -> No action taken.
C:\Users\User\Downloads\ccproxysetupfree7.2.exe (PUP.CCProxy) -> No action taken.

(end)

If someone is out there, I can post the GMER log as well. Please give me a shout or if you have a solution, please let me know. Thank you!

Sal Pennah · Sep 11, 2012

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-11 20:06:01
Windows 6.1.7600
Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind ?????3????4Local Area Connection* 168???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????6Microsoft 6to4 Adapter #160???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route ????????{4F75CCF9-D8D8-44EB-8C94-77C9BC331464}??????\Device\{4F75CCF9-D8D8-44EB-8C94-77C9BC331464}??????? ??????????????????????????????<???????????????????????????????????????????????MD??????*6to4mp?????? ?????????????????????0????????????????????? ?????????????????????0????????????????????????????Microsoft???????16??????????????????????? ?????????????????????,??????????????????????s{91???????????C??B-??x3??? ?????????????????????,?????????????????f??? ?????????????????????0??L????????? ??????778??????????????????????? ?????????????????????0????????????&????????????????????9??? ?????????????????????0????????????????????? ?????????????????????0????????~????????????????????7??03??????????????????? ?????????????????????0????????????????????nettun.inf:Microsoft.NTamd64:6to4mp.ndi:6.1.7600.16385:*6to4mp?C-0??-0??? ????????????H????????0????????????&????????????????????9??? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????3??FB??????????? ?????????????????????0???????
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export ???s????? 6??p???=?????e|A????H??p???????????????s?s?s???????????p??????????????? ???????n??????????????????????Z?J????????????????????\???(??????P??????????????????? ??????????????????????????????????????????;??? ?????????????????????p???????p???????????????????????X???(??????P????????????(??????P???????????????l??p???????????????????????????????????-???,??? ???????n??????????????????????R?K?????????? ???????n?????p????????????????N?U????Cj??????????????4?????????? ???????????????????l??p??????????????/??????p???p???p???o???o???o???p???p???p?????????????????????????????p?p????????????ProfSvc_Group?????8??p????????h?????? ???????n??????????????????????2?L????G????? ???????p???????????p?0????????????????????? ???????o?????p???????0????????????????????? ???????p???????????p?0???????????????????????p?????p?pNV??????????????????????? ???????n??????????????????????V?N?????????? ???????o?????p???????0?????????????????????????????????}???????????o?s?s?s?s????0??p??????????????????? ???????p???????????n????????:????
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ???????????????????????????????g??????X??????|????????D??}???????????d?????{???{????{F990C96A-8EF2-4CFF-AA69-01A48AA47143}-{A01C1BDB-44E5-4C3E-9AC9-C456C184A812}-0000??=%??? ???????w?????y??????????V?????????&????????????????????I??? ???????y??????????????????????????+??????????????????????0I.??? ???y???????????z?????y????? ???y???m?????Ext?????y?????????????u??se??tunnel???????????????y??????????????? ???????y??????????????????????????+??????????????????????????????????y???????y???????????y????????????????????????t???Net?????{E42130C7-A6E6-41EE-9237-0614A46F0DD4}-{A01C1BDB-44E5-4C3E-9AC9-C456C184A812}-0000??.e??? ???????w?????y??????????V?????????&????????????????????0?????????y=@?????y???????y???????y??????N??????~???????????????~??? ???????y??????????????????????????+??????????????????????0ma??{10732F9E-B5C6-4698-8C90-51B15B353E5C}-{A01C1BDB-44E5-4C3E-9AC9-C456C184A812}-0000??dC??? ???y???l?????dll?????y??????N??????{?????{?{???{???????????????y??? ???????w?????y??????????V?????????&????????????????????s?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ????os??t??????????????????y???????x????? ???x?????????????????????y?????????y?????????y?;?????x????? ???x???????????????????????????????????s???d??? ???y?????????????????y???????????????????????????y???????y?????????-;?????*6to4mp??????????????y??????????????{BF244C70-6C2D-475E-BAB2-55860821ECC2}-{A01C1BDB-44E5-4C3E-9AC9-C456C184A812}-0000??p=??? ???????w?????x??????????V?????????&????????????????????w??? ???????y??????????????????????????+??????????????????????0wa??{8B4F5D14-0A56-43F5-ACC1-CFD0E24C5427}-{A01C1BDB-44E5-4C3E-9AC9-C456C184A812}-0000??n|??? ???????w?????x??????????V???????v?&????????????????????a??? ???????y??????????????????????????+??????????????????????001??{4F75CCF9-D8D8-44EB-8C94-77C9BC331464}-{A01C1BDB-44E5-4C3E-9AC9-C456C184A812}-0000?????????x??????????????N?????????????????Net?????H??????y?;?????y?????????????????/??????????? ???y????????????????D??}?????????h?d???{?{?{??? ???????y??????????????????????????+??????????????????????0om??{61B59E5E-E7A9-43FE-8353-43C69FF422AD}-{A01C1BDB-44
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ??????????N??????_????Dl????? ??????????????????????????????????????? l?????????????????*6to4mp?????? ??????????????????????????????N?????????????s?????? ???????/?????????????,??P?????????????????????????????? ??????????????xe????6??????6???????????????????????????I???h??????????? ??????????????????????????????????????????????0???? ????????????????????????????P?N?????0?????? ?????????????????????,??????????????????????s?????nettun.inf??????????#???? ??????????????????????????????"??? ???????????Microsoft???????0???? ??????????????x?????6?????????????16???????????0??????????Microsoft 6to4 Adapter #21???????????????-???????????????????????t??????????? ??????????????????????????????????????????????????????? ????????????????????????????R?N?????0?????Microsoft 6to4 Adapter Driver???? "????????????nel???? ??????????e??? ??????????????????????????????"??? ???????????ndis5_ip6_tunnel?A???? ???????????c?????Network Address?????? ???????????????????????????????????????0??? ?????????????????????????????? ????????????F?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ?????y??? ???????w?????y??????????V?????????&????????????????????s??? ???????y??????????????????????????+??????????????????????0c=??{9BAB3441-80E2-46F4-A833-8AD933BD10AD}-{A01C1BDB-44E5-4C3E-9AC9-C456C184A812}-0000???y?????????y???????????y?z?????y??????????????????`?????????????????t????????????????????????d??{E64FAE0C-9468-4952-BD94-AA03CBB59857}-{A01C1BDB-44E5-4C3E-9AC9-C456C184A812}-0000??m|??? ???????w?????y??????????V?????????&????????????????????m??? ???????y??????????????????????????+??????????????????????0e=??{83F33242-21C9-48FD-B8A8-946FDB40E193}-{A01C1BDB-44E5-4C3E-9AC9-C456C184A812}-0000??51??? ???????w?????y??????????V?????????&????????????????????2??? ???????y??????????????????????????+??????????????????????0?z?????????y?????;??????16????????????????????X??????.???t??11???????????????????h???????????B?????y???????????y;C??????????????????????s ????????????????????D??}?????????h????{95566A06-0C0D-4D8B-9EAE-7DD0773178FC}-{A01C1BDB-44E5-4C3E-9AC9-C456C184A812}-0000??em??? ???????w?????y??????????V
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ?????????????????y????????????????????*??{???????????? ??y???????<??{AD63F77D-0967-49E6-A977-51FD130BB8E6}-{A01C1BDB-44E5-4C3E-9AC9-C456C184A812}-0000??oc??? ???????y??????????????????????????+??????????????????????0PI??{A3AEEF8F-89AA-4B34-ADED-3D72791A1FA2}-{A01C1BDB-44E5-4C3E-9AC9-C456C184A812}-0000?????????????yt???? ???y?????????n???????????y???????y????*6to4mp??B??tunnel?4?3???????????????????????B??????????? ???????w?????y??????????V?????????&????????????????????3??? ???????y??????????????????????????+??????????????????????0re??{E1E835E6-5F31-4D46-9137-F7F733ECC9A7}-{A01C1BDB-44E5-4C3E-9AC9-C456C184A812}-0000??=T??? ???????w?????y??????????V???????X?&????????????????????o??? ???????y??????????????????????????+??????????????????????0AP??? ???y???7?????dCt?????????yll??? ???y???0???????y???????E???????y???????u???????????;?????h?????y??????????????{37C47DA4-8C9D-449E-8BE6-3CB09912224A}-{A01C1BDB-44E5-4C3E-9AC9-C456C184A812}-0000??em??? ???????w?????y??????????V?????????&????????????????????c??? ???????y?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ????????Type????????????????????@nettun.inf,%msft%;Microsoft?F??? ???r???C?????evi??Net??k??????????????????????????? ???????????????????<??????????z???????????????os??t???Net?????*6to4mp?el??????? ????????????????????????"??????????????????????????????y???8???e????X??????5???????????????????????7??F5??????????? ???y???c??????????*6to4mp?????????{4??????????????? ???????n?????????????,??"?????p???????????????????? ??????????????????????????????N?????????????s?????? ?????????????????????0????????????&???????????????????????? ?????????????????????0????????????????????? p?????????????????? ??????????????????????????????????????????????0???? ????????????????????????????P?N?????0???????N?????????????????{4d36e972-e325-11ce-bfc1-08002be10318}??????? ??????????????2???? ????????????????????????????$?N?????????????? ????????????0???{4d36e972-e325-11ce-bfc1-08002be10318}\0021?? ????????????????????????N?????????????????{931FA068-5C64-4EA2-8C5C-08FB5CB654F7}??????????? ?????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind ????????????31????N??????Z???????????????????9?????s41???????????6??????????????????????????????????????????????????????@nettun.inf,%msft%;Microsoft????? ????????????????????8?????????????16??????????Type????tunnel??16????????????????????8?????????????16??{4d36e972-e325-11ce-bfc1-08002be10318}?dap??@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter?6)????N??????6?????D\e???????????r??????Si??????????????????????????? ??????????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0230?{0????8???????????????????N??????5????D?????????????????????????????????????????????????10??????????????????????????? ???????U???????????=??????????$?|?<???????????????????????????????????Microsoft 6to4 Adapter #229?????????????????? ???????????????????=??????????z?????#?n???{4d36e972-e325-11ce-bfc1-08002be10318}????????N?????????????????????????20??6-21-2006???????#???{4d36e972-e325-11ce-bfc1-08002be10318}\0243?????*6to4mp??????????????????????a??????????????????????@nettun.inf,%msft%;Microsoft????*6to4mp?01??????????Microsoft 6
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route ????4.??Microsoft???? ?????????????????????0????????~???????????????70????????????N???????????????????N??????????????????????????????????????????????????f???????????????????????????????????????????????n????????????~?????????????*6to4mp?ev??Type????Type????? ???????|???????????o?:????????????&????????????????????6???-???????????????&%? ???????tu????????????????????$?????????????????{DFFCB847-360A-4671-9983-0F12D220130E}??????????????? ??????????????????P????5??????5_????*??????4????d384???F???????????1???????????o???r??e.???????s??????????????e\??.NT???????????????`??????A???8???????????????????????@??Microsoft???????????????????nd????$??????n??????????ROOT\*6TO4MP\0137????????????????????????????o??????????????? ???????????????????????????????0??????????????????TCPIP6TUNNEL?Tcpip6??{???|???????????.???e???????|??? ???????F?????FFF???????n??????????????????????????????????77????????????????????????????????*??????c??so??Microsoft???? .????????????n?????????????F???4??????? ?????????????????????0???????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export ????????????????????? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????6??23??? ?????????????????????0??????????????????????????????????????????????????????FFF}?791X?{0??? ?????????????????????0????????????????????@nettun.inf,%msft%;Microsoft????{4d36e972-e325-11ce-bfc1-08002be10318}?????????D?????????e??????????????????? ?????????????????????0??????*?6??? ????????E?????????????????s*I??????????{4F75CCF9-D8D8-44EB-8C94-77C9BC331464}??????\Device\{4F75CCF9-D8D8-44EB-8C94-77C9BC331464}??????? ??????????????????????????????<???????????????????????????????????????????????MD??????*6to4mp?????? ?????????????????????0????????????????????? ?????????????????????0????????????????????????????Microsoft???????16??????????????????????? ?????????????????????,??????????????????????s{91???????????C??B-??x3??? ?????????????????????,?????????????????f??? ?????????????????????0??L????????? ??????778??????????????????????? ?????????????????????0????????????&????????????????????9??? ?
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Bind ????03??????80????4Local Area Connection* 151???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????6Microsoft 6to4 Adapter #143???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Route ????????????????? ?????????????????????0?????????????????????????????B??B7???????????????????????????????????????5????????????????????6??????4??da????N??????????????o??????????????????????? ?????????????????????0????????????&????????????????????v??? ?????????????????????0????????????????????? ?????????????????????0????????????????????oem36.inf:Apple.NTamd64:USBAAPL64.Dev:6.0.9999.57:usb\vid_05ac&pid_129f?????????????????????????????????????? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????????y??????????????????? ?????????????????????0?????????????????????????????????????D??? ?????????????????????0????????????????????????????????????????????????????? ?????????????????????0????????????&???????????????????? ??????????????????????? ?????????????????????0????????????????????? ?????????????????????0??????????????????????????????????????>?????????????????????? ?????????????????????0????????????????????6.0.9999.57?????????????????????????*6to4mp?????Microsoft???? ?????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export ????????????????????????????????volsnap.inf:MSFT.NTamd64:volume_snapshot_install:6.1.7600.16385:storage\volumesnapshot?6)\??? 6??????a?????per??Generic volume shadow copy?p.e??? ?????????????????????0????????????????????? ?????????????????????0????????6????????????????????????????v??0.????????6??????e???\??Generic volume shadow copy?T~1??? ???????x?????\C:??@volsnap.inf,%storage\volumesnapshot.devicedesc%;Generic volume shadow copy?ws??? ?????????????????????0??????????????????????????????????????????????ndow??? ?????????????????????0????????????????????????????????????????C:???????????s??m3??????te??? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????????????a??oc???????????h??me??????ca??? ???????|?????????????:????????????&????????????????????D???????????-?????e36??? ???????n?????????????,??"?????p?3???????????N??????u????D.ca???????????????????????????????????????????????2??????27??????2C??????CI???????????????????F????????????N??????d??????????????\D??{4d36e9
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Bind ????????????ic??????16???????????????o???6??44?????????????????s????????????????? ????????????????????:??????:?g??????????????8?????????????16??{4d36e972-e325-11ce-bfc1-08002be10318}??????? ????????????????????8??????????????????????w??????s????????????3??s???????????????16??????16???????e???????e???????o????N????????????D????????????????#???? ???????F?????928??????????????????????????????????Microsoft 6to4 Adapter #225??2??tunnel????????????????8?????????????16??*6to4mp??.????~???????????????:????????g????????13??? ??????????????x?????N???????????D???????~?????????????? ????????????????????8?????????????16??? p??????????????????????????????2???????o??????????tunnel?r???????????????????????????s?????????????????????????????????????????????????????????????e??????????????????Microsoft???@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter????????????????????????????s???????????????????s????????????????????????????????????????????????????@nettun.inf,%msft%;Microsoft????????-A??-A????????????????????4Local Ar
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route ?????m???????????.????????????????????????6??????0???????????????????????????????????????????4???h??????????????????\Device\{ACCD7ADA-B7BD-441C-93EE-99535DABD9DF}??E3??? ???????;??????????????? ??????????????????????????????<??????I-E???????????9???e????<?????????????Microsoft 6to4 Adapter Driver???? ??????????????????????????????"??? ??????3B-??? ?????????????ce\??? "??????7?????01-??ndis5_ip6_tunnel?c??? ???????????????????????????????????????4??? ?????????????????????????????? ????????????8???? ??????E????c2}???Network Address?D5???????????5???t???? ??????9??EB??? ?????????????????????????????? ???????A9???? ??????4????cFD1???????????-???t???????????D??ic???????????B??? ???????U???????????;????N?????$???<???????????????????????????????\D????8?????????????? ??*6to4mp?2-??????????? ???????????????????;??????????????'????????????????????}??@nettun.inf,%msft%;Microsoft??????N??????1????D????????g????????????????????????????*6to4mp?????????????????????Microsoft???? ???????U???????????=??????????$???<??????????
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export ?????????????????????????????????_???????s??Microsoft????????????o??????????storage\volume?-75??????????????????????? ??????????????f???Generic volume????????"?????????????????.NT?????????? ???????A???????????????????? ?:???????.I????*??????n???????%??WUDFCoInstaller.dll??d??? ???????o?????Dri??Basic_Install????????A???8??????"?????<??????4??????????????TCPIP6TUNNEL?Tcpip6?????????????????????????????????????????????????? ???????@????????????????????$?N?X??????????????????e?????e88???????????????????????????????????M??????ft????N??????e?????D????????#????????????-??3F??????????????????????????????????????????????????????????????????????????????????????????????? ???????n?????????????,??"?????p?F???????????N??????5????D.0???{4d36e972-e325-11ce-bfc1-08002be10318}?.0???????TCPIP6TUNNEL?Tcpip6?????? ??????????????????*6to4mp?????? ????????????????????????????$?N?V?????????{4d36e972-e325-11ce-bfc1-08002be10318}\0086?????????????? ??????????????????int???????~?????????????*6to4mp??????????????B?????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Bind ????????tunnel?2D}??????????????????????????????? P??????A???????8??? ??????????????t???? p??????I??????16??????????????????????????????? ?????????????????????,????????????????????????????????????????????\Device\{CCCF392B-8546-4CCD-B27F-E9E2B9050111}??0c???????????{??????C7????????????????????????????N??????o?????DO4????$??????I???????e??? ??????????????????????????????"??? ??????\Ro??? "??????c?????358??ndis5_ip6_tunnel?E??? ???????????????????????????????????????u??? ?????????????????????????????? ????????????????? ?????????????????Network Address?? ???? ?????????????? ?????????????????????????????? ????????????? ???????????c??????????????????t??????????????????? ???????U???????????;????N?????$???<???????????????????????????????????????????? ?????s A??? P?????????????????? ???????????????????;??????????????'????????????????????}??? ???????????????????y??????????????????????{462682A8-2864-4924-B356-A82BB7D8B0C8}????????*??????b????d?????????????????????? ???????U???????????=??????????$???<??????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Route ????????? ??????????????x?????8?????????????16??Microsoft 6to4 Adapter #200??2???????????3??????????????????????????Microsoft????????????4???h??nettun.inf?53???? ?????????????????????0??L????????? ??????69???? ?????????????????????0????????????&???????????????????????? ?????????????????????0????????????????????????????? ?????????????????????0?????????????????????????????????????2??12???????????2??12??nettun.inf??13??? ???????3??????13??6to4mp.ndi??13??? ??????????????????6-21-2006???? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????7??17??6to4mp.ndi??17???????????8??????18??? ?????????????????????0????????????????????????????????????????????????? ??????????????????????????????z?????#l D????$??????a???????v??????C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll?p.e??\\?\Root#*6TO4MP#0198#{cac88484-7515-4c03-82e6-71a87abac361}?5??????? ???????????????????????????????????????????????????.??????????????????????????????{00000000-0000-0000-FFFF-FF
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Export ?????2?????????????????s????????????????int???????????????????????X?????????????????????????????????C-???????????????????????e????X??????t??????????????11????????N????????????D????????????????????????????????????????????D8??????????11??????? ?????????????????????????????? ???????9B????~??????F??68????:?????????????????????????????????????????????????????????D8???????????B??? ???????@????????????????????$?N???????????????????? ????????????N?????????????????{96A806EF-023C-4A27-9EFB-425E5A52BB67}???????????????????e???????????????????s??? ????:?????? ??????????????Ne???????????s???????????????????????????????????????n????????????$?????????????????ROOT\*6TO4MP\0123???????????????????????????????????????????????????????????????????*6to4mp??l???????????k???????????????????t??????????????????nettun.inf?%tv??? ???????I?????ft???6to4mp.ndi??????? ??????????????????6-21-2006???Microsoft???????????????????????????????????????????*6to4mp?????????? ??????? ??????nv??6.1.7600.16385?n????TCPIP6TUNNEL?Tcpip6??{????`??????C?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind ????????100?????Ports?????(??????????????????????????????>??????????????????11?F-F???????t???????????????????????????????>????????????????B?????????Version 70.18.45.0.9?????????????????????????????4?4????sdbus??????????????????????W??????? ??6??????????????:??????am??? ???????????????????????????:?:?9??????????System????????T????????R??????"?????????????????????????IBMPMDRV????1394????11??????? ??????????????s???*PNP0F13??????p?????????????????32??????????????Root\SYSTEM\0000????? ???????e??????t5???????3?3????11?t???????????????????e????????16??????????? ???????.????????????????????,???????????????F????????1???????????2???2???0???.???:???:????????????C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe???????????????????????????????????????????????????????????????G????????????????????.??1???????p???????????????????%;??? ???????,?????????????,???????????? ???????????????????????????????????????????? ??#???????????????SynTP????????-?3?.??????????????????-r?????????????????????????????
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route ???????????? ????.??????????????????????0?????&???????????c????????????????????????)????????P???????ve????????????X??????????????????????.??8???? ??????????????????????????????????igfx?p????p??????????????????????????????????3?3?.??{0.0.0.00000000}.{f4e46dba-a0ff-4516-9dce-43154d358b87}?1D??LEN40B10_00_07D9_E2??????e?e?p??????????????????????????????????????????????????s???????????????????????s?????H?????????????????????????????????????\\?\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}\{cfd669f1-9bc2-11d0-8299-0000f822fe8a}&{0A4252A0-7E70-11D0-A5D6-28DB04C10000}?????~?????????????????????????????????????????????????Net?????????p???????????????Net?????????????????????pci?????????p????5???????????????????????????????????????????????????????_???;????h???????????????????p?????????????????hdc???????????????????????s?????i8042prt????Impcd?????p??????????????t???????????????????????????????????@?@?4??Mouse???????p????????????????????????????????????4?4?/????p?????????????????????@NetCfgx.dll,-1502???????3?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export ?????????3?3?.??{0.0.0.00000000}.{f4e46dba-a0ff-4516-9dce-43154d358b87}?1D??LEN40B10_00_07D9_E2??????e?e?p??????????????????????????????????????????????????s???????????????????????s?????H?????????????????????????????????????\\?\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}\{cfd669f1-9bc2-11d0-8299-0000f822fe8a}&{0A4252A0-7E70-11D0-A5D6-28DB04C10000}?????~?????????????????????????????????????????????????Net?????????p???????????????Net?????????????????????pci?????????p????5???????????????????????????????????????????????????????_???;????h???????????????????p?????????????????hdc???????????????????????s?????i8042prt????Impcd?????p??????????????t???????????????????????????????????@?@?4??Mouse???????p????????????????????????????????????4?4?/????p?????????????????????@NetCfgx.dll,-1502???????3?3?/??????????????????????0???????????????r????????????;???????????????????????????>???6??????????fdc??????????????????????e??? ?????????????????????,????????N????????????????????????e??kl2?????????????????????kl2????
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???o?????????b???????e???????????????????????????l???????????????????l???????????????????????????k?l?????????l???????????l?los???l?l?l??umbus.inf:Microsoft.NTamd64:UmBusRoot_Device:6.1.7600.16385:root\umbus?evi???????k???????????????????????????????????????????????l???2???????l?l?????????????2???????????l??????????6.1.7600.16385???????l?l?????????????2????????4??l??????????UMBus Root Bus Enumerator????l?lr????????????????e???l?l?e???????l???????????????????????????????l??????????6.1.7600.16385??6.???????????????????????????????????????????????????l?loa??@machine.inf,%rdp_mou.devicedesc%;Terminal Server Mouse Driver???????????l???3???5????????????????????N??m?????????DMi??????????????t???????????????????????????????????????????@machine.inf,%gendev_mfg%;(Standard system devices)??????l?l????? ???????j?????l?????k?,??????????O?????????????? ??????????????????? ???????l???????????k?,????????N???????????8&2e47676&0??6??rdpbus.inf?????????l?&???????l???3???????l?l?????????????I???????????l???????3???????l?????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ????????USBSTOR\Disk&Ven_Kingston&Prod_DT_101_G2&Rev_PMAP\001CC0C60D72EAB0F41F001F&0??????$??/??????????????4&372a6b86&0?e???/??? ???????/???????????/?,??????"??????????f??? ???????/?????????????,??????????????????????s?AC??? ???/???*??????s?????N??0???/??????????????????Root\*6TO4MP\0092????/???????????????????????/???/??? .??@???%?????2,1????N??/?????????D???????3????oem9.inf?????/??\SystemRoot\system32\drivers\nvstor.sys?ul???????????.?????????????.1??0?=???/??? ???????-?????/???????,????????????(???????????????????????UMB\UMBUS???s????/???/??????????????\SystemRoot\system32\DRIVERS\HpSAMD.sys?ea???/???????????????????????????????/???-???????.??1&841921d&0??6???????????/??????????? ???/???/???????e??? ???????,?????????????,??:????????????D?????k?n?n???g?g?g??????????????????????????USB??????/??PCI\VEN_8086&DEV_3B30&SUBSYS_216717AA&REV_06?PCI\VEN_8086&DEV_3B30&SUBSYS_216717AA?PCI\VEN_8086&DEV_3B30&CC_0C0500?PCI\VEN_8086&DEV_3B30&CC_0C05????PCI\VEN_8086&DEV_3B30&REV_06?PCI\VEN_8086&DEV_3B30?PCI\VEN_8086&CC_
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ?????n??????.0??????????t????o?o?o???????n??????p???????r???????????????????????????t????????n????,??n?????????e?????????????????????????o?o?o??CD/DVD File System Reader?????<??o????????h??????????????r??ra???????o??????????????p?????2??n????????h?????????????????????????????????????????????????????t???@%systemroot%\system32\drivers\afd.sys,-1000?????????? ?du??Net?????????p????????a??????? ??????s?????????????????????????????????????????R??n????????h?????\SystemRoot\system32\DRIVERS\adp94xx.sys?y???????n??????p???????mb??????? ???????n ????n???????0????????????&???????????????????????? ???????n???????????n?0????????????????????????????????????????? ???????n?????n???????0????????????????????????????????????????? ???????n???????????n?0???????? ????????????? ??n??????????Generic USB Hub??????????????_??????? ???????n?????n???????0????????????????????? ???????n???????????n?0?????????????????????????n???????????? ??n???f???t??StandardHub.Dev????????n????? ???????n?????n???????0?????????????????????????????1??85?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ????????int??????????m???:???:???????s?????m????? ???????m?????m???????0???????????????????????m???m???m??p?@d??? ???????m???????????h?0????????????????????? ???m???-??????sF????N??m?????????D???????m????? ???????m?????m???????0????????????&??????????????????????????m???m????? ???????m?????m???????0????????????????????? ???????m???????????h?0????????????????????? ???????m???????????m?0????????B????????????m?????m????? ???????m?????m???????0?????????????????????m?m????????? ???????m???????????h?0????????????????????? ???????m???????????m?0???????????????????????????????m????? ???????m?????m???????0??????????????????????B??m???H??Pr???m??? ???????m???????????h?0????????D???????????{00000000-0000-0000-ffff-ffffffffffff}????????N????????????D????m??????m????? ???????m?????m???????0????????????????????? ???????m???????????h?0????????????????????? ???????n?????m???????,??"??????????????????7?????????????m????? ???????m?????m???????0?????????????????????????????????}???????????????n??? ???????m???????????h?0???????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ??????????`??0???????????????????????????????3?3????STORAGE\Volume\_??_USBSTOR#Disk&Ven_Kingston&Prod_DT_101_G2&Rev_PMAP#001CC0C60D72EAB0F41F001F&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}??????\\?\Root#*6TO4MP#0047#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{94B96C17-AF82-4A9B-ADCA-191A7A487D0D}?D7?????????????????e????Net??????m?n?o???/??? ???????/?????4?????8?,??"???&????????????????????8???8???8??ERS\???????????7??SM????d??8???l??r???WmiAcpi??f??NDIS??????????_????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ??????????????? ? ??????????????????????????????????????????????????????????????????????????????????????????/??? ???/???????????/???/??\SystemRoot\system32\DRIVERS\adpu320.sys?y??? ???8???m?????s?/???/?8?????/??? ??????? ??????????????????????????&???????????????????????\\?\Root#*6TO4MP#0048#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{2DFE5DB7-4905-41E
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ????????????????PNP_TDI?????RpcSs??_Tc???????????????????????o?o?p?p?p?o?o??????????1???extended base???????????????????????????????1-31-2011????????????????????????A??? ????????????????t??????????????????????o???????o???o???????????????o???o??????????????C:\Program Files\Common Files\McAfee\VSCore\mfehidin.exe?o??? ???????????????????w???????????????????k??Driver??????????????????t????????o???????????????????????????????????????????????+???+??System Bus Extender??????????????????????????????|??TDI??????????????????????o?o?o?o?o?o?o??????????????t????????????????????????????????B???????o????:??o????????????????(??o???y????????<??s????????h???????????????????r??o???o??????????????????????????????????????????????????????????????????????????C:\Program Files\Common Files\McAfee\VSCore\mfehidin.exe????Tcpip???????? ???????n???????????m??????????X?.?????????\SystemRoot\system32\DRIVERS\HpSAMD.sys?ea???????o??????p???SCSI Miniport?????T??s???????????d???o?o?o?o?o?o?o??????????????????TD?????????????g???????????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Bind ???;?s???????????????????????????????????????????????????e??????? ??*6to4mp??????\?\?\???????m???????????:???????????????:?????~?????????????????:??? ???????;???????? ??n????????6??????????:???????????????????????????????;???????????????????????????????????????????????????????;????D??;?????????????????????????????0???(??????P???????????????D??;????????????????/????????????????0???(??????P???????????????$??;???????????????:???????;????????????l??;??????????????/??????????????X???(??????P????????????(??????P???????????????l??;?????????????????????????????X???(??????P????????????(??????P?????????????????????.NT??7????l??;??????????????/??????????????X???(??????P????????????(??????P?????????????? ??????? ??????????????????????????&????????????????????:??????0????????????e???;?:?;???9?9?9?9?0?9?9?9te???????????d???n???????????9??????????? ???????/???????????;????????,?B???????????nr????D??;?????????h??????????????X??????/???.??NDIS?????;??????????????{D212B88E-8365-4CA9-BC4E-CFA4251F6B5F}???????????;?????????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Route ???k?s???????????????????????k????N??k??? ????D??4???????????3???}??Port_#0001.Hub_#0002??????P??s?????????n??????????????N??k???e????D?????? \??????????????????????g???o??dt???????????/???????/??{8ECC055D-047F-11D1-A537-0000F8753ED1}???4??{8ECC055D-047F-11D1-A537-0000F8753ED1}??????{8ECC055D-047F-11D1-A537-0000F8753ED1}??Mi????N??k???-????D11D???s?s?u?u?w??????????????????????????????iv???k??Microsoft???????????????t????????f???????????k?k?2??? ???????j?????j???????,??(???????????????????s??????????#??? ???????j?????j???????,???????????????????????????????j????? ???????j?????????????,?????????????????????y?????j????? ???????j?????????????,?????????????????f??Microsoft???? ???????j?????k???????0??L????????? ??????????????j???j???j????????? ???????j?????k???????0????????????&???????????????????????? ???????j?????k???????0????????????????????? ???????j???????????_?0?????????????????????????????????????????????????????????????k????????????????N??k????????D?????? ??k?????????4?4??6-21-2006????????g?????????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export ??????????????????????????N??????I?????Dt?????????????????????????*??????k?????????n00???????????t???????????????????????????????????f???u??.NT?????? ???????5???????4??volume_install??\\??STORAGE\Volume??4D????N??????9?????D72?????????????????????????????????e?|??????????? ???????m???????? ????,??"?????n???x???????????????????????????????????????????????????????????????{71a27cdd-812a-11d0-bec7-08002be2092f}\0005?????????????????????????????????????Microsoft????????????????s??@volume.inf,%msft%;Microsoft????6.1.7600.16385??????????????????????????????input.inf???modemui.dll??????????????????????????????m??????????{71a27cdd-812a-11d0-bec7-08002be2092f}??????????????? ????????X?????????????????????????????????????? ?????????????????????,??????????????????????s?????????????????????????????? ??????????????????{00000000-0000-0000-0000-000000000000}??????????????ThinkPad Modem Adapter??????@volume.inf,%msft%;Microsoft?1??? p?????????????????int?}????{?.?{?g?{?g?g?|?|?|?|??????????????????2959EC93BE66D47AED875126060
Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Bind ???W?o??Lenovo???????$???[???????????????????????????$???_??????????????????????????@oem11.inf,%ibmmfg%;Lenovo?oft??TA????N??_?????????D?????????????0??????0-??15.0.18.0???? ???????T??????????????????????????&???????????????????????????$???4????? ??????? ????????????????????????? ????????????????????????????4???3?3 ????3?????? ??3??? ???3???????3?3?3?3?????3???4?3???3?3?????3???????????4?????????3???????4? ?4?4???3???????3? ?3?4??????(???? ??? ?????????????3??? ? ? ???3???3? ???3??? ??? ?????????4???????? ?? ???$???U???????????????????????????????????????????e?eMD???T???$???U??????????????????????????mountmgr?D???$???U???????????????????????????????;???????e???$???U????????????????????????????N??W???u?????DVE???$???[??????????????????????????{00000000-0000-0000-ffff-ffffffffffff}???????????????,?????s?.??Net?35??????????? ??????????????????????????????s?????????????????????????????X??e???????f???????????v??_8???T?????????????????????????????????????????????? ??????????? ?????????????????????!????????????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Route ????????Net??u??????????????t????????????????????????????t??????????????????@%SystemRoot%\system32\clfs.sys,-101????????????????????????????Net??u???????o?????????n???????????????g?????????v???????????????????????;???n??????????????????LocalSystem??????????????-????????\??s?????????e??????????????????????V??????????????d???????????????????p?p?p????B??????????????????n?n?n?n?n?o?n??system32\DRIVERS\mrxsmb10.sys???Boot File System????Net?d3???????????????????????????????????????????????=???=???????????????????r?r?r???n??LDDM Graphics Subsystem????????? ????????????????????s???a??????????????????Net?ap???????????????????????r?r?r???????n???M??pm??????????????????????Net??????????v???????????????????;???????????????????????????u??MS_BTHBRB????n????????????????:??n????????h?????system32\drivers\drmkaud.sys??????@??n?????????e????Microsoft Trusted Audio Drivers???????t??o?????????e????????????????p?????????????????????????????????????????R??n????????h?????\SystemRoot\system32\DRIVERS\elxstor.sys?????????????????e?
Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export ????????*6to4mp?????wpdbusenum\fs?????????????6?????????????16??? ??????????????????????????????????????????????Intel(R) 5 Series/3400 Series Chipset Family PCI Express Root Port 2 - 3B44?ip????X??????????t???????????v???????????~???s??t????????????????.??s????????????????????????????????????????~??????????????????????????USB\DevClass_00&SubClass_00&Prot_00?USB\DevClass_00&SubClass_00?USB\DevClass_00?USB\COMPOSITE???????{835b3ea5-339d-11e0-9ca1-806e6f6e6963}??????????????????????????????????????????????????????????9.1.1.1022?385???????????2??????@input.inf,%hid.devicedesc%;USB Input Device????????????USB\VID_046D&PID_C51B&REV_4600&MI_00?USB\VID_046D&PID_C51B&MI_00?????????k???????????????????????????????4??@system32\DRIVERS\pci.sys,#3075;Universal Serial Bus (USB) Controller???oem8.inf:Intel.NTamd64.6.1:INTEL_USB2_CTTB:9.1.1.1020

ci\ven_8086&dev_3b34?0.????N?????????????????@usb.inf,%usb\composite.devicedesc%;USB Composite Device??????\????????g????????Net??k??int?????????0???usb.inf?A2??? ???????5?????????
Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Bind ???_?n???????????????????????????4???e???????3???r???e??WAN Miniport (L2TP)??3??? ???????3?????3???????0????????????????????? ???????3???????????1?0???????????????????????3?????????3??? ??????????????? ???????3?????3???????0???????????????????????3???3???3???3???3??wan?@?? ??? ???????3???????????2?0?????????????????????????????????????????3??????????? ???????2?????3???????0????????????&???????????????????????????????????????*6to4mp??3?????3????????????????c?????N??3????????D?????{4d36e966-e325-11ce-bfc1-08002be10318}??????? ???????????????????3????????$?$??????????????3?&????????X??3??????????{4d36e966-e325-11ce-bfc1-08002be10318}\0000??????????3???,???????????3???????3??????????????????HAL?????? ???????3?????3???????0????????????&???????????????????????? ???????3?????3???????0???????????????????????3????? ???????3?????????????0???????????????????????3?????????????????????????3??????????HAL??????????3???????h??hal.inf?????? ???????3?????3???????0???????????????????????3????? ???????3???????????1?0???????????
Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Route ???h?????g?????????g0????????????????????????f?????????????g????? ???????g?????g???????0????????????????????Microsoft???? ???????g???????????f?0????????????????????WMIMAP_Inst??????????????-??25????4??h???5?????????????g????? ???????g?????g???????0?????????????????????????????????????g??? ???????g???????????f?0????????$????????????/?f?e?f?f?f?f?f?e?e?e???3?8?:?_?_?_?d?U?U?U?W?WIS?????g????? ???????g?????g???????0????????????????????? ???????g???????????f?0?????????????????????????:???0???e????????????????????`??I???c???.???g?g?f?????g????? ???????g?????g???????0????????????????????? p??????3?????S_1??cdrom.inf???? ???????g???????????f?0?????????????????????????f???????????????f?????????????????g????? ???????g?????g???????0????????????????????? ???????g???????????f?0????????????????????Microsoft Windows Management Interface for ACPI????????g????? ???????g?????g???????0????????????????????? ???????g???????????f?0????????????????????*6to4mp?????Net?-4???}?}?}??gencdrom?????g??????????????Microsoft??????g????? ?
Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export ???n?n???~????????N??n?????????n???????????????????????????h?l?h?h?n?e??11?t????11??????System32\DRIVERS\srv.sys????????\M??Net?}"??? ??????????????????System32\drivers\tcpip.sys??????????????????????????????????????????????????????????????????????????@%SystemRoot%\system32\tcpipcfg.dll,-50003?0001????????????????????????????????g?????????????????????????k????????n?????????????????????????????????????????t????????????????????????????????o?????????e????Net?1}??????????@%systemroot%\system32\srvsvc.dll,-103???????n??????????????? ???????n?????n???????0???????????????????????n???????n???n????? ???????n???????????k?0?????????????????????n?n?????n??????????Brother RemovableDisk(U)?????n?????????????g?????????/???s??ep???n???n????????????*??o???A?????e??????V??o?????????e????Keyboard Class??????????????????????????????t???Disk Driver?????????rs???n???o?o?o???????????e???????????D???n???????n????????????????????????????????????????P??n????????h?????\SystemRoot\system32\DRIVERS\aliide.sys?cy????????????????(??n?????
Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Bind ???:?????????????????3??????e?????<??:?????????e????TCP/IP Registry Compatibility????????????????????t???????????I?I?????????????9?9?9?9?9?9?:?:?????????????s???????m??????????????????? ?????????????????????9??L????????? ????????????????????I??:M???????:???a???????A??????ev?????:?????:??? ???:???c?????3????? ???????:?????:???????0????????????????????? ???????:???????????8?0???????????????????????:?????????????????????????:???????????????????:?:????????? ???:??????????n???9.1.1.1022?385??$????????????:???:??? ???????:?????:???????0????????????????????QPI Link 0 - 2D10????????????????????:?????? ???9.1.1.1022?385???:?:?????:??????????????oem8.inf?nf????????:??????0??:???????s??2????????????????????????????:??? ???????5?????:???????0????????????&??????????????????????????:?????:???:?????4?&???:??? ?????????????:???????0????????????&???????????????????????? ???????:???????????{?0??????*?x??? ??????????????:????????????????????????d???????????????????????????\d????,??}??????????????????????t???????????????????Net
Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Route ???j?s???3??????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????? b??3??????????????@%SystemRoot%\system32\drivers\mountmgr.sys,-100?????3?3?3?3?3?3?5??{8ECC055D-047F-11D1-A537-0000F8753ED1}???3???4?4??????N??3???-????D11D??{8ECC055D-047F-11D1-A537-0000F8753ED1}?-Pa??? V??3???p?????c M??@%SystemRoot%\system32\drivers\http.sys,-1???3???3?3?3?3?3?3????? ???????,?????3?????3?,???????????? ????????_???????????0??????is??? ???????3???????????3?,????????P????????r???????3??? ???e??mpsdrv??? ?????3?????????????-???F???????????0?????s53???????3???v??sd??LegacyDriver?3????N??3????????D?????{8ECC055D-047F-11D1-A537-0000F8753ED1}???e??? P??3???0??????????@%systemroot%\system32\browser.dll,-102?s_???3?3?3?3?3?3????? ???????~???????????3?,????????\???????A5???????3???3???e???????????e???&???????????????????????????????????3???3???5??LegacyDriver??????N??3????????D?N???{8ECC055D-047F-11D1-A537-0000F8753ED1}??????? \??3???????????}??@%SystemRoot%\system32\FirewallAPI.dll,-23092????3?3?3?3?3?3????? ???????,?????3?????3?
Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export ???s?????????????f??????tunnel???????????????????????s???????????s??? ???????n??????????????????????:????????g??\SystemRoot\system32\DRIVERS\megasas.sys?0??SCSI Miniport?????V??s???????????d??megasas.inf_amd64_neutral_395276dd9b7a7448???????s?s?s?s?s?s7a??????????????t???????????????????????????????? ???????n??????????????????????R????????k????????????????????????????????????????P??s????????h?????\SystemRoot\system32\DRIVERS\MegaSR.sys?de???????s??????p???SCSI Miniport?????T??s???????????d??megasr.inf_amd64_neutral_30b367f92ca46598????s?s?s?s?s?s????? ???????n?????s??????????????@?????????m???NT AUTHORITY\NetworkService??????????????????????????????????????????????s?????????????? ????????????????s???????????e??RPCSS?SamSS???????,???????????????????????????????????????2??s??????????????????SeChangeNotifyPrivilege?????? F??s????????????????N??s?????????e????????????%SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation?????$??s?????????n????@comres.dll,-2947???? 8??s????????????????"??s?????????

---- EOF - GMER 1.0.15 ----

Broni · Sep 11, 2012

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

Your MBAM log says "No action taken".
Re-run it, fix all issues and post new log.

Sal Pennah · Sep 11, 2012

DDS FILE

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Sal Pennah at 20:06:52 on 2012-09-11
Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.3892.872 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Users\User\AppData\Local\CrossLoop\CrossLoopService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Users\User\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files (x86)\Woopra\Woopra.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Windows\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Lenovo\Access Connections\Access Connections.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://lenovo.msn.com
uDefault_Page_URL = hxxp://lenovo.msn.com
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120910195502.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [googletalk] C:\Users\User\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
StartupFolder: C:\Users\User~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 64.71.255.198
TCP: Interfaces\{2DA885D4-EDF1-4C58-9165-944537E409B2} : DhcpNameServer = 64.71.255.198 64.71.255.253
TCP: Interfaces\{D0A41E55-7780-4E83-88F8-FE9928C2292A} : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{D0A41E55-7780-4E83-88F8-FE9928C2292A}\35471627265736B6370275966496 : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{D0A41E55-7780-4E83-88F8-FE9928C2292A}\355636F6E6460234570702D202D4562716B696 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{D0A41E55-7780-4E83-88F8-FE9928C2292A}\4434 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D0A41E55-7780-4E83-88F8-FE9928C2292A}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F11D77F5-D788-4787-9466-E0E675062D65} : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{F7643DDD-2053-4BEE-B414-755D7DE7257F} : DhcpNameServer = 8.8.8.8 4.2.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120910195502.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
BHO-X64: Password Manager Browser Helper Object - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Norton Safe Web Lite BHO: {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
BHO-X64: Norton Safe Web Lite BHO - No File
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB-X64: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1iqfgxhs.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npmidas.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 ccSet_NST;Norton Safe Web Lite Settings Manager;C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys --> C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2010-11-11 25072]
S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-09-11 14:58:44--------d-----w-C:\Users\User\AppData\Roaming\Malwarebytes
2012-09-11 14:57:51--------d-----w-C:\ProgramData\Malwarebytes
2012-09-11 14:57:4525928----a-w-C:\Windows\System32\drivers\mbam.sys
2012-09-11 14:57:44--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-11 14:34:04--------d-----w-C:\Users\User\AppData\Local\{EF12762E-9422-4FE0-8178-EDE853B10593}
2012-09-11 14:14:37--------d-----w-C:\Users\User\AppData\Local\{2789CC6C-A461-4D3C-84DA-3A297AA9F2D1}
2012-09-11 09:00:2573696----a-w-C:\Program Files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2012-09-11 09:00:25266720----a-w-C:\Program Files (x86)\Mozilla Firefox\updated\components\browsercomps.dll
2012-09-11 09:00:2518912----a-w-C:\Program Files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2012-09-10 23:54:5929312----a-w-C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2012-09-10 23:47:04--------d-----w-C:\Program Files (x86)\SiteAdvisor
2012-09-10 23:46:06--------d-----w-C:\Program Files (x86)\McAfee.com
2012-09-10 23:44:59--------d-----w-C:\Program Files (x86)\McAfee
2012-09-07 22:56:19--------d-----w-C:\Users\User\AppData\Local\{BE166267-F768-4E66-96D7-210E997A30A4}
2012-09-07 20:59:28--------d-sh--w-C:\Windows\System32\%APPDATA%
2012-09-07 18:18:30--------d-----w-C:\Users\User\AppData\Local\{AD366A27-5559-468C-AF0D-09C9771C56CC}
2012-09-07 00:19:48--------d-----w-C:\Users\User\AppData\Local\{A13E4F86-B8CB-468F-BFE1-E3D62019926B}
2012-09-06 20:15:199310152----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3B3C51AA-2A63-4910-8D43-905E5892E820}\mpengine.dll
2012-09-06 16:24:00--------d-----w-C:\Users\User\AppData\Local\{1EBB6398-F7FE-456D-9555-8C3B9C059F06}
2012-09-01 02:26:3373696----a-w-C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-01 02:15:53--------d-----w-C:\Users\User\AppData\Local\{4087D341-16A9-4BA9-8FB4-9F6FED077FED}
2012-08-31 16:38:11--------d-----w-C:\Users\User\AppData\Local\{CB3DD80A-5162-476D-9F15-F3E0668F58AE}
2012-08-31 03:41:42--------d-----w-C:\Users\User\AppData\Local\{28AB2F5E-324F-4FCC-BE4B-D6A45FB00BF1}
2012-08-30 19:47:39--------d-----w-C:\Users\User\AppData\Local\{C859F252-107F-4E35-8985-0983601DFA65}
2012-08-30 01:52:45--------d-----w-C:\Users\User\AppData\Local\{A7F7B8BE-4357-4370-8CD2-C74DE695EDAF}
2012-08-29 17:26:43--------d-----w-C:\Users\User\AppData\Local\{28005105-3CC1-480E-A104-E58F240CFF39}
2012-08-29 03:27:11--------d-----w-C:\Users\User\AppData\Local\{CBB301F5-0914-44B4-8087-CFFAB6148CDF}
2012-08-27 16:36:56--------d-----w-C:\Users\User\AppData\Local\{7A1991B9-63B2-4D55-AE57-7FAD051D4D07}
2012-08-25 21:27:58--------d-----w-C:\Users\User\AppData\Local\{14821B7F-AB9B-4E05-A59E-2C3D38DDA233}
2012-08-23 21:38:52--------d-----w-C:\Users\User\AppData\Local\{C1E8FDAC-D2FA-4514-87CF-74A710F32024}
2012-08-23 15:49:51--------d-----w-C:\Users\User\AppData\Local\{97EF6901-489A-454F-ACD3-2B5D130A8FAE}
2012-08-22 18:59:13--------d-----w-C:\Users\User\AppData\Local\{7B7C1F95-D0EB-4321-A2F6-CCB2BD2456BA}
2012-08-22 02:14:19--------d-----w-C:\Users\User\AppData\Local\{0B2475D9-F5E1-4CCD-94E5-65AA8861B4F4}
2012-08-20 21:00:22--------d-----w-C:\Users\User\AppData\Local\{9544AA04-8612-417E-BBC6-AE54104630BF}
2012-08-20 14:22:15--------d-----w-C:\Users\User\AppData\Local\{A77CBF22-9996-43C9-A344-A77A11C12DC6}
2012-08-20 01:21:44--------d-----w-C:\Users\User\AppData\Local\{D5686E41-96BC-493A-B27C-EC7544CC58E1}
2012-08-17 18:17:41--------d-----w-C:\Users\User\AppData\Local\{A7D89F9B-6D18-42B6-B375-1642DFB3C772}
2012-08-17 18:17:01--------d-----w-C:\Users\User\AppData\Local\{FB3B87CB-BAB4-4D6A-90A3-E777E33DF8B5}
2012-08-17 15:20:17--------d-----w-C:\Users\User\AppData\Local\{14D0C7C2-A0B3-43FB-B421-3A70D5BF890B}
2012-08-16 15:09:42--------d-----w-C:\Users\User\AppData\Local\{827D84DB-0FC3-464C-B034-3A8EBA95225D}
2012-08-15 20:08:13--------d-----w-C:\Users\User\AppData\Local\{05AFB277-63AE-41BD-AE57-CD38E91F4300}
2012-08-15 12:48:21--------d-----w-C:\Users\User\AppData\Local\{20289C5A-67A0-471A-AE63-F288F3429D44}
2012-08-15 04:09:58552448----a-w-C:\Windows\System32\drivers\bthport.sys
2012-08-15 03:44:59503808----a-w-C:\Windows\System32\srcore.dll
2012-08-15 03:44:5943008----a-w-C:\Windows\SysWow64\srclient.dll
2012-08-15 03:44:51751104----a-w-C:\Windows\System32\win32spl.dll
2012-08-15 03:44:5167584----a-w-C:\Windows\splwow64.exe
2012-08-15 03:44:51559104----a-w-C:\Windows\System32\spoolsv.exe
2012-08-15 03:44:51492032----a-w-C:\Windows\SysWow64\win32spl.dll
2012-08-15 03:44:383150848----a-w-C:\Windows\System32\win32k.sys
2012-08-15 03:44:3641472----a-w-C:\Windows\SysWow64\browcli.dll
2012-08-15 03:44:3558880----a-w-C:\Windows\System32\browcli.dll
2012-08-15 03:44:35136704----a-w-C:\Windows\System32\browser.dll
2012-08-15 03:44:30956416----a-w-C:\Windows\System32\localspl.dll
2012-08-14 21:45:57--------d-----w-C:\Users\User\AppData\Local\{E30AB018-91C7-4237-ABD5-0860066A4441}
2012-08-14 21:45:27--------d-----w-C:\Users\User\AppData\Local\{79B93C8E-C619-46A7-81A3-2581FFE853FE}
2012-08-14 02:10:43--------d-----w-C:\Users\User\AppData\Local\{9BE38BBF-301C-4846-B8DC-67BDB8B68F01}
2012-08-14 02:09:57--------d-----w-C:\Users\User\AppData\Local\{6F787983-CF1E-4726-89E4-63366F6BAF3F}
2012-08-13 20:05:51--------d-----w-C:\Users\User\AppData\Local\{CAA0B6CB-0F1B-4731-85A8-41EEE39C9563}
2012-08-13 13:42:18--------d-----w-C:\Users\User\AppData\Local\{1E50CC3B-6B52-49CB-B9B2-A7798025E941}
.
==================== Find3M ====================
.
2012-09-07 20:57:2370344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-07 20:57:23426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-29 03:56:342312704----a-w-C:\Windows\System32\jscript9.dll
2012-06-29 03:49:111392128----a-w-C:\Windows\System32\wininet.dll
2012-06-29 03:48:071494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:482382848----a-w-C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:581800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:011129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:591427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-06-25 20:04:241394248----a-w-C:\Windows\SysWow64\msxml4.dll
2011-12-15 19:54:3283456----a-w-C:\Program Files (x86)\olepro32.dll
2011-12-15 19:54:3265024----a-w-C:\Program Files (x86)\asycfilt.dll
2011-12-15 19:54:32643072----a-w-C:\Program Files (x86)\ECLActiveX.ocx
2011-12-15 19:54:32553472----a-w-C:\Program Files (x86)\oleaut32.dll
2011-12-15 19:54:32545280----a-w-C:\Program Files (x86)\hhctrl.ocx
2011-12-15 19:54:32422848----a-w-C:\Program Files (x86)\vsflex7l.ocx
2011-12-15 19:54:323584----a-w-C:\Program Files (x86)\comcat.dll
2011-12-15 19:54:32353864----a-w-C:\Program Files (x86)\cswskax6.ocx
2011-12-15 19:54:3217920----a-w-C:\Program Files (x86)\stdole2.tlb
2011-12-15 19:54:32140488----a-w-C:\Program Files (x86)\comdlg32.ocx
2011-12-15 19:54:321386496----a-w-C:\Program Files (x86)\msvbvm60.dll
2011-12-15 19:54:321077336----a-w-C:\Program Files (x86)\mscomctl.ocx
.
============= FINISH: 20:08:44.22 ===============

Sal Pennah · Sep 11, 2012

ATTACH FILE

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/3/2011 8:57:09 AM
System Uptime: 9/11/2012 12:09:25 PM (8 hours ago)
.
Motherboard: LENOVO | | 4313CTO
Processor: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz | None | 1973/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 226.771 GiB free.
Q: is FIXED (NTFS) - 10 GiB total, 2.027 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP235: 8/14/2012 11:42:25 PM - Windows Update
RP236: 8/15/2012 12:07:10 AM - Windows Update
RP237: 8/19/2012 9:25:17 PM - Windows Update
RP238: 8/24/2012 11:36:00 AM - Windows Update
RP239: 8/28/2012 11:34:13 PM - Windows Update
RP240: 9/4/2012 3:10:38 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Access Help
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader 9.1
Apple Application Support
Apple Software Update
µTorrent
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
Bing Bar
Bing Rewards Client Installer
BlackBerry Desktop Software 6.1
Burn.Now 4.5
Canon MF Toolbox 4.9.1.1.mf11
Corel Burn.Now Lenovo Edition
Corel DVD MovieFactory 7
Corel DVD MovieFactory Lenovo Edition
Create Recovery Media
CrossLoop 2.74
D3DX10
Diagram Designer
Direct DiscRecorder
FileZilla Client 3.5.3
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Ingenico CP210x USB to UART Bridge (Driver Removal)
Integrated Camera Driver Installer Package Ver.1.1.0.19
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
InterVideo WinDVD 8
Java Auto Updater
Java(TM) 6 Update 26
Jitbit Macro Recorder LITE
Junk Mail filter update
Kayako Desktop
king.com (remove only)
Lenovo Warranty Information
Lenovo Welcome
Malwarebytes Anti-Malware version 1.65.0.1400
McAfee Total Protection
Mesh Runtime
Message Center Plus
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mobile Broadband
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Norton Safe Web Lite
NVIDIA Updatus
OneNote Word Count
Opera 11.10
PDF Settings CS5
Picture Resize Genius 3.0
PKR
PL-2303 USB-to-Serial
PMB
PokerStars
PokerTracker 3 (remove only)
PostgreSQL 8.3
PxMergeModule
QuickBooks
QuickBooks Premier Edition 2010
QuickTime
Rescue and Recovery
RICOH R5U230 Media Driver ver.2.06.02.02
Rogers Connection Manager
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SIM MAX
Skype™ 4.2
SupportSoft Assisted Service
System Update
TableNinja
ThinkPad Power Manager
ThinkPad UltraNav Utility
ThinkVantage Access Connections
To-Do DeskList 1.7
Unlock App®
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2005 Tools for Office Second Edition Runtime
VLC media player 2.0.1
WampServer 2.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Woopra 1.4
.
==== Event Viewer Messages From Past Week ========
.
9/7/2012 4:55:50 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
9/7/2012 4:21:49 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
9/7/2012 2:18:34 PM, Error: Schannel [36888] - The following fatal alert was generated: 43. The internal error state is 552.
9/7/2012 2:18:34 PM, Error: Schannel [36884] - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is www.google.com. The SSL connection request has failed. The attached data contains the server certificate.
9/7/2012 2:14:25 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 10.124.168.119, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/6/2012 8:20:31 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 10.123.56.151, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/4/2012 5:45:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
9/11/2012 8:04:38 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
9/11/2012 6:05:00 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{D0A41E55-7780-4E83-88F8-FE9928C2292A} because another computer on the network has the same name. The server could not start.
9/11/2012 11:18:46 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
9/11/2012 11:18:37 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
9/11/2012 11:18:34 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
9/11/2012 10:28:02 AM, Error: Service Control Manager [7034] - The On Screen Display service terminated unexpectedly. It has done this 1 time(s).
9/10/2012 7:49:44 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall service depends the following service: MpsSvc. This service might not be installed.
.
==== End Of File ===========================
Thanks in advance to you experts!

Broni · Sep 11, 2012

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt

Sal Pennah · Sep 11, 2012

Broni,

Thanks for your prompt responses. I just ran MalwareBytes again with a quick scan and it says nothing was detected. Does this mean that my system is clean?

Broni · Sep 11, 2012

You're infected with ZeroAccess rootkit.
Read my previous reply.

Sal Pennah · Sep 11, 2012

Just wondering how long services.exe should take to search. It's been going for a solid 6 minutes with no visible progress.

Broni · Sep 11, 2012

Stop it and re-run search.

Sal Pennah · Sep 11, 2012

Nevermind! I got everything working.

The first short file is search.txt

Farbar Recovery Scan Tool (x64) Version: 11-09-2012 01
Ran by SYSTEM at 2012-09-11 21:43:16
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____N (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____N (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Here is FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2012 01
Ran by SYSTEM at 11-09-2012 21:31:20
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69560 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] TpShocks.exe [x]
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-11-15] ()
HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2010-09-17] (Lenovo)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [112152 2010-05-02] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [1129832 2010-08-24] (Lenovo Group Limited)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe [91648 2008-12-02] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [623880 2008-11-18] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-26] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKU\Default\...\RunOnce: [] [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2009-03-24] ()
HKU\Default User\...\RunOnce: [] [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2009-03-24] ()
HKU\postgres\...\RunOnce: [] [x]
HKU\postgres\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2009-03-24] ()
HKU\QBDataServiceUser19\...\RunOnce: [] [x]
HKU\QBDataServiceUser19\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2009-03-24] ()
HKU\User\...\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-02-02] (Google Inc.)
HKU\User\...\Run: [googletalk] C:\Users\User\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
HKU\User\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\User\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [26100520 2010-03-09] (Skype Technologies S.A.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$0777cfe37d3bfd5a401954926157210b\n. ATTENTION! ====> ZeroAccess
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Canada ULC.)
Startup: C:\Users\User\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services ====================

2 CrossLoopService; "C:\Users\User\AppData\Local\CrossLoop\CrossLoopService.exe" --service [560848 2010-08-17] (CrossLoop Inc)
3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [164200 2010-08-24] (Lenovo.)
2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-06] (Lenovo Group Limited)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502064 2012-08-23] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199304 2012-05-25] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210616 2012-05-25] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162224 2012-05-25] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 NSL; "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe" /s "NSL" /m "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll" /prefetch:1 [303544 2011-10-11] (Symantec Corporation)
3 QuickBooksDB19; C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 [131072 2009-07-27] (Intuit, Inc.)
2 ThinkVantage Registry Monitor Service; "C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe" [1019904 2009-08-28] (Lenovo Group Limited)
3 tvnserver; "C:\Users\User\AppData\Local\CrossLoop\tvnserver.exe" -service [814080 2010-07-21] (GlavSoft LLC.)
3 TVT Backup Service; "C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe" [1475896 2010-07-29] (Lenovo Group Limited)
3 wampapache; "C:\wamp\bin\apache\apache2.2.17\bin\httpd.exe" -k runservice [21504 2010-10-24] (Apache Software Foundation)
3 wampmysqld; C:\wamp\bin\mysql\mysql5.1.53\bin\mysqld.exe wampmysqld [7669760 2010-11-24] ()
2 pgsql-8.3; "C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files (x86)\PostgreSQL\8.3\data\" [x]

==================== Drivers =================================

1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
3 pmxdrv; C:\Windows\System32\Drivers\pmxdrv.sys [31152 2011-01-27] ()
2 smihlp; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [12728 2009-09-29] ()
3 TVTI2C; C:\Windows\System32\Drivers\TVTI2C.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
3 mfeavfk01; [x]
3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) =================

==================== One Month Created Files and Folders ======================

2012-09-11 17:09 - 2012-09-11 17:09 - 01453499 ____A (Farbar) C:\Users\User\Downloads\FRST64.exe
2012-09-11 14:20 - 2012-09-11 16:03 - 00000000 ____D C:\Users\User\Desktop\AV Software
2012-09-11 14:14 - 2012-09-11 14:15 - 00302592 ____A C:\Users\User\Downloads\ms1bzm6h.exe
2012-09-11 11:16 - 2012-09-11 11:17 - 00000000 ____D C:\Users\User\Desktop\SEO Tools
2012-09-11 11:03 - 2012-09-11 11:16 - 00000000 ____D C:\Users\User\Desktop\SMOH
2012-09-11 09:55 - 2012-09-11 09:55 - 00000000 ____D C:\Users\User\Desktop\Web Projects
2012-09-11 06:58 - 2012-09-11 06:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2012-09-11 06:57 - 2012-09-11 06:57 - 00001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-11 06:57 - 2012-09-11 06:57 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-11 06:57 - 2012-09-11 06:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-11 06:57 - 2012-09-07 13:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-11 06:55 - 2012-09-11 06:57 - 00000000 ____D C:\Users\User\Desktop\Desktop Backup
2012-09-11 06:53 - 2012-09-11 06:54 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-11 06:34 - 2012-09-11 06:34 - 00000000 ____D C:\Users\User\AppData\Local\{EF12762E-9422-4FE0-8178-EDE853B10593}
2012-09-11 06:23 - 2012-09-11 06:23 - 00448512 ____A (OldTimer Tools) C:\Users\User\Downloads\TFC.exe
2012-09-11 06:14 - 2012-09-11 06:14 - 00000000 ____D C:\Users\User\AppData\Local\{2789CC6C-A461-4D3C-84DA-3A297AA9F2D1}
2012-09-10 18:49 - 2012-09-11 16:25 - 00001839 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2012-09-10 15:47 - 2012-09-10 15:47 - 00000000 ____D C:\Program Files (x86)\SiteAdvisor
2012-09-10 15:46 - 2012-09-10 15:46 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2012-09-10 15:45 - 2012-09-10 15:46 - 00000000 ____D C:\Program Files\McAfee
2012-09-10 15:45 - 2012-09-10 15:46 - 00000000 ____D C:\Program Files\Common Files\McAfee
2012-09-10 15:45 - 2012-09-10 15:45 - 00000000 ____D C:\Program Files\McAfee.com
2012-09-10 15:45 - 2012-05-25 13:13 - 00162224 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2012-09-10 15:45 - 2012-02-22 09:29 - 00647208 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfehidk.sys
2012-09-10 15:45 - 2012-02-22 09:29 - 00487296 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfefirek.sys
2012-09-10 15:45 - 2012-02-22 09:29 - 00289664 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfewfpk.sys
2012-09-10 15:45 - 2012-02-22 09:29 - 00229528 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
2012-09-10 15:45 - 2012-02-22 09:29 - 00160792 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeapfk.sys
2012-09-10 15:45 - 2012-02-22 09:29 - 00100912 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
2012-09-10 15:45 - 2012-02-22 09:29 - 00075936 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfenlfk.sys
2012-09-10 15:45 - 2012-02-22 09:29 - 00065264 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\cfwids.sys
2012-09-10 15:45 - 2012-02-22 09:29 - 00010248 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys
2012-09-10 15:44 - 2012-09-11 06:11 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-09-10 15:41 - 2012-09-11 12:57 - 00000000 ____D C:\Users\All Users\McAfee
2012-09-07 15:25 - 2012-09-07 15:25 - 00202679 ____A C:\Users\User\Downloads\rss.xml
2012-09-07 15:25 - 2012-09-07 15:25 - 00202679 ____A C:\Users\User\Downloads\rss (1).xml
2012-09-07 15:11 - 2012-09-07 15:11 - 00022528 ____A C:\Users\User\Downloads\Emails.xls
2012-09-07 15:11 - 2012-09-07 15:11 - 00017920 ____A C:\Users\User\Downloads\Sam's Emails.xls
2012-09-07 14:56 - 2012-09-10 12:38 - 00000000 ____D C:\Users\User\AppData\Local\{BE166267-F768-4E66-96D7-210E997A30A4}
2012-09-07 12:59 - 2012-09-07 12:59 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-09-07 10:18 - 2012-09-07 10:18 - 00000000 ____D C:\Users\User\AppData\Local\{AD366A27-5559-468C-AF0D-09C9771C56CC}
2012-09-06 16:19 - 2012-09-06 16:19 - 00000000 ____D C:\Users\User\AppData\Local\{A13E4F86-B8CB-468F-BFE1-E3D62019926B}
2012-09-06 10:16 - 2012-09-06 10:16 - 00313073 ____A C:\Users\User\Downloads\8400-Social-Bookmarking-Sites.zip
2012-09-06 10:11 - 2012-09-06 10:11 - 00031263 ____A C:\Users\User\Downloads\Getlinklist.com_bookmarking_sites_feb.rar
2012-09-06 09:59 - 2012-09-06 09:59 - 00000623 ____A C:\Users\User\Downloads\phpDug.txt
2012-09-06 09:58 - 2012-09-06 09:58 - 00015309 ____A C:\Users\User\Downloads\scuttle.txt
2012-09-06 09:58 - 2012-09-06 09:58 - 00003965 ____A C:\Users\User\Downloads\Scuttleplus with Captcha.txt
2012-09-06 09:58 - 2012-09-06 09:58 - 00003433 ____A C:\Users\User\Downloads\Scuttleplus No Captcha.txt
2012-09-06 09:57 - 2012-09-06 09:57 - 00001226 ____A C:\Users\User\Downloads\Blue Captcha 1st Page.txt
2012-09-06 09:56 - 2012-09-06 09:56 - 00077255 ____A C:\Users\User\Downloads\pligg urls.rar
2012-09-06 08:24 - 2012-09-06 08:24 - 00000000 ____D C:\Users\User\AppData\Local\{1EBB6398-F7FE-456D-9555-8C3B9C059F06}
2012-09-05 16:53 - 2012-09-05 16:53 - 00000000 ____A C:\Users\User\Downloads\download (8)
2012-08-31 18:26 - 2012-08-31 18:26 - 00040011 ____A C:\Users\User\Downloads\mobile_computing
2012-08-31 18:25 - 2012-08-31 18:25 - 00175256 ____A C:\Users\User\Downloads\howto
2012-08-31 18:25 - 2012-08-31 18:25 - 00173055 ____A C:\Users\User\Downloads\latestnews
2012-08-31 18:15 - 2012-09-03 06:18 - 00000000 ____D C:\Users\User\AppData\Local\{4087D341-16A9-4BA9-8FB4-9F6FED077FED}
2012-08-31 08:38 - 2012-08-31 08:40 - 00000000 ____D C:\Users\User\AppData\Local\{CB3DD80A-5162-476D-9F15-F3E0668F58AE}
2012-08-30 19:41 - 2012-08-30 19:41 - 00000000 ____D C:\Users\User\AppData\Local\{28AB2F5E-324F-4FCC-BE4B-D6A45FB00BF1}
2012-08-30 12:51 - 2012-08-30 12:51 - 00402394 ____A C:\Users\User\Downloads\Country_Flagatars.zip
2012-08-30 12:51 - 2012-08-30 12:51 - 00063500 ____A C:\Users\User\Downloads\2dtv100px.zip
2012-08-30 12:50 - 2012-08-30 12:51 - 00109486 ____A C:\Users\User\Downloads\100SMFAvatars.zip
2012-08-30 12:13 - 2012-08-30 12:25 - 55928308 ____A C:\Users\User\Downloads\bmd6100_20120823_01 (1).zip
2012-08-30 11:53 - 2012-08-30 11:53 - 00012613 ____A C:\Users\User\Downloads\[isoHunt] download (2).torrent
2012-08-30 11:47 - 2012-08-30 11:47 - 00000000 ____D C:\Users\User\AppData\Local\{C859F252-107F-4E35-8985-0983601DFA65}
2012-08-29 17:52 - 2012-08-29 17:53 - 00000000 ____D C:\Users\User\AppData\Local\{A7F7B8BE-4357-4370-8CD2-C74DE695EDAF}
2012-08-29 09:26 - 2012-08-29 09:27 - 00000000 ____D C:\Users\User\AppData\Local\{28005105-3CC1-480E-A104-E58F240CFF39}
2012-08-28 23:06 - 2012-08-28 23:06 - 00021613 ____A C:\Users\User\Downloads\BHW 22-08-2012.txt
2012-08-28 23:06 - 2012-08-28 23:06 - 00003099 ____A C:\Users\User\Downloads\BHW 23-08-2012.txt
2012-08-28 19:55 - 2012-08-28 19:56 - 03204945 ____A C:\Users\User\Downloads\scrapebox.zip
2012-08-28 19:27 - 2012-08-28 19:27 - 00000000 ____D C:\Users\User\AppData\Local\{CBB301F5-0914-44B4-8087-CFFAB6148CDF}
2012-08-27 12:36 - 2012-08-27 12:36 - 00003800 ____A C:\Users\User\Downloads\pure-css-form-styling.zip
2012-08-27 11:09 - 2012-08-27 11:09 - 00000630 ____A C:\Users\User\Downloads\[isoHunt] ClickbankAffiliateFormula.zip.torrent
2012-08-27 11:03 - 2012-08-27 11:03 - 00009366 ____A C:\Users\User\Desktop\Ireland Cost Structure.xlsx
2012-08-27 10:05 - 2012-08-27 10:57 - 00000191 ____A C:\Users\User\Desktop\Ireland.txt
2012-08-27 08:36 - 2012-08-27 08:37 - 00000000 ____D C:\Users\User\AppData\Local\{7A1991B9-63B2-4D55-AE57-7FAD051D4D07}
2012-08-25 14:25 - 2012-08-25 14:26 - 00009434 ____A C:\Users\User\Desktop\File Names for Gee.xlsx
2012-08-25 13:27 - 2012-08-25 13:28 - 00000000 ____D C:\Users\User\AppData\Local\{14821B7F-AB9B-4E05-A59E-2C3D38DDA233}
2012-08-23 13:50 - 2012-08-23 13:50 - 00157693 ____A C:\Users\User\Downloads\robots-meta.zip
2012-08-23 13:38 - 2012-08-24 07:25 - 00000000 ____D C:\Users\User\AppData\Local\{C1E8FDAC-D2FA-4514-87CF-74A710F32024}
2012-08-23 07:49 - 2012-08-23 07:50 - 00000000 ____D C:\Users\User\AppData\Local\{97EF6901-489A-454F-ACD3-2B5D130A8FAE}
2012-08-22 10:59 - 2012-08-22 10:59 - 00000000 ____D C:\Users\User\AppData\Local\{7B7C1F95-D0EB-4321-A2F6-CCB2BD2456BA}
2012-08-21 18:39 - 2012-08-21 18:39 - 00003569 ____A C:\Users\User\Downloads\download (7)
2012-08-21 18:14 - 2012-08-21 18:14 - 00000000 ____D C:\Users\User\AppData\Local\{0B2475D9-F5E1-4CCD-94E5-65AA8861B4F4}
2012-08-20 17:04 - 2012-08-20 17:04 - 00001825 ____A C:\Users\User\Downloads\download (5)
2012-08-20 17:04 - 2012-08-20 17:04 - 00001597 ____A C:\Users\User\Downloads\download (6)
2012-08-20 17:02 - 2012-08-20 17:02 - 00001825 ____A C:\Users\User\Downloads\download (4)
2012-08-20 17:02 - 2012-08-20 17:02 - 00001597 ____A C:\Users\User\Downloads\download (3)
2012-08-20 16:51 - 2012-08-20 16:51 - 00000751 ____A C:\Users\User\Desktop\Ad ads to Free BB Site.txt
2012-08-20 13:00 - 2012-08-20 13:00 - 00000000 ____D C:\Users\User\AppData\Local\{9544AA04-8612-417E-BBC6-AE54104630BF}
2012-08-20 08:18 - 2012-08-20 08:18 - 00000053 ____A C:\Users\User\Downloads\google57632eeb53844139.html
2012-08-20 06:54 - 2012-08-20 06:55 - 00005789 ____A C:\Users\User\Downloads\boing.zip
2012-08-20 06:22 - 2012-08-20 06:22 - 00000000 ____D C:\Users\User\AppData\Local\{A77CBF22-9996-43C9-A344-A77A11C12DC6}
2012-08-19 17:21 - 2012-08-19 17:22 - 00000000 ____D C:\Users\User\AppData\Local\{D5686E41-96BC-493A-B27C-EC7544CC58E1}
2012-08-17 10:17 - 2012-08-17 10:17 - 00000000 ____D C:\Users\User\AppData\Local\{FB3B87CB-BAB4-4D6A-90A3-E777E33DF8B5}
2012-08-17 10:17 - 2012-08-17 10:17 - 00000000 ____D C:\Users\User\AppData\Local\{A7D89F9B-6D18-42B6-B375-1642DFB3C772}
2012-08-17 08:39 - 2012-08-17 08:39 - 00535501 ____A C:\Users\User\Downloads\search_mep.sql
2012-08-17 07:20 - 2012-08-17 07:20 - 00000000 ____D C:\Users\User\AppData\Local\{14D0C7C2-A0B3-43FB-B421-3A70D5BF890B}
2012-08-16 07:09 - 2012-08-16 07:10 - 00000000 ____D C:\Users\User\AppData\Local\{827D84DB-0FC3-464C-B034-3A8EBA95225D}
2012-08-15 12:17 - 2012-08-15 12:17 - 00019740 ____A C:\Users\User\Downloads\[isoHunt] download (1).torrent
2012-08-15 12:08 - 2012-08-15 12:08 - 00000000 ____D C:\Users\User\AppData\Local\{05AFB277-63AE-41BD-AE57-CD38E91F4300}
2012-08-15 05:47 - 2012-08-15 05:47 - 00001110 ____A C:\Users\User\Downloads\ajpusc.zip
2012-08-15 04:48 - 2012-08-15 04:48 - 00000000 ____D C:\Users\User\AppData\Local\{20289C5A-67A0-471A-AE63-F288F3429D44}
2012-08-14 20:09 - 2012-07-06 11:58 - 00552448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-08-14 20:08 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-14 20:08 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-14 20:08 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-14 20:08 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-14 20:08 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-14 20:08 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-14 20:08 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-14 20:08 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-14 20:08 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-14 20:08 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-14 20:08 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-14 20:08 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-14 20:08 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-14 20:08 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-14 20:08 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-14 20:08 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-14 20:08 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-14 20:08 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-14 20:08 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-14 20:08 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-14 20:08 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-14 20:08 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-14 20:08 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-14 20:08 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-14 20:08 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-14 20:08 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-14 20:08 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-14 20:08 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-14 19:44 - 2012-07-18 09:30 - 03150848 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-14 19:44 - 2012-07-04 14:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-14 19:44 - 2012-07-04 14:01 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-14 19:44 - 2012-07-04 14:01 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-14 19:44 - 2012-07-04 13:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-14 19:44 - 2012-07-04 13:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-14 19:44 - 2012-05-13 21:20 - 00956416 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-14 19:44 - 2012-05-05 00:30 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-14 19:44 - 2012-05-04 23:44 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-14 19:44 - 2012-02-10 22:36 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-14 19:44 - 2012-02-10 22:29 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-14 19:44 - 2012-02-10 22:29 - 00067584 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-14 19:44 - 2012-02-10 21:44 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-14 13:45 - 2012-08-14 13:46 - 00000000 ____D C:\Users\User\AppData\Local\{E30AB018-91C7-4237-ABD5-0860066A4441}
2012-08-14 13:45 - 2012-08-14 13:45 - 00000000 ____D C:\Users\User\AppData\Local\{79B93C8E-C619-46A7-81A3-2581FFE853FE}
2012-08-14 09:24 - 2012-08-14 09:24 - 00646478 ____A C:\Users\User\Downloads\jquery-bubble-popup-v3.zip
2012-08-14 08:30 - 2012-08-14 08:30 - 00027718 ____A C:\Users\User\Downloads\28601037 (2).zip
2012-08-14 07:25 - 2012-08-14 07:25 - 00027486 ____A C:\Users\User\Downloads\28601037 (1).zip
2012-08-14 07:24 - 2012-08-14 07:24 - 00027486 ____A C:\Users\User\Downloads\28601037.zip
2012-08-13 18:10 - 2012-08-13 18:10 - 00000000 ____D C:\Users\User\AppData\Local\{9BE38BBF-301C-4846-B8DC-67BDB8B68F01}
2012-08-13 18:09 - 2012-08-14 06:56 - 00000000 ____D C:\Users\User\AppData\Local\{6F787983-CF1E-4726-89E4-63366F6BAF3F}
2012-08-13 12:05 - 2012-08-13 12:06 - 00000000 ____D C:\Users\User\AppData\Local\{CAA0B6CB-0F1B-4731-85A8-41EEE39C9563}
2012-08-13 05:42 - 2012-08-13 05:42 - 00000000 ____D C:\Users\User\AppData\Local\{1E50CC3B-6B52-49CB-B9B2-A7798025E941}

==================== 3 Months Modified Files ================================

2012-09-11 17:27 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-11 17:27 - 2009-07-13 20:51 - 00108399 ____A C:\Windows\setupact.log
2012-09-11 17:13 - 2011-01-27 19:56 - 00000528 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-09-11 17:13 - 2009-07-13 21:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-11 17:09 - 2012-09-11 17:09 - 01453499 ____A (Farbar) C:\Users\User\Downloads\FRST64.exe
2012-09-11 17:07 - 2011-01-27 19:56 - 00000382 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-09-11 16:30 - 2009-07-13 20:45 - 00020704 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-11 16:30 - 2009-07-13 20:45 - 00020704 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-11 16:25 - 2012-09-10 18:49 - 00001839 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2012-09-11 16:21 - 2011-02-02 16:10 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2599837038-3619574724-1502302346-1002UA.job
2012-09-11 16:19 - 2011-01-27 19:38 - 00547716 ____A C:\Windows\PFRO.log
2012-09-11 14:15 - 2012-09-11 14:14 - 00302592 ____A C:\Users\User\Downloads\ms1bzm6h.exe
2012-09-11 11:53 - 2011-02-03 11:04 - 00001456 ____A C:\Users\User\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-09-11 06:57 - 2012-09-11 06:57 - 00001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-11 06:54 - 2012-09-11 06:53 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-11 06:23 - 2012-09-11 06:23 - 00448512 ____A (OldTimer Tools) C:\Users\User\Downloads\TFC.exe
2012-09-10 17:21 - 2011-02-02 16:10 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2599837038-3619574724-1502302346-1002Core.job
2012-09-07 15:25 - 2012-09-07 15:25 - 00202679 ____A C:\Users\User\Downloads\rss.xml
2012-09-07 15:25 - 2012-09-07 15:25 - 00202679 ____A C:\Users\User\Downloads\rss (1).xml
2012-09-07 15:11 - 2012-09-07 15:11 - 00022528 ____A C:\Users\User\Downloads\Emails.xls
2012-09-07 15:11 - 2012-09-07 15:11 - 00017920 ____A C:\Users\User\Downloads\Sam's Emails.xls
2012-09-07 13:04 - 2012-09-11 06:57 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-07 12:57 - 2012-08-03 10:26 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-07 12:57 - 2012-08-03 10:26 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-07 12:55 - 2011-05-28 20:07 - 00000444 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-09-07 12:55 - 2011-01-27 19:51 - 01946440 ____A C:\Windows\WindowsUpdate.log
2012-09-06 10:16 - 2012-09-06 10:16 - 00313073 ____A C:\Users\User\Downloads\8400-Social-Bookmarking-Sites.zip
2012-09-06 10:11 - 2012-09-06 10:11 - 00031263 ____A C:\Users\User\Downloads\Getlinklist.com_bookmarking_sites_feb.rar
2012-09-06 09:59 - 2012-09-06 09:59 - 00000623 ____A C:\Users\User\Downloads\phpDug.txt
2012-09-06 09:58 - 2012-09-06 09:58 - 00015309 ____A C:\Users\User\Downloads\scuttle.txt
2012-09-06 09:58 - 2012-09-06 09:58 - 00003965 ____A C:\Users\User\Downloads\Scuttleplus with Captcha.txt
2012-09-06 09:58 - 2012-09-06 09:58 - 00003433 ____A C:\Users\User\Downloads\Scuttleplus No Captcha.txt
2012-09-06 09:57 - 2012-09-06 09:57 - 00001226 ____A C:\Users\User\Downloads\Blue Captcha 1st Page.txt
2012-09-06 09:56 - 2012-09-06 09:56 - 00077255 ____A C:\Users\User\Downloads\pligg urls.rar
2012-09-05 16:53 - 2012-09-05 16:53 - 00000000 ____A C:\Users\User\Downloads\download (8)
2012-08-31 18:26 - 2012-08-31 18:26 - 00040011 ____A C:\Users\User\Downloads\mobile_computing
2012-08-31 18:25 - 2012-08-31 18:25 - 00175256 ____A C:\Users\User\Downloads\howto
2012-08-31 18:25 - 2012-08-31 18:25 - 00173055 ____A C:\Users\User\Downloads\latestnews
2012-08-30 12:51 - 2012-08-30 12:51 - 00402394 ____A C:\Users\User\Downloads\Country_Flagatars.zip
2012-08-30 12:51 - 2012-08-30 12:51 - 00063500 ____A C:\Users\User\Downloads\2dtv100px.zip
2012-08-30 12:51 - 2012-08-30 12:50 - 00109486 ____A C:\Users\User\Downloads\100SMFAvatars.zip
2012-08-30 12:25 - 2012-08-30 12:13 - 55928308 ____A C:\Users\User\Downloads\bmd6100_20120823_01 (1).zip
2012-08-30 11:53 - 2012-08-30 11:53 - 00012613 ____A C:\Users\User\Downloads\[isoHunt] download (2).torrent
2012-08-28 23:06 - 2012-08-28 23:06 - 00021613 ____A C:\Users\User\Downloads\BHW 22-08-2012.txt
2012-08-28 23:06 - 2012-08-28 23:06 - 00003099 ____A C:\Users\User\Downloads\BHW 23-08-2012.txt
2012-08-28 19:56 - 2012-08-28 19:55 - 03204945 ____A C:\Users\User\Downloads\scrapebox.zip
2012-08-27 12:36 - 2012-08-27 12:36 - 00003800 ____A C:\Users\User\Downloads\pure-css-form-styling.zip
2012-08-27 11:09 - 2012-08-27 11:09 - 00000630 ____A C:\Users\User\Downloads\[isoHunt] ClickbankAffiliateFormula.zip.torrent
2012-08-27 11:03 - 2012-08-27 11:03 - 00009366 ____A C:\Users\User\Desktop\Ireland Cost Structure.xlsx
2012-08-27 10:57 - 2012-08-27 10:05 - 00000191 ____A C:\Users\User\Desktop\Ireland.txt
2012-08-25 14:26 - 2012-08-25 14:25 - 00009434 ____A C:\Users\User\Desktop\File Names for Gee.xlsx
2012-08-23 13:50 - 2012-08-23 13:50 - 00157693 ____A C:\Users\User\Downloads\robots-meta.zip
2012-08-21 18:39 - 2012-08-21 18:39 - 00003569 ____A C:\Users\User\Downloads\download (7)
2012-08-20 17:04 - 2012-08-20 17:04 - 00001825 ____A C:\Users\User\Downloads\download (5)
2012-08-20 17:04 - 2012-08-20 17:04 - 00001597 ____A C:\Users\User\Downloads\download (6)
2012-08-20 17:02 - 2012-08-20 17:02 - 00001825 ____A C:\Users\User\Downloads\download (4)
2012-08-20 17:02 - 2012-08-20 17:02 - 00001597 ____A C:\Users\User\Downloads\download (3)
2012-08-20 16:51 - 2012-08-20 16:51 - 00000751 ____A C:\Users\User\Desktop\Ad ads to Free BB Site.txt
2012-08-20 08:18 - 2012-08-20 08:18 - 00000053 ____A C:\Users\User\Downloads\google57632eeb53844139.html
2012-08-20 06:55 - 2012-08-20 06:54 - 00005789 ____A C:\Users\User\Downloads\boing.zip
2012-08-17 08:39 - 2012-08-17 08:39 - 00535501 ____A C:\Users\User\Downloads\search_mep.sql
2012-08-15 12:17 - 2012-08-15 12:17 - 00019740 ____A C:\Users\User\Downloads\[isoHunt] download (1).torrent
2012-08-15 06:07 - 2009-02-06 04:53 - 00001333 ____A C:\Users\User\Desktop\index.html
2012-08-15 05:47 - 2012-08-15 05:47 - 00001110 ____A C:\Users\User\Downloads\ajpusc.zip
2012-08-15 04:45 - 2009-07-13 20:45 - 05014920 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-14 09:24 - 2012-08-14 09:24 - 00646478 ____A C:\Users\User\Downloads\jquery-bubble-popup-v3.zip
2012-08-14 08:30 - 2012-08-14 08:30 - 00027718 ____A C:\Users\User\Downloads\28601037 (2).zip
2012-08-14 07:25 - 2012-08-14 07:25 - 00027486 ____A C:\Users\User\Downloads\28601037 (1).zip
2012-08-14 07:24 - 2012-08-14 07:24 - 00027486 ____A C:\Users\User\Downloads\28601037.zip
2012-08-10 10:27 - 2012-08-10 10:27 - 00000029 ____A C:\Users\User\Desktop\Chained Select Search Query.txt
2012-08-10 10:18 - 2012-08-10 10:18 - 00015259 ____A C:\Users\User\Downloads\chainedselects.zip
2012-08-09 17:08 - 2012-07-31 14:23 - 00003621 ____A C:\Users\User\Sti_Trace.log
2012-08-09 15:32 - 2012-08-09 15:32 - 31367168 ____A C:\Users\User\Downloads\MF4570dn_MFDrivers_W64_us_EN-1.exe
2012-08-09 15:17 - 2012-07-06 13:20 - 00000068 ____A C:\Users\User\Documents\gpfax.adr
2012-08-03 08:29 - 2012-08-03 08:29 - 00465504 ____A C:\Users\User\Downloads\site1.wordpress.2012-08-03.xml
2012-08-03 06:57 - 2011-02-02 16:11 - 00002491 ____A C:\Users\User\Desktop\Chrome.lnk
2012-08-02 13:04 - 2012-08-02 13:04 - 00209763 ____A C:\Users\User\Downloads\all-in-one-seo-pack (1).zip
2012-08-02 13:03 - 2012-08-02 13:03 - 00594615 ____A C:\Users\User\Downloads\google-sitemap-generator.3.2.7.zip
2012-08-02 12:11 - 2012-08-02 12:11 - 00046440 ____A C:\Users\User\Downloads\site1.wordpress.2012-08-02.xml
2012-08-02 09:47 - 2012-08-02 09:47 - 00254840 ____A C:\Users\User\Downloads\PHPMailer_5.2.1.zip
2012-08-02 09:47 - 2012-08-02 09:47 - 00000825 ____A C:\Users\User\Downloads\PHPMailer_5.2.1.zip.asc
2012-08-02 09:45 - 2012-08-02 09:45 - 00010583 ____A C:\Users\User\Downloads\varinsert_for_SPAW2.zip
2012-07-26 11:55 - 2012-07-26 11:55 - 00000825 ____A C:\Users\User\Downloads\nexus-responsive-business-wordpress-theme-licence.txt
2012-07-26 11:55 - 2012-07-26 11:55 - 00000825 ____A C:\Users\User\Downloads\nexus-responsive-business-wordpress-theme-licence (2).txt
2012-07-26 11:55 - 2012-07-26 11:55 - 00000825 ____A C:\Users\User\Downloads\nexus-responsive-business-wordpress-theme-licence (1).txt
2012-07-23 05:53 - 2012-07-23 05:53 - 00308987 ____A C:\Users\User\Downloads\120723-085202-site1.com-7873197.zip
2012-07-22 13:12 - 2012-07-22 13:11 - 00100709 ____A C:\Users\User\Downloads\Download (1).csv
2012-07-22 13:04 - 2012-07-22 13:02 - 00362793 ____A C:\Users\User\Downloads\Download.csv
2012-07-20 06:14 - 2012-07-20 06:14 - 00027077 ____A C:\Users\User\Downloads\[isoHunt] ThemeForest_Premium_Wordpress_Collection_Vol_1_-_6.5706625.TPB.torrent
2012-07-20 06:14 - 2012-07-20 06:14 - 00027077 ____A C:\Users\User\Downloads\[isoHunt] ThemeForest_Premium_Wordpress_Collection_Vol_1_-_6.5706625.TPB (1).torrent
2012-07-19 06:59 - 2012-07-19 06:59 - 00004706 ____A C:\Users\User\Downloads\source_files.zip
2012-07-18 09:30 - 2012-08-14 19:44 - 03150848 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-16 06:15 - 2012-07-16 06:14 - 00265380 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-16 06:15 - 2009-07-13 18:34 - 00000544 ____A C:\Windows\win.ini
2012-07-06 20:04 - 2012-07-06 20:04 - 05003558 ____A C:\Users\User\Downloads\part3 (1).tar.gz
2012-07-06 16:17 - 2012-07-06 16:17 - 04518720 ____A (FileZilla Project) C:\Users\User\Downloads\FileZilla_3.5.3_win32-setup.exe
2012-07-06 16:01 - 2012-07-06 16:01 - 01653711 ____A C:\Users\User\Downloads\tracker.zip
2012-07-06 13:20 - 2012-07-06 13:20 - 00000008 ____A C:\Users\User\Documents\gpfax.idx
2012-07-06 13:06 - 2012-07-06 13:06 - 00002087 ____A C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
2012-07-06 11:58 - 2012-08-14 20:09 - 00552448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-04 21:26 - 2012-07-03 21:33 - 00086424 ____A C:\Users\User\Desktop\bbapp carriers to do.csv
2012-07-04 14:04 - 2012-08-14 19:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:01 - 2012-08-14 19:44 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:01 - 2012-08-14 19:44 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:26 - 2012-08-14 19:44 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:23 - 2012-08-14 19:44 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-03 21:33 - 2012-07-03 20:13 - 00625862 ____A C:\Users\User\Downloads\api_bbapp_data (2).csv
2012-07-03 20:11 - 2012-07-03 20:11 - 00413332 ____A C:\Users\User\Downloads\bbapp_data.csv
2012-07-03 20:11 - 2012-07-03 20:11 - 00413332 ____A C:\Users\User\Downloads\bbapp_data (1).csv
2012-07-02 18:46 - 2012-07-02 18:46 - 02245688 ____A C:\Users\User\Downloads\installproXPN.exe
2012-06-29 20:12 - 2012-06-29 18:09 - 00485160 ____A C:\Users\User\Desktop\api_bbapp_data (1).csv
2012-06-29 18:50 - 2012-06-29 18:50 - 00059629 ____A C:\Users\User\Downloads\history.csv
2012-06-29 18:09 - 2012-06-29 17:21 - 00275627 ____A C:\Users\User\Downloads\api_bbapp_data (1).csv
2012-06-29 17:19 - 2012-06-29 17:18 - 00321660 ____A C:\Users\User\Downloads\api_bbapp_data.csv
2012-06-28 20:55 - 2012-08-14 20:08 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-14 20:08 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-14 20:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-14 20:08 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-14 20:08 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-14 20:08 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-14 20:08 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-14 20:08 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-14 20:08 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-14 20:08 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-14 20:08 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-14 20:08 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-14 20:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-14 20:08 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-14 20:08 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-14 20:08 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-14 20:08 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-14 20:08 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-14 20:08 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-14 20:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-14 20:08 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-14 20:08 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-14 20:08 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-14 20:08 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-14 20:08 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-14 20:08 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-14 20:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-14 20:08 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-28 00:03 - 2011-12-16 09:01 - 00000479 ____A C:\Users\User\Downloads\Blackberry-Mep-Reader.zip
2012-06-27 22:26 - 2012-06-27 22:25 - 127489368 ____A (Symantec Corporation) C:\Users\User\Downloads\N360-TW-19-5-0-145-EN.exe
2012-06-26 11:26 - 2012-06-26 11:26 - 00346212 ____A C:\Users\User\Downloads\Angell_EYE_PayPal_IPN_Solution.zip
2012-06-25 12:04 - 2012-06-25 12:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2012-06-24 08:41 - 2012-06-24 08:41 - 06232884 ____A C:\Users\User\Downloads\CellfService.zip
2012-06-23 19:18 - 2012-06-23 19:18 - 00028425 ____A C:\Users\User\Downloads\[isoHunt] Make it or Break It S03E01 HDTV XviD-2HD[ettv].torrent
2012-06-20 20:57 - 2011-01-27 19:46 - 00353886 ____A C:\Windows\DirectX.log

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2599837038-3619574724-1502302346-1002\$0777cfe37d3bfd5a401954926157210b

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-14 20:07:14
Restore point made on: 2012-08-19 17:25:33
Restore point made on: 2012-08-24 07:36:16
Restore point made on: 2012-08-28 19:34:36
Restore point made on: 2012-09-03 23:10:52
Restore point made on: 2012-09-07 10:25:08

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3891.67 MB

Available physical RAM: 3165.09 MB
Total Pagefile: 3889.82 MB
Available Pagefile: 3159.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:226.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.03 GB) NTFS
4 Drive g: () (Removable) (Total:7.19 GB) (Free:1.86 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM_DRV) (Fixed) (Total:1.17 GB) (Free:0.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7385 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1200 MB 1024 KB
Partition 2 Primary 454 GB 1201 MB
Partition 3 Primary 9 GB 455 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM_DRV NTFS Partition 1200 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Windows7_OS NTFS Partition 454 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Lenovo_Reco NTFS Partition 9 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7381 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 7381 MB Healthy

==================================================================================

Last Boot: 2012-09-05 20:19

==================== End Of Log =============================

Broni · Sep 11, 2012

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

===================================

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

====================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Sal Pennah · Sep 11, 2012

Thanks again for the prompt response. Just to let you know, I've been changing some of the folder names in my reports as it has my boss's name in it. I hope that won't change anything. Below are the logs requested:

23:18:51.0199 5976 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
23:18:51.0713 5976 ============================================================
23:18:51.0713 5976 Current date / time: 2012/09/11 23:18:51.0713
23:18:51.0713 5976 SystemInfo:
23:18:51.0713 5976
23:18:51.0713 5976 OS Version: 6.1.7600 ServicePack: 0.0
23:18:51.0713 5976 Product type: Workstation
23:18:51.0713 5976 ComputerName: USER-THINK
23:18:51.0713 5976 UserName: User
23:18:51.0713 5976 Windows directory: C:\Windows
23:18:51.0713 5976 System windows directory: C:\Windows
23:18:51.0713 5976 Running under WOW64
23:18:51.0713 5976 Processor architecture: Intel x64
23:18:51.0713 5976 Number of processors: 4
23:18:51.0713 5976 Page size: 0x1000
23:18:51.0713 5976 Boot type: Normal boot
23:18:51.0713 5976 ============================================================
23:19:00.0405 5976 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
23:19:00.0483 5976 Drive \Device\Harddisk1\DR1 - Size: 0x1CD940000 (7.21 Gb), SectorSize: 0x200, Cylinders: 0x3AD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:19:00.0514 5976 ============================================================
23:19:00.0514 5976 \Device\Harddisk0\DR0:
23:19:00.0514 5976 MBR partitions:
23:19:00.0514 5976 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
23:19:00.0514 5976 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x38DA4FF8
23:19:00.0514 5976 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38FFD800, BlocksNum 0x1388000
23:19:00.0514 5976 \Device\Harddisk1\DR1:
23:19:00.0514 5976 MBR partitions:
23:19:00.0514 5976 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0xE6AA80
23:19:00.0514 5976 ============================================================
23:19:00.0748 5976 C: <-> \Device\Harddisk0\DR0\Partition2
23:19:01.0029 5976 Q: <-> \Device\Harddisk0\DR0\Partition3
23:19:01.0029 5976 ============================================================
23:19:01.0029 5976 Initialize success
23:19:01.0029 5976 ============================================================
23:19:11.0746 3356 ============================================================
23:19:11.0746 3356 Scan started
23:19:11.0746 3356 Mode: Manual;
23:19:11.0746 3356 ============================================================
23:19:40.0010 3356 ================ Scan system memory ========================
23:19:40.0010 3356 System memory - ok
23:19:40.0012 3356 ================ Scan services =============================
23:19:40.0528 3356 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
23:19:40.0565 3356 1394ohci - ok
23:19:40.0632 3356 [ 708CCD77B9363F245D9F9ACE480824CA ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
23:19:40.0650 3356 5U877 - ok
23:19:40.0748 3356 [ 794FF35015209B9D44F1360C42C9776D ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
23:19:40.0789 3356 ACPI - ok
23:19:40.0985 3356 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
23:19:40.0986 3356 AcpiPmi - ok
23:19:41.0222 3356 [ 40C186D35C0E307240D6BCA399332B24 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
23:19:41.0227 3356 AcPrfMgrSvc - ok
23:19:41.0266 3356 [ 51E12E36BDEB10C0D9DBDB1FA4914800 ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
23:19:41.0292 3356 AcSvc - ok
23:19:41.0407 3356 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:19:41.0425 3356 adp94xx - ok
23:19:41.0506 3356 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:19:42.0113 3356 adpahci - ok
23:19:42.0188 3356 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:19:42.0201 3356 adpu320 - ok
23:19:42.0234 3356 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:19:42.0243 3356 AeLookupSvc - ok
23:19:42.0317 3356 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
23:19:42.0330 3356 AFD - ok
23:19:42.0375 3356 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
23:19:42.0383 3356 agp440 - ok
23:19:42.0403 3356 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:19:42.0424 3356 ALG - ok
23:19:42.0491 3356 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
23:19:42.0506 3356 aliide - ok
23:19:42.0536 3356 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
23:19:42.0560 3356 amdide - ok
23:19:42.0584 3356 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:19:42.0592 3356 AmdK8 - ok
23:19:42.0617 3356 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:19:42.0618 3356 AmdPPM - ok
23:19:42.0683 3356 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:19:42.0709 3356 amdsata - ok
23:19:42.0784 3356 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:19:42.0809 3356 amdsbs - ok
23:19:42.0847 3356 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:19:42.0848 3356 amdxata - ok
23:19:42.0899 3356 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
23:19:42.0909 3356 AppID - ok
23:19:42.0943 3356 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:19:42.0946 3356 AppIDSvc - ok
23:19:42.0967 3356 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
23:19:42.0969 3356 Appinfo - ok
23:19:43.0161 3356 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:19:43.0171 3356 Apple Mobile Device - ok
23:19:43.0226 3356 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
23:19:43.0275 3356 AppMgmt - ok
23:19:43.0318 3356 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:19:43.0321 3356 arc - ok
23:19:43.0341 3356 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:19:43.0353 3356 arcsas - ok
23:19:43.0380 3356 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:19:43.0382 3356 AsyncMac - ok
23:19:43.0408 3356 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
23:19:43.0409 3356 atapi - ok
23:19:43.0459 3356 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:19:43.0477 3356 AudioEndpointBuilder - ok
23:19:43.0492 3356 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:19:43.0499 3356 AudioSrv - ok
23:19:43.0526 3356 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:19:43.0533 3356 AxInstSV - ok
23:19:43.0631 3356 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:19:43.0658 3356 b06bdrv - ok
23:19:43.0700 3356 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:19:43.0705 3356 b57nd60a - ok
23:19:43.0849 3356 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
23:19:43.0864 3356 BBSvc - ok
23:19:43.0908 3356 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
23:19:43.0942 3356 BBUpdate - ok
23:19:44.0004 3356 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:19:44.0035 3356 BDESVC - ok
23:19:44.0095 3356 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:19:44.0096 3356 Beep - ok
23:19:44.0116 3356 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:19:44.0127 3356 blbdrive - ok
23:19:44.0282 3356 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:19:44.0289 3356 Bonjour Service - ok
23:19:44.0331 3356 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:19:44.0333 3356 bowser - ok
23:19:44.0359 3356 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:19:44.0360 3356 BrFiltLo - ok
23:19:44.0387 3356 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:19:44.0389 3356 BrFiltUp - ok
23:19:44.0423 3356 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
23:19:44.0426 3356 Browser - ok
23:19:44.0447 3356 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:19:44.0451 3356 Brserid - ok
23:19:44.0467 3356 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:19:44.0469 3356 BrSerWdm - ok
23:19:44.0484 3356 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:19:44.0486 3356 BrUsbMdm - ok
23:19:44.0501 3356 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:19:44.0503 3356 BrUsbSer - ok
23:19:44.0560 3356 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
23:19:44.0575 3356 BthEnum - ok
23:19:44.0614 3356 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:19:44.0640 3356 BTHMODEM - ok
23:19:44.0662 3356 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:19:44.0665 3356 BthPan - ok
23:19:44.0712 3356 [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
23:19:44.0736 3356 BTHPORT - ok
23:19:44.0784 3356 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:19:44.0786 3356 bthserv - ok
23:19:44.0814 3356 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
23:19:44.0816 3356 BTHUSB - ok
23:19:44.0854 3356 [ 48360B88C4BF45850653BB7C86888ED4 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
23:19:44.0860 3356 CAXHWAZL - ok
23:19:44.0934 3356 [ A8AD33C9DD88C810CAC00ACC7F4329FB ] ccSet_NST C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys
23:19:44.0948 3356 ccSet_NST - ok
23:19:45.0007 3356 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:19:45.0016 3356 cdfs - ok
23:19:45.0049 3356 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:19:45.0052 3356 cdrom - ok
23:19:45.0086 3356 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
23:19:45.0088 3356 CertPropSvc - ok
23:19:45.0137 3356 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\Windows\system32\drivers\cfwids.sys
23:19:45.0140 3356 cfwids - ok
23:19:45.0174 3356 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:19:45.0176 3356 circlass - ok
23:19:45.0202 3356 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:19:45.0219 3356 CLFS - ok
23:19:45.0310 3356 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:19:45.0319 3356 clr_optimization_v2.0.50727_32 - ok
23:19:45.0366 3356 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:19:45.0368 3356 clr_optimization_v2.0.50727_64 - ok
23:19:45.0455 3356 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:19:45.0471 3356 clr_optimization_v4.0.30319_32 - ok
23:19:45.0502 3356 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:19:45.0504 3356 clr_optimization_v4.0.30319_64 - ok
23:19:45.0540 3356 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:19:45.0547 3356 CmBatt - ok
23:19:45.0577 3356 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
23:19:45.0578 3356 cmdide - ok
23:19:45.0677 3356 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
23:19:45.0687 3356 CNG - ok
23:19:45.0823 3356 [ 22BC1C27274D1CB1C3A8C14CDBA0CDF2 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
23:19:45.0827 3356 CnxtHdAudService - ok
23:19:45.0881 3356 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:19:45.0881 3356 Compbatt - ok
23:19:45.0941 3356 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:19:45.0959 3356 CompositeBus - ok
23:19:46.0002 3356 COMSysApp - ok
23:19:46.0028 3356 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:19:46.0050 3356 crcdisk - ok
23:19:46.0247 3356 [ C128E740CDB1048FB72F4F80FA384943 ] CrossLoopService C:\Users\User\AppData\Local\CrossLoop\CrossLoopService.exe
23:19:46.0253 3356 CrossLoopService - ok
23:19:46.0368 3356 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:19:46.0380 3356 CryptSvc - ok
23:19:46.0450 3356 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
23:19:46.0455 3356 CSC - ok
23:19:46.0520 3356 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
23:19:46.0526 3356 CscService - ok
23:19:46.0632 3356 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:19:46.0638 3356 DcomLaunch - ok
23:19:46.0661 3356 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:19:46.0670 3356 defragsvc - ok
23:19:46.0721 3356 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:19:46.0729 3356 DfsC - ok
23:19:46.0785 3356 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
23:19:46.0789 3356 Dhcp - ok
23:19:46.0823 3356 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:19:46.0824 3356 discache - ok
23:19:46.0881 3356 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:19:46.0883 3356 Disk - ok
23:19:47.0019 3356 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:19:47.0036 3356 Dnscache - ok
23:19:47.0072 3356 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
23:19:47.0091 3356 dot3svc - ok
23:19:47.0179 3356 [ 0467853BB18E2F6B0C02E5E991A6F087 ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
23:19:47.0188 3356 DozeSvc - ok
23:19:47.0212 3356 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
23:19:47.0214 3356 DPS - ok
23:19:47.0248 3356 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:19:47.0249 3356 drmkaud - ok
23:19:47.0290 3356 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:19:47.0295 3356 DXGKrnl - ok
23:19:47.0332 3356 [ 5BDEF3FAA1BFD9C9C5D3DC972049F0FA ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys
23:19:47.0333 3356 DzHDD64 - ok
23:19:47.0362 3356 [ D2325D1AE61335E2EBADEB1B7C39CB13 ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
23:19:47.0364 3356 e1kexpress - ok
23:19:47.0373 3356 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:19:47.0375 3356 EapHost - ok
23:19:47.0473 3356 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:19:47.0522 3356 ebdrv - ok
23:19:47.0571 3356 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
23:19:47.0592 3356 EFS - ok
23:19:47.0707 3356 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:19:47.0714 3356 ehRecvr - ok
23:19:47.0742 3356 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:19:47.0744 3356 ehSched - ok
23:19:47.0779 3356 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:19:47.0799 3356 elxstor - ok
23:19:47.0814 3356 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
23:19:47.0815 3356 ErrDev - ok
23:19:47.0866 3356 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:19:47.0876 3356 EventSystem - ok
23:19:48.0127 3356 [ 8B6C9924B0D333DBF76086B8258A0891 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:19:48.0140 3356 EvtEng - ok
23:19:48.0174 3356 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:19:48.0177 3356 exfat - ok
23:19:48.0199 3356 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:19:48.0201 3356 fastfat - ok
23:19:48.0259 3356 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
23:19:48.0266 3356 Fax - ok
23:19:48.0295 3356 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:19:48.0296 3356 fdc - ok
23:19:48.0323 3356 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:19:48.0327 3356 fdPHost - ok
23:19:48.0343 3356 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:19:48.0347 3356 FDResPub - ok
23:19:48.0359 3356 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:19:48.0360 3356 FileInfo - ok
23:19:48.0373 3356 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:19:48.0374 3356 Filetrace - ok
23:19:48.0389 3356 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:19:48.0390 3356 flpydisk - ok
23:19:48.0410 3356 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:19:48.0413 3356 FltMgr - ok
23:19:48.0482 3356 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
23:19:48.0494 3356 FontCache - ok
23:19:48.0546 3356 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:19:48.0547 3356 FontCache3.0.0.0 - ok
23:19:48.0583 3356 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:19:48.0584 3356 FsDepends - ok
23:19:48.0625 3356 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:19:48.0630 3356 Fs_Rec - ok
23:19:48.0651 3356 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:19:48.0653 3356 fvevol - ok
23:19:48.0698 3356 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:19:48.0704 3356 gagp30kx - ok
23:19:48.0761 3356 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:19:48.0762 3356 GEARAspiWDM - ok
23:19:48.0800 3356 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
23:19:48.0807 3356 gpsvc - ok
23:19:48.0833 3356 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:19:48.0840 3356 hcw85cir - ok
23:19:48.0884 3356 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:19:48.0888 3356 HdAudAddService - ok
23:19:48.0924 3356 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:19:48.0926 3356 HDAudBus - ok
23:19:48.0969 3356 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
23:19:48.0970 3356 HECIx64 - ok
23:19:49.0001 3356 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:19:49.0002 3356 HidBatt - ok
23:19:49.0018 3356 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:19:49.0019 3356 HidBth - ok
23:19:49.0050 3356 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:19:49.0066 3356 HidIr - ok
23:19:49.0093 3356 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
23:19:49.0098 3356 hidserv - ok
23:19:49.0123 3356 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:19:49.0124 3356 HidUsb - ok
23:19:49.0143 3356 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:19:49.0145 3356 hkmsvc - ok
23:19:49.0163 3356 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:19:49.0170 3356 HomeGroupListener - ok
23:19:49.0202 3356 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:19:49.0205 3356 HomeGroupProvider - ok
23:19:49.0226 3356 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
23:19:49.0227 3356 HpSAMD - ok
23:19:49.0317 3356 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
23:19:49.0323 3356 HsfXAudioService - ok
23:19:49.0386 3356 [ F6AC1087A131FBB385400667BEA64FBE ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
23:19:49.0400 3356 HSF_DPV - ok
23:19:49.0482 3356 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:19:49.0497 3356 HTTP - ok
23:19:49.0511 3356 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:19:49.0511 3356 hwpolicy - ok
23:19:49.0557 3356 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:19:49.0559 3356 i8042prt - ok
23:19:49.0599 3356 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:19:49.0602 3356 iaStor - ok
23:19:49.0640 3356 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:19:49.0644 3356 iaStorV - ok
23:19:49.0716 3356 [ 3761FAB385F1C2F51B2FAD48CFABBE9D ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
23:19:49.0717 3356 IBMPMDRV - ok
23:19:49.0734 3356 [ FC22310F3862E2C7C8722EF4778D5CC3 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
23:19:49.0740 3356 IBMPMSVC - ok
23:19:49.0819 3356 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:19:49.0828 3356 idsvc - ok
23:19:50.0221 3356 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
23:19:50.0391 3356 igfx - ok
23:19:50.0432 3356 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:19:50.0433 3356 iirsp - ok
23:19:50.0484 3356 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
23:19:50.0493 3356 IKEEXT - ok
23:19:50.0512 3356 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
23:19:50.0520 3356 Impcd - ok
23:19:50.0572 3356 [ C6C1F19205DA83C801BE7C25F4E2EE07 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
23:19:50.0575 3356 IntcDAud - ok
23:19:50.0590 3356 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
23:19:50.0591 3356 intelide - ok
23:19:50.0618 3356 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:19:50.0619 3356 intelppm - ok
23:19:50.0638 3356 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:19:50.0660 3356 IPBusEnum - ok
23:19:50.0685 3356 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:19:50.0687 3356 IpFilterDriver - ok
23:19:50.0691 3356 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:19:50.0699 3356 IPMIDRV - ok
23:19:50.0732 3356 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:19:50.0734 3356 IPNAT - ok
23:19:50.0974 3356 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:19:50.0979 3356 iPod Service - ok
23:19:51.0004 3356 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:19:51.0005 3356 IRENUM - ok
23:19:51.0032 3356 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
23:19:51.0033 3356 isapnp - ok
23:19:51.0056 3356 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:19:51.0070 3356 iScsiPrt - ok
23:19:51.0110 3356 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
23:19:51.0160 3356 IviRegMgr - ok
23:19:51.0185 3356 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:19:51.0186 3356 kbdclass - ok
23:19:51.0210 3356 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:19:51.0212 3356 kbdhid - ok
23:19:51.0238 3356 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
23:19:51.0260 3356 KeyIso - ok
23:19:51.0301 3356 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:19:51.0303 3356 KSecDD - ok
23:19:51.0314 3356 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:19:51.0315 3356 KSecPkg - ok
23:19:51.0341 3356 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:19:51.0345 3356 ksthunk - ok
23:19:51.0368 3356 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:19:51.0379 3356 KtmRm - ok
23:19:51.0418 3356 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:19:51.0422 3356 LanmanServer - ok
23:19:51.0451 3356 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:19:51.0454 3356 LanmanWorkstation - ok
23:19:51.0535 3356 [ CAB9C6C37FD0F9612B269349116504B6 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
23:19:51.0542 3356 LENOVO.CAMMUTE - ok
23:19:51.0599 3356 [ C88EB33793420A79F601FB5E33E2EDD9 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
23:19:51.0600 3356 LENOVO.MICMUTE - ok
23:19:51.0607 3356 [ 5ACFF5823634BC2C4EBF559C3B33E18E ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
23:19:51.0608 3356 lenovo.smi - ok
23:19:51.0620 3356 [ 04B5F7F44CCB2FAB615C67ED0E6C8323 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
23:19:51.0621 3356 LENOVO.TPKNRSVC - ok
23:19:51.0635 3356 [ 6F2CC57EB5836D2AC9BD37F3554D55F8 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
23:19:51.0643 3356 Lenovo.VIRTSCRLSVC - ok
23:19:51.0683 3356 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:19:51.0684 3356 lltdio - ok
23:19:51.0715 3356 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:19:51.0723 3356 lltdsvc - ok
23:19:51.0745 3356 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:19:51.0750 3356 lmhosts - ok
23:19:51.0860 3356 [ 25884CA77F8D926B69167BC231D3726E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:19:51.0862 3356 LMS - ok
23:19:51.0901 3356 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:19:52.0161 3356 LSI_FC - ok
23:19:52.0513 3356 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:19:52.0532 3356 LSI_SAS - ok
23:19:52.0570 3356 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:19:52.0572 3356 LSI_SAS2 - ok
23:19:52.0576 3356 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:19:52.0578 3356 LSI_SCSI - ok
23:19:52.0605 3356 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:19:52.0607 3356 luafv - ok
23:19:52.0667 3356 [ 23488767CB18FC3FF39E3AF1DB3FB02C ] massfilter C:\Windows\system32\drivers\massfilter.sys
23:19:52.0668 3356 massfilter - ok
23:19:52.0709 3356 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:19:52.0709 3356 MBAMProtector - ok
23:19:52.0779 3356 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:19:52.0793 3356 MBAMScheduler - ok
23:19:52.0822 3356 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:19:52.0828 3356 MBAMService - ok
23:19:53.0056 3356 [ ACB01BF1A905356AB7F978C7FE852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:19:53.0079 3356 McAfee SiteAdvisor Service - ok
23:19:53.0095 3356 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:19:53.0098 3356 McMPFSvc - ok
23:19:53.0105 3356 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:19:53.0108 3356 mcmscsvc - ok
23:19:53.0120 3356 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:19:53.0122 3356 McNaiAnn - ok
23:19:53.0135 3356 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:19:53.0137 3356 McNASvc - ok
23:19:53.0367 3356 [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
23:19:53.0386 3356 McODS - ok
23:19:53.0507 3356 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:19:53.0510 3356 McProxy - ok
23:19:53.0697 3356 [ 597C77235621E7DDD32A68574FDE6464 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
23:19:53.0705 3356 McShield - ok
23:19:53.0751 3356 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:19:53.0758 3356 Mcx2Svc - ok
23:19:53.0785 3356 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:19:53.0786 3356 mdmxsdk - ok
23:19:53.0810 3356 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:19:53.0811 3356 megasas - ok
23:19:53.0830 3356 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:19:53.0833 3356 MegaSR - ok
23:19:53.0859 3356 [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
23:19:53.0860 3356 mfeapfk - ok
23:19:53.0925 3356 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
23:19:53.0928 3356 mfeavfk - ok
23:19:53.0952 3356 mfeavfk01 - ok
23:19:54.0027 3356 [ 134BB16F93A07C2C89B0B9C399382BDB ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
23:19:54.0042 3356 mfefire - ok
23:19:54.0115 3356 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
23:19:54.0118 3356 mfefirek - ok
23:19:54.0159 3356 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
23:19:54.0165 3356 mfehidk - ok
23:19:54.0210 3356 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
23:19:54.0212 3356 mfenlfk - ok
23:19:54.0243 3356 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
23:19:54.0246 3356 mferkdet - ok
23:19:54.0314 3356 [ 4D0ECD05ABB518EA323F651F4AB8458F ] mfevtp C:\Windows\system32\mfevtps.exe
23:19:54.0323 3356 mfevtp - ok
23:19:54.0355 3356 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
23:19:54.0359 3356 mfewfpk - ok
23:19:54.0449 3356 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
23:19:54.0452 3356 Microsoft Office Groove Audit Service - ok
23:19:54.0478 3356 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:19:54.0481 3356 MMCSS - ok
23:19:54.0503 3356 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:19:54.0504 3356 Modem - ok
23:19:54.0548 3356 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:19:54.0549 3356 monitor - ok
23:19:54.0570 3356 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:19:54.0581 3356 mouclass - ok
23:19:54.0602 3356 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:19:54.0613 3356 mouhid - ok
23:19:54.0628 3356 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:19:54.0629 3356 mountmgr - ok
23:19:54.0731 3356 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:19:54.0735 3356 MozillaMaintenance - ok
23:19:54.0768 3356 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
23:19:54.0771 3356 mpio - ok
23:19:54.0807 3356 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:19:54.0822 3356 mpsdrv - ok
23:19:54.0862 3356 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:19:54.0865 3356 MRxDAV - ok
23:19:54.0914 3356 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:19:54.0917 3356 mrxsmb - ok
23:19:54.0961 3356 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:19:54.0966 3356 mrxsmb10 - ok
23:19:55.0010 3356 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:19:55.0013 3356 mrxsmb20 - ok
23:19:55.0036 3356 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
23:19:55.0038 3356 msahci - ok
23:19:55.0052 3356 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
23:19:55.0055 3356 msdsm - ok
23:19:55.0077 3356 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:19:55.0089 3356 MSDTC - ok
23:19:55.0130 3356 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:19:55.0132 3356 Msfs - ok
23:19:55.0155 3356 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:19:55.0157 3356 mshidkmdf - ok
23:19:55.0175 3356 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
23:19:55.0176 3356 msisadrv - ok
23:19:55.0203 3356 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:19:55.0214 3356 MSiSCSI - ok
23:19:55.0219 3356 msiserver - ok
23:19:55.0281 3356 [ ACB01BF1A905356AB7F978C7FE852209 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:19:55.0284 3356 MSK80Service - ok
23:19:55.0322 3356 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:19:55.0324 3356 MSKSSRV - ok
23:19:55.0341 3356 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:19:55.0343 3356 MSPCLOCK - ok
23:19:55.0348 3356 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:19:55.0350 3356 MSPQM - ok
23:19:55.0368 3356 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:19:55.0373 3356 MsRPC - ok
23:19:55.0386 3356 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:19:55.0386 3356 mssmbios - ok
23:19:55.0404 3356 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:19:55.0405 3356 MSTEE - ok
23:19:55.0432 3356 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:19:55.0439 3356 MTConfig - ok
23:19:55.0453 3356 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:19:55.0454 3356 Mup - ok
23:19:55.0481 3356 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
23:19:55.0488 3356 napagent - ok
23:19:55.0515 3356 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:19:55.0519 3356 NativeWifiP - ok
23:19:55.0584 3356 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
23:19:55.0594 3356 NDIS - ok
23:19:55.0615 3356 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:19:55.0617 3356 NdisCap - ok
23:19:55.0645 3356 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:19:55.0646 3356 NdisTapi - ok
23:19:55.0669 3356 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:19:55.0671 3356 Ndisuio - ok
23:19:55.0680 3356 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:19:55.0683 3356 NdisWan - ok

Sal Pennah · Sep 11, 2012

....Continued...

23:19:55.0691 3356 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:19:55.0693 3356 NDProxy - ok
23:19:55.0753 3356 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
23:19:55.0767 3356 Netaapl - ok
23:19:55.0792 3356 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:19:55.0804 3356 NetBIOS - ok
23:19:55.0825 3356 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:19:55.0829 3356 NetBT - ok
23:19:55.0846 3356 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
23:19:55.0848 3356 Netlogon - ok
23:19:55.0887 3356 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:19:55.0893 3356 Netman - ok
23:19:55.0926 3356 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:19:55.0933 3356 netprofm - ok
23:19:55.0955 3356 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:19:55.0958 3356 NetTcpPortSharing - ok
23:19:56.0083 3356 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
23:19:56.0148 3356 netw5v64 - ok
23:19:56.0453 3356 [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
23:19:56.0603 3356 NETwNs64 - ok
23:19:56.0636 3356 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:19:56.0637 3356 nfrd960 - ok
23:19:56.0680 3356 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:19:56.0687 3356 NlaSvc - ok
23:19:56.0715 3356 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:19:56.0716 3356 Npfs - ok
23:19:56.0729 3356 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:19:56.0731 3356 nsi - ok
23:19:56.0752 3356 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:19:56.0754 3356 nsiproxy - ok
23:19:56.0855 3356 [ E127420B7FEB65C7F279EAAC183BBC0E ] NSL C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
23:19:56.0858 3356 NSL - ok
23:19:57.0018 3356 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:19:57.0041 3356 Ntfs - ok
23:19:57.0077 3356 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:19:57.0078 3356 Null - ok
23:19:57.0614 3356 [ 6EF8C7A051804570000670800F6174FE ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:19:57.0668 3356 nvlddmkm - ok
23:19:57.0702 3356 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:19:57.0715 3356 nvraid - ok
23:19:57.0731 3356 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:19:57.0734 3356 nvstor - ok
23:19:57.0765 3356 [ 4094DFF204EE3CF902648F0F14B8D344 ] nvsvc C:\Windows\system32\nvvsvc.exe
23:19:57.0768 3356 nvsvc - ok
23:19:57.0813 3356 [ E695B65668628146CB125C8C717C8E5D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
23:19:57.0830 3356 nvUpdatusService - ok
23:19:57.0855 3356 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
23:19:57.0863 3356 nv_agp - ok
23:19:57.0972 3356 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:19:57.0977 3356 odserv - ok
23:19:57.0998 3356 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:19:58.0000 3356 ohci1394 - ok
23:19:58.0034 3356 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:19:58.0044 3356 ose - ok
23:19:58.0095 3356 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:19:58.0103 3356 p2pimsvc - ok
23:19:58.0128 3356 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:19:58.0147 3356 p2psvc - ok
23:19:58.0172 3356 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:19:58.0175 3356 Parport - ok
23:19:58.0211 3356 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:19:58.0213 3356 partmgr - ok
23:19:58.0226 3356 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:19:58.0230 3356 PcaSvc - ok
23:19:58.0300 3356 [ 7317A0B550F7AC0223B7070897670476 ] PCDSRVC{127174DC-C366ED8B-06020101}_0 c:\program files\pc-doctor\pcdsrvc_x64.pkms
23:19:58.0350 3356 PCDSRVC{127174DC-C366ED8B-06020101}_0 - ok
23:19:58.0380 3356 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
23:19:58.0384 3356 pci - ok
23:19:58.0407 3356 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
23:19:58.0409 3356 pciide - ok
23:19:58.0423 3356 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:19:58.0427 3356 pcmcia - ok
23:19:58.0449 3356 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:19:58.0450 3356 pcw - ok
23:19:58.0494 3356 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:19:58.0504 3356 PEAUTH - ok
23:19:58.0546 3356 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:19:58.0564 3356 PeerDistSvc - ok
23:19:58.0775 3356 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:19:58.0777 3356 PerfHost - ok
23:19:58.0852 3356 [ ACC93675D78D1C07DAD09D7837F2397A ] pgsql-8.3 C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
23:19:58.0874 3356 pgsql-8.3 - ok
23:19:58.0932 3356 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
23:19:58.0971 3356 pla - ok
23:19:59.0031 3356 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:19:59.0048 3356 PlugPlay - ok
23:19:59.0231 3356 [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
23:19:59.0313 3356 PMBDeviceInfoProvider - ok
23:19:59.0345 3356 [ 0BEE791C7C7ACE453C134E73633C497D ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys
23:19:59.0347 3356 pmxdrv - ok
23:19:59.0375 3356 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:19:59.0378 3356 PNRPAutoReg - ok
23:19:59.0398 3356 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:19:59.0403 3356 PNRPsvc - ok
23:19:59.0429 3356 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:19:59.0437 3356 PolicyAgent - ok
23:19:59.0468 3356 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:19:59.0472 3356 Power - ok
23:19:59.0525 3356 [ BAC02775CF629E5FE80BEA952F4448EF ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
23:19:59.0531 3356 Power Manager DBC Service - ok
23:19:59.0595 3356 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:19:59.0597 3356 PptpMiniport - ok
23:19:59.0622 3356 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:19:59.0624 3356 Processor - ok
23:19:59.0665 3356 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
23:19:59.0677 3356 ProfSvc - ok
23:19:59.0687 3356 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:19:59.0690 3356 ProtectedStorage - ok
23:19:59.0717 3356 [ 515A7C5A0886FCC60901916785EFD549 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
23:19:59.0718 3356 psadd - ok
23:19:59.0733 3356 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:19:59.0735 3356 Psched - ok
23:19:59.0769 3356 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
23:19:59.0770 3356 PxHlpa64 - ok
23:19:59.0874 3356 [ 6979AB9CA5F388D0FF7513EC2D607AE2 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
23:19:59.0875 3356 QBCFMonitorService - ok
23:19:59.0948 3356 [ 2241EAF40E472C471CB80CF6B97CCA11 ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
23:19:59.0962 3356 QBFCService - ok
23:20:00.0003 3356 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:20:00.0020 3356 ql2300 - ok
23:20:00.0047 3356 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:20:00.0055 3356 ql40xx - ok
23:20:00.0122 3356 QuickBooksDB19 - ok
23:20:00.0152 3356 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:20:00.0165 3356 QWAVE - ok
23:20:00.0182 3356 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:20:00.0183 3356 QWAVEdrv - ok
23:20:00.0203 3356 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:20:00.0204 3356 RasAcd - ok
23:20:00.0235 3356 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:20:00.0237 3356 RasAgileVpn - ok
23:20:00.0252 3356 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:20:00.0260 3356 RasAuto - ok
23:20:00.0276 3356 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:20:00.0279 3356 Rasl2tp - ok
23:20:00.0301 3356 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
23:20:00.0306 3356 RasMan - ok
23:20:00.0321 3356 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:20:00.0324 3356 RasPppoe - ok
23:20:00.0329 3356 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:20:00.0330 3356 RasSstp - ok
23:20:00.0354 3356 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:20:00.0358 3356 rdbss - ok
23:20:00.0371 3356 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:20:00.0372 3356 rdpbus - ok
23:20:00.0392 3356 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:20:00.0394 3356 RDPCDD - ok
23:20:00.0417 3356 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:20:00.0419 3356 RDPDR - ok
23:20:00.0434 3356 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:20:00.0435 3356 RDPENCDD - ok
23:20:00.0448 3356 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:20:00.0453 3356 RDPREFMP - ok
23:20:00.0490 3356 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:20:00.0510 3356 RDPWD - ok
23:20:00.0562 3356 [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:20:00.0565 3356 rdyboost - ok
23:20:00.0672 3356 [ 189C5A8D2098E0AA14FD157A954B34FC ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:20:00.0681 3356 RegSrvc - ok
23:20:00.0722 3356 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:20:00.0726 3356 RemoteAccess - ok
23:20:00.0747 3356 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:20:00.0752 3356 RemoteRegistry - ok
23:20:00.0783 3356 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:20:00.0786 3356 RFCOMM - ok
23:20:00.0810 3356 [ 3DCA561AAF776AA2E356FB5B142AA5F8 ] rimspci C:\Windows\system32\DRIVERS\rimspe64.sys
23:20:00.0812 3356 rimspci - ok
23:20:00.0861 3356 [ 71B48DDAF5E9C2B40E64DE5C405F5AAC ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
23:20:00.0864 3356 RimUsb - ok
23:20:00.0882 3356 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
23:20:00.0884 3356 RimVSerPort - ok
23:20:00.0911 3356 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
23:20:00.0912 3356 ROOTMODEM - ok
23:20:00.0925 3356 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:20:00.0928 3356 RpcEptMapper - ok
23:20:00.0952 3356 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:20:00.0954 3356 RpcLocator - ok
23:20:00.0984 3356 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
23:20:00.0990 3356 RpcSs - ok
23:20:01.0024 3356 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:20:01.0027 3356 rspndr - ok
23:20:01.0041 3356 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
23:20:01.0043 3356 s3cap - ok
23:20:01.0054 3356 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
23:20:01.0056 3356 SamSs - ok
23:20:01.0074 3356 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
23:20:01.0077 3356 sbp2port - ok
23:20:01.0098 3356 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:20:01.0109 3356 SCardSvr - ok
23:20:01.0126 3356 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:20:01.0128 3356 scfilter - ok
23:20:01.0177 3356 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
23:20:01.0195 3356 Schedule - ok
23:20:01.0220 3356 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:20:01.0221 3356 SCPolicySvc - ok
23:20:01.0252 3356 [ 2C8D162EFAF73ABD36D8BCBB6340CAE7 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
23:20:01.0254 3356 sdbus - ok
23:20:01.0275 3356 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:20:01.0283 3356 SDRSVC - ok
23:20:01.0315 3356 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:20:01.0322 3356 secdrv - ok
23:20:01.0334 3356 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
23:20:01.0336 3356 seclogon - ok
23:20:01.0344 3356 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
23:20:01.0347 3356 SENS - ok
23:20:01.0363 3356 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:20:01.0365 3356 SensrSvc - ok
23:20:01.0406 3356 [ 9F6490423AC3271E84A90A0DD9D30A3B ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl64.sys
23:20:01.0421 3356 Ser2pl - ok
23:20:01.0451 3356 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:20:01.0453 3356 Serenum - ok
23:20:01.0472 3356 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:20:01.0474 3356 Serial - ok
23:20:01.0496 3356 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:20:01.0498 3356 sermouse - ok
23:20:01.0529 3356 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
23:20:01.0534 3356 SessionEnv - ok
23:20:01.0567 3356 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:20:01.0568 3356 sffdisk - ok
23:20:01.0592 3356 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:20:01.0594 3356 sffp_mmc - ok
23:20:01.0609 3356 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:20:01.0618 3356 sffp_sd - ok
23:20:01.0624 3356 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:20:01.0626 3356 sfloppy - ok
23:20:01.0652 3356 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:20:01.0657 3356 ShellHWDetection - ok
23:20:01.0712 3356 [ 29E316DE2C0261C30C08F872032C53A2 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
23:20:01.0739 3356 Shockprf - ok
23:20:01.0759 3356 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:20:01.0761 3356 SiSRaid2 - ok
23:20:01.0772 3356 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:20:01.0781 3356 SiSRaid4 - ok
23:20:01.0812 3356 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:20:01.0814 3356 Smb - ok
23:20:01.0874 3356 [ C5B1A19B14F19B08AE72FCB20A3075B6 ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
23:20:01.0875 3356 smihlp - ok
23:20:01.0910 3356 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:20:01.0921 3356 SNMPTRAP - ok
23:20:01.0940 3356 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:20:01.0949 3356 spldr - ok
23:20:02.0003 3356 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
23:20:02.0022 3356 Spooler - ok
23:20:02.0147 3356 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
23:20:02.0203 3356 sppsvc - ok
23:20:02.0217 3356 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:20:02.0220 3356 sppuinotify - ok
23:20:02.0262 3356 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:20:02.0282 3356 srv - ok
23:20:02.0303 3356 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:20:02.0310 3356 srv2 - ok
23:20:02.0372 3356 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:20:02.0391 3356 SrvHsfHDA - ok
23:20:02.0437 3356 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:20:02.0459 3356 SrvHsfV92 - ok
23:20:02.0482 3356 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:20:02.0491 3356 SrvHsfWinac - ok
23:20:02.0546 3356 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:20:02.0549 3356 srvnet - ok
23:20:02.0576 3356 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:20:02.0588 3356 SSDPSRV - ok
23:20:02.0612 3356 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:20:02.0616 3356 SstpSvc - ok
23:20:02.0639 3356 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:20:02.0641 3356 stexstor - ok
23:20:02.0677 3356 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
23:20:02.0687 3356 stisvc - ok
23:20:02.0704 3356 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
23:20:02.0711 3356 storflt - ok
23:20:02.0726 3356 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
23:20:02.0746 3356 StorSvc - ok
23:20:02.0775 3356 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
23:20:02.0777 3356 storvsc - ok
23:20:02.0839 3356 [ 5E8261EDDFD7C1851B78E27705CD7F59 ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
23:20:02.0852 3356 SUService - ok
23:20:02.0876 3356 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:20:02.0877 3356 swenum - ok
23:20:02.0983 3356 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
23:20:02.0985 3356 SwitchBoard - ok
23:20:03.0037 3356 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:20:03.0056 3356 swprv - ok
23:20:03.0098 3356 [ 868DFB220A18312A12CEF01BA9AC069B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:20:03.0112 3356 SynTP - ok
23:20:03.0223 3356 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
23:20:03.0254 3356 SysMain - ok
23:20:03.0276 3356 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:20:03.0279 3356 TabletInputService - ok
23:20:03.0328 3356 [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
23:20:03.0330 3356 tap0901 - ok
23:20:03.0347 3356 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
23:20:03.0355 3356 TapiSrv - ok
23:20:03.0369 3356 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:20:03.0372 3356 TBS - ok
23:20:03.0441 3356 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:20:03.0468 3356 Tcpip - ok
23:20:03.0500 3356 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:20:03.0510 3356 TCPIP6 - ok
23:20:03.0550 3356 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:20:03.0551 3356 tcpipreg - ok
23:20:03.0575 3356 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:20:03.0576 3356 TDPIPE - ok
23:20:03.0627 3356 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:20:03.0637 3356 TDTCP - ok
23:20:03.0655 3356 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:20:03.0657 3356 tdx - ok
23:20:03.0678 3356 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:20:03.0679 3356 TermDD - ok
23:20:03.0714 3356 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
23:20:03.0723 3356 TermService - ok
23:20:03.0748 3356 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:20:03.0750 3356 Themes - ok
23:20:03.0818 3356 [ 39AC444E07FDBD8C2E8E291A65D515D3 ] ThinkVantage Registry Monitor Service C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
23:20:03.0833 3356 ThinkVantage Registry Monitor Service - ok
23:20:03.0862 3356 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:20:03.0863 3356 THREADORDER - ok
23:20:03.0872 3356 [ 8B359A7F4C715B84C76DE3C5167797C5 ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
23:20:03.0879 3356 TPDIGIMN - ok
23:20:03.0904 3356 [ 0C1C7753A5539C898ADAFFDE835DF7A8 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
23:20:03.0913 3356 TPHDEXLGSVC - ok
23:20:03.0978 3356 [ 2CF225E19490F499528B926263FE4554 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
23:20:04.0003 3356 TPHKSVC - ok
23:20:04.0034 3356 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
23:20:04.0035 3356 TPM - ok
23:20:04.0067 3356 [ 2C067E01D6BBCCC88B233B868E210907 ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
23:20:04.0068 3356 TPPWRIF - ok
23:20:04.0098 3356 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:20:04.0124 3356 TrkWks - ok
23:20:04.0165 3356 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:20:04.0168 3356 TrustedInstaller - ok
23:20:04.0186 3356 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:20:04.0188 3356 tssecsrv - ok
23:20:04.0219 3356 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:20:04.0222 3356 tunnel - ok
23:20:04.0246 3356 [ 53FF5F00EAB07E329ABE48AE3DE4F5D7 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
23:20:04.0247 3356 TurboB - ok
23:20:04.0279 3356 [ B670DF651F00194434ADC6B326743709 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
23:20:04.0282 3356 TurboBoost - ok
23:20:04.0499 3356 [ 7694DCA064D0B7E0D1A6972BB9C71B39 ] tvnserver C:\Users\User\AppData\Local\CrossLoop\tvnserver.exe
23:20:04.0512 3356 tvnserver - ok
23:20:04.0592 3356 [ 003AFB1490828615B041849ABB40EAA1 ] TVT Backup Service C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
23:20:04.0614 3356 TVT Backup Service - ok
23:20:04.0646 3356 [ 4DAAE0413CD4E816258838E2FAFB3147 ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
23:20:04.0647 3356 TVTI2C - ok
23:20:04.0665 3356 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:20:04.0667 3356 uagp35 - ok
23:20:04.0697 3356 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:20:04.0715 3356 udfs - ok
23:20:04.0753 3356 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:20:04.0762 3356 UI0Detect - ok
23:20:04.0815 3356 [ BE788A747457E6916586C410EC0111E7 ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
23:20:04.0817 3356 UleadBurningHelper - ok
23:20:04.0838 3356 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
23:20:04.0851 3356 uliagpkx - ok
23:20:04.0881 3356 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:20:04.0892 3356 umbus - ok
23:20:04.0912 3356 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:20:04.0914 3356 UmPass - ok
23:20:04.0941 3356 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
23:20:04.0946 3356 UmRdpService - ok
23:20:05.0143 3356 [ 2B971A72C0D6BD8A710E2748353773DD ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:20:05.0162 3356 UNS - ok
23:20:05.0279 3356 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:20:05.0296 3356 upnphost - ok
23:20:05.0374 3356 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
23:20:05.0383 3356 USBAAPL64 - ok
23:20:05.0445 3356 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:20:05.0448 3356 usbaudio - ok
23:20:05.0495 3356 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:20:05.0497 3356 usbccgp - ok
23:20:05.0533 3356 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
23:20:05.0542 3356 usbcir - ok
23:20:05.0574 3356 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
23:20:05.0594 3356 usbehci - ok
23:20:05.0676 3356 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:20:05.0683 3356 usbhub - ok
23:20:05.0734 3356 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:20:05.0737 3356 usbohci - ok
23:20:05.0778 3356 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:20:05.0792 3356 usbprint - ok
23:20:05.0845 3356 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:20:05.0847 3356 usbscan - ok
23:20:05.0894 3356 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:20:05.0907 3356 USBSTOR - ok
23:20:05.0975 3356 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:20:05.0989 3356 usbuhci - ok
23:20:06.0038 3356 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
23:20:06.0042 3356 usbvideo - ok
23:20:06.0089 3356 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:20:06.0092 3356 UxSms - ok
23:20:06.0114 3356 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
23:20:06.0116 3356 VaultSvc - ok
23:20:06.0140 3356 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
23:20:06.0141 3356 vdrvroot - ok
23:20:06.0188 3356 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
23:20:06.0199 3356 vds - ok
23:20:06.0218 3356 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:20:06.0220 3356 vga - ok
23:20:06.0231 3356 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:20:06.0233 3356 VgaSave - ok
23:20:06.0250 3356 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
23:20:06.0253 3356 vhdmp - ok
23:20:06.0268 3356 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
23:20:06.0269 3356 viaide - ok
23:20:06.0287 3356 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
23:20:06.0290 3356 vmbus - ok
23:20:06.0294 3356 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
23:20:06.0296 3356 VMBusHID - ok
23:20:06.0316 3356 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
23:20:06.0318 3356 volmgr - ok
23:20:06.0342 3356 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:20:06.0347 3356 volmgrx - ok
23:20:06.0365 3356 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
23:20:06.0368 3356 volsnap - ok
23:20:06.0392 3356 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:20:06.0395 3356 vsmraid - ok
23:20:06.0476 3356 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
23:20:06.0507 3356 VSS - ok
23:20:06.0522 3356 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:20:06.0527 3356 vwifibus - ok
23:20:06.0570 3356 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:20:06.0571 3356 vwififlt - ok
23:20:06.0602 3356 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:20:06.0603 3356 vwifimp - ok
23:20:06.0637 3356 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:20:06.0653 3356 W32Time - ok
23:20:06.0677 3356 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:20:06.0679 3356 WacomPen - ok
23:20:06.0811 3356 [ D70A492306861004A0DB1024CE634837 ] wampapache c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe
23:20:06.0963 3356 wampapache - ok
23:20:07.0174 3356 wampmysqld - ok
23:20:07.0277 3356 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:20:07.0291 3356 WANARP - ok
23:20:07.0302 3356 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:20:07.0304 3356 Wanarpv6 - ok
23:20:07.0569 3356 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:20:07.0771 3356 WatAdminSvc - ok
23:20:08.0086 3356 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
23:20:08.0288 3356 wbengine - ok
23:20:08.0331 3356 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:20:08.0336 3356 WbioSrvc - ok
23:20:08.0362 3356 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:20:08.0367 3356 wcncsvc - ok
23:20:08.0395 3356 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:20:08.0397 3356 WcsPlugInService - ok
23:20:08.0419 3356 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:20:08.0426 3356 Wd - ok
23:20:08.0478 3356 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
23:20:08.0484 3356 WDC_SAM - ok
23:20:08.0508 3356 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:20:08.0514 3356 Wdf01000 - ok
23:20:08.0536 3356 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:20:08.0539 3356 WdiServiceHost - ok
23:20:08.0544 3356 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:20:08.0547 3356 WdiSystemHost - ok
23:20:08.0609 3356 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
23:20:08.0630 3356 WebClient - ok
23:20:08.0651 3356 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:20:08.0660 3356 Wecsvc - ok
23:20:08.0681 3356 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:20:08.0684 3356 wercplsupport - ok
23:20:08.0719 3356 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:20:08.0724 3356 WerSvc - ok
23:20:08.0787 3356 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:20:08.0788 3356 WfpLwf - ok
23:20:08.0828 3356 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:20:08.0840 3356 WIMMount - ok
23:20:08.0886 3356 [ 1EDBBF412A382550AF6EB35F5E46928E ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
23:20:08.0894 3356 winachsf - ok
23:20:08.0904 3356 WinHttpAutoProxySvc - ok
23:20:08.0965 3356 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:20:08.0968 3356 Winmgmt - ok
23:20:09.0019 3356 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
23:20:09.0040 3356 WinRM - ok
23:20:09.0083 3356 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
23:20:09.0084 3356 WinUsb - ok
23:20:09.0108 3356 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:20:09.0118 3356 Wlansvc - ok
23:20:09.0172 3356 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:20:09.0175 3356 wlcrasvc - ok
23:20:09.0355 3356 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:20:09.0367 3356 wlidsvc - ok
23:20:09.0391 3356 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:20:09.0392 3356 WmiAcpi - ok
23:20:09.0416 3356 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:20:09.0420 3356 wmiApSrv - ok
23:20:09.0437 3356 WMPNetworkSvc - ok
23:20:09.0455 3356 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:20:09.0467 3356 WPCSvc - ok
23:20:09.0481 3356 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:20:09.0483 3356 WPDBusEnum - ok
23:20:09.0503 3356 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:20:09.0505 3356 ws2ifsl - ok
23:20:09.0508 3356 WSearch - ok
23:20:09.0522 3356 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:20:09.0528 3356 WudfPf - ok
23:20:09.0555 3356 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:20:09.0563 3356 WUDFRd - ok
23:20:09.0577 3356 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:20:09.0583 3356 wudfsvc - ok
23:20:09.0597 3356 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:20:09.0605 3356 WwanSvc - ok
23:20:09.0629 3356 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
23:20:09.0630 3356 XAudio - ok
23:20:09.0691 3356 [ F98415E5B83742C901D0A336972509A0 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
23:20:09.0704 3356 ZTEusbmdm6k - ok
23:20:09.0719 3356 [ F98415E5B83742C901D0A336972509A0 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
23:20:09.0722 3356 ZTEusbnmea - ok
23:20:09.0744 3356 [ F98415E5B83742C901D0A336972509A0 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
23:20:09.0753 3356 ZTEusbser6k - ok
23:20:09.0801 3356 ================ Scan global ===============================
23:20:09.0820 3356 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:20:09.0866 3356 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
23:20:09.0877 3356 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
23:20:09.0899 3356 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:20:09.0919 3356 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:20:09.0925 3356 [Global] - ok
23:20:09.0926 3356 ================ Scan MBR ==================================
23:20:09.0938 3356 [ 01FD54F05ABBA8E80E862C29EEF64D92 ] \Device\Harddisk0\DR0
23:20:10.0754 3356 \Device\Harddisk0\DR0 - ok
23:20:10.0760 3356 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
23:20:12.0427 3356 \Device\Harddisk1\DR1 - ok
23:20:12.0427 3356 ================ Scan VBR ==================================
23:20:12.0437 3356 [ 9D47682FDEF99529A7DCCD6F42549449 ] \Device\Harddisk0\DR0\Partition1
23:20:12.0438 3356 \Device\Harddisk0\DR0\Partition1 - ok
23:20:12.0453 3356 [ 7FB761362C5689252C5E9DAB2F6ADE3B ] \Device\Harddisk0\DR0\Partition2
23:20:12.0454 3356 \Device\Harddisk0\DR0\Partition2 - ok
23:20:12.0477 3356 [ C3A2C2FD8028906432EEC87E636DED2D ] \Device\Harddisk0\DR0\Partition3
23:20:12.0478 3356 \Device\Harddisk0\DR0\Partition3 - ok
23:20:12.0483 3356 [ 4E66AA7306A85A6EB6B7B42E555D6753 ] \Device\Harddisk1\DR1\Partition1
23:20:12.0484 3356 \Device\Harddisk1\DR1\Partition1 - ok
23:20:12.0484 3356 ============================================================
23:20:12.0484 3356 Scan finished
23:20:12.0484 3356 ============================================================
23:20:12.0493 3644 Detected object count: 0
23:20:12.0493 3644 Actual detected object count: 0

Sal Pennah · Sep 11, 2012

RKREPORT

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

[FONT=mceinline]Operating System: Windows 7 (6.1.7600 ) 64 bits version[/FONT]
[FONT=mceinline]Started in : Normal mode[/FONT]
[FONT=mceinline]User : User [Admin rights][/FONT]
[FONT=mceinline]Mode : Scan -- Date : 09/11/2012 23:23:27[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]¤¤¤ Bad processes : 2 ¤¤¤[/FONT]
[FONT=mceinline][SUSP PATH] CrossLoopService.exe -- C:\Users\User\AppData\Local\CrossLoop\CrossLoopService.exe -> KILLED [TermProc][/FONT]
[FONT=mceinline][SUSP PATH] TDSSKiller.exe -- C:\Users\User\Desktop\TDSSKiller.exe -> KILLED [TermProc][/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]¤¤¤ Registry Entries : 10 ¤¤¤[/FONT]
[FONT=mceinline][HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND[/FONT]
[FONT=mceinline][HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[/FONT]
[FONT=mceinline][HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND[/FONT]
[FONT=mceinline][HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND[/FONT]
[FONT=mceinline][HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND[/FONT]
[FONT=mceinline][HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[/FONT]
[FONT=mceinline][HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[/FONT]
[FONT=mceinline][HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[/FONT]
[FONT=mceinline][HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[/FONT]
[FONT=mceinline][HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-2599837038-3619574724-1502302346-1002\$0777cfe37d3bfd5a401954926157210b\n.) -> FOUND[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]¤¤¤ Particular Files / Folders: ¤¤¤[/FONT]
[FONT=mceinline][ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2599837038-3619574724-1502302346-1002\$0777cfe37d3bfd5a401954926157210b\@ --> FOUND[/FONT]
[FONT=mceinline][ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-2599837038-3619574724-1502302346-1002\$0777cfe37d3bfd5a401954926157210b\U --> FOUND[/FONT]
[FONT=mceinline][ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-2599837038-3619574724-1502302346-1002\$0777cfe37d3bfd5a401954926157210b\L --> FOUND[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]¤¤¤ Driver : [NOT LOADED] ¤¤¤[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]¤¤¤ Infection : ZeroAccess ¤¤¤[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]¤¤¤ HOSTS File: ¤¤¤[/FONT]
[FONT=mceinline]--> C:\Windows\system32\drivers\etc\hosts[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]127.0.0.1 localhost[/FONT]
[FONT=mceinline]127.0.0.1 activate.adobe.com[/FONT]
[FONT=mceinline]127.0.0.1 practivate.adobe.com[/FONT]
[FONT=mceinline]127.0.0.1 ereg.adobe.com[/FONT]
[FONT=mceinline]127.0.0.1 activate.wip3.adobe.com[/FONT]
[FONT=mceinline]127.0.0.1 wip3.adobe.com[/FONT]
[FONT=mceinline]127.0.0.1 3dns-3.adobe.com[/FONT]
[FONT=mceinline]127.0.0.1 3dns-2.adobe.com[/FONT]
[FONT=mceinline]127.0.0.1 adobe-dns.adobe.com[/FONT]
[FONT=mceinline]127.0.0.1 adobe-dns-2.adobe.com[/FONT]
[FONT=mceinline]127.0.0.1 adobe-dns-3.adobe.com[/FONT]
[FONT=mceinline]127.0.0.1 ereg.wip3.adobe.com[/FONT]
[FONT=mceinline]127.0.0.1 activate-sea.adobe.com[/FONT]
[FONT=mceinline]127.0.0.1 wwis-dubc1-vip60.adobe.com[/FONT]
[FONT=mceinline]127.0.0.1 activate-sjc0.adobe.com[/FONT]
[FONT=mceinline]127.0.0.1 adobe.activate.com[/FONT]
[FONT=mceinline]127.0.0.1 adobeereg.com[/FONT]
[FONT=mceinline]127.0.0.1 www.adobeereg.com[/FONT]
[FONT=mceinline]127.0.0.1 wwis-dubc1-vip60.adobe.com[/FONT]
[FONT=mceinline]127.0.0.1 125.252.224.90[/FONT]
[FONT=mceinline][...][/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]¤¤¤ MBR Check: ¤¤¤[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]+++++ PhysicalDrive0: HITACHI HTS725050A9A364 +++++[/FONT]
[FONT=mceinline]--- User ---[/FONT]
[FONT=mceinline][MBR] 82655e268afd6d8aafc5747fb0de7178[/FONT]
[FONT=mceinline][BSP] e555f74de1044e9b630ad276d8f80ddf : Lenovo tatooed MBR Code[/FONT]
[FONT=mceinline]Partition table:[/FONT]
[FONT=mceinline]0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo[/FONT]
[FONT=mceinline]1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 Mo[/FONT]
[FONT=mceinline]2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo[/FONT]
[FONT=mceinline]User = LL1 ... OK![/FONT]
[FONT=mceinline]User = LL2 ... OK![/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]+++++ PhysicalDrive1: Kingston DT 101 G2 USB Device +++++[/FONT]
[FONT=mceinline]--- User ---[/FONT]
[FONT=mceinline][MBR] 92f22f2abb5bb3a0cdc0f7a9ab8f8508[/FONT]
[FONT=mceinline][BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code[/FONT]
[FONT=mceinline]Partition table:[/FONT]
[FONT=mceinline]0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8064 | Size: 7381 Mo[/FONT]
[FONT=mceinline]User = LL1 ... OK![/FONT]
[FONT=mceinline]Error reading LL2 MBR![/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]Finished : << RKreport[1].txt >>[/FONT]
[FONT=mceinline]RKreport[1].txt[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline][/FONT]

Sal Pennah · Sep 11, 2012

The aswMBR is taking a lot longer. I will report that when it is done. It has been a good 10 minutes and it says "Scanning: file_path". Guessing this one takes a while?

How many more steps do you think there are to completing this? I appreciate your help so much as I know that this is something that you're doing out of the goodness of your own heart. I appreciate it 10 fold!

Broni · Sep 12, 2012

I still need Fixlog.txt log.

Sal Pennah · Sep 12, 2012

The aswMBR has been frozen for a while. It actually crashed once and restarted my computer. I did not see it crash, so I'm not sure if it was an autoupdate or possibly a bluescreen.

Below is Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-09-2012 01
Ran by SYSTEM at 2012-09-11 23:16:49 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_USERS\Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\Default\...\RunOnce: [] [x] Value not found.
HKEY_USERS\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\Default User\...\RunOnce: [] [x] Value not found.
HKEY_USERS\postgres\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\postgres\...\RunOnce: [] [x] Value not found.
HKEY_USERS\QBDataServiceUser19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\QBDataServiceUser19\...\RunOnce: [] [x] Value not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully .
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}] should be deleted in normal mode (if present).
C:\$Recycle.Bin\S-1-5-18\$0777cfe37d3bfd5a401954926157210b moved successfully.

==== End of Fixlog ====

Broni · Sep 12, 2012

Try to run aswMBR from safe mode.

Sal Pennah · Sep 12, 2012

Finally it finished!

aswMBR file

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-12 00:01:52
-----------------------------
00:01:52.388 OS Version: Windows x64 6.1.7600
00:01:52.388 Number of processors: 4 586 0x2505
00:01:52.389 ComputerName: USER-THINK UserName: User
00:02:01.127 Initialize success
00:02:11.163 AVAST engine defs: 12091101
00:02:14.853 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:02:14.855 Disk 0 Vendor: HITACHI_ PC4Z Size: 476940MB BusType: 3
00:02:14.868 Disk 0 MBR read successfully
00:02:14.870 Disk 0 MBR scan
00:02:14.874 Disk 0 unknown MBR code
00:02:14.892 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
00:02:14.907 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465737 MB offset 2459648
00:02:14.940 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072
00:02:14.981 Disk 0 scanning C:\Windows\system32\drivers
00:02:26.460 Service scanning
00:03:12.218 Modules scanning
00:03:12.225 Disk 0 trace - called modules:
00:03:12.299 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
00:03:12.304 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cc2060]
00:03:12.309 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa8004a37e40]
00:03:12.314 5 ACPI.sys[fffff88000ee4769] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a3a050]
00:03:14.143 AVAST engine scan C:\Windows
00:03:18.002 AVAST engine scan C:\Windows\system32
00:08:56.409 AVAST engine scan C:\Windows\system32\drivers
00:09:16.311 AVAST engine scan C:\Users\User
02:03:45.151 AVAST engine scan C:\ProgramData
02:11:49.789 Scan finished successfully
09:20:12.842 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:20:12.851 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

Broni · Sep 12, 2012

Looks good

How is computer doing?

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Sal Pennah · Sep 12, 2012

Hi Broni,

Good to hear from you again. I am still getting random popups from ad.xertive.com randomly when I click inside my window for Google Chrome. Here are the logs as requested....

OTL logfile created on: 9/12/2012 8:25:05 PM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\User\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 63.37% Memory free
7.60 Gb Paging File | 5.30 Gb Available in Paging File | 69.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.82 Gb Total Space | 226.11 Gb Free Space | 49.71% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 2.03 Gb Free Space | 20.76% Space Free | Partition Type: NTFS

Computer Name: USER-THINK | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/12 20:19:16 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011/08/10 16:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
PRC - [2011/02/18 17:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/11/27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/09/17 21:52:56 | 000,402,792 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2010/09/17 21:51:10 | 000,357,736 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2010/09/17 21:50:54 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2010/09/17 21:50:48 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2010/08/17 19:26:38 | 000,560,848 | ---- | M] (CrossLoop Inc) -- C:\Users\User\AppData\Local\CrossLoop\CrossLoopService.exe
PRC - [2010/07/30 03:07:50 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2010/07/27 17:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2010/07/27 17:51:54 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2010/07/27 17:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/07/27 04:05:02 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/06/28 02:58:18 | 001,616,488 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/05/02 23:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/05/02 23:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/04/26 00:46:34 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2010/04/07 01:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010/04/07 01:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/04/06 23:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/04/01 01:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010/01/24 23:25:14 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/12/10 04:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009/12/10 04:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009/11/24 00:51:20 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/08/28 18:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/08/26 19:32:16 | 000,816,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exe
PRC - [2009/07/27 21:57:50 | 000,131,072 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2010\QBDBMgrN.exe
PRC - [2009/07/13 21:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/05/28 02:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/03/05 03:28:28 | 000,059,760 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2008/12/02 17:19:34 | 000,091,648 | ---- | M] () -- C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
PRC - [2008/01/10 16:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\User\AppData\Roaming\Google\Google Talk\googletalk.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/05/28 02:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2008/12/02 17:19:34 | 000,091,648 | ---- | M] () -- C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe

========== Services (SafeList) ==========

SRV:64bit: - [2012/08/23 11:57:48 | 000,502,064 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/05/25 17:13:54 | 000,162,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/05/25 16:59:02 | 000,210,616 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/05/25 16:58:32 | 000,199,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/12/17 14:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/17 14:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/27 17:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2010/07/27 17:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2010/06/16 17:44:38 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/04/07 01:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2010/04/07 01:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2010/04/06 23:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2009/11/18 01:04:24 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009/09/29 21:25:48 | 000,126,392 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/11 05:10:03 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/08/10 16:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe -- (NSL)
SRV - [2011/02/18 17:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/11/24 15:00:16 | 007,669,760 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.53\bin\mysqld.exe -- (wampmysqld)
SRV - [2010/10/24 13:34:38 | 000,021,504 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe -- (wampapache)
SRV - [2010/09/17 21:50:54 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2010/09/17 21:50:48 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/08/24 14:30:00 | 000,164,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2010/08/24 14:30:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010/08/17 19:26:38 | 000,560,848 | ---- | M] (CrossLoop Inc) [Auto | Running] -- C:\Users\User\AppData\Local\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/07/21 08:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Users\User\AppData\Local\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/06/28 02:58:18 | 001,616,488 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/05/02 23:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/05/02 23:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/24 23:25:14 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/12/10 04:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009/08/28 18:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/07/27 21:57:50 | 000,131,072 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Intuit\QuickBooks 2010\QBDBMgrN.exe -- (QuickBooksDB19)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/28 22:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/11/18 16:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/10 16:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/12/15 13:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/08/08 19:38:05 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\0200000.010\ccSetx64.sys -- (ccSet_NST)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/01/28 00:19:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2011/01/27 23:32:05 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2010/12/21 09:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/11/11 21:34:44 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020101}_0)
DRV:64bit: - [2010/08/29 15:17:36 | 000,289,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/08/25 12:46:18 | 000,682,624 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/08/24 23:36:02 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/24 14:30:00 | 000,030,320 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2010/08/24 14:30:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2010/06/22 02:37:38 | 000,295,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2010/06/16 17:44:38 | 000,136,816 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2010/06/16 17:44:38 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010/04/22 04:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/12 18:21:52 | 000,097,280 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2010/03/03 06:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 03:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/12/14 21:09:08 | 000,163,072 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2009/11/18 01:04:04 | 000,032,880 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009/10/26 01:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/09/29 21:25:50 | 000,012,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/27 11:48:50 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009/09/27 11:31:28 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/09/27 11:31:26 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/09/27 11:31:08 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/09/24 07:58:38 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/01 22:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/06/30 00:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/06/30 00:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/06/29 23:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/28 22:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/03/13 18:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/12 05:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {350C84B1-338C-4295-BA9C-1D676E4D2FB6}
IE:64bit: - HKLM\..\SearchScopes\{350C84B1-338C-4295-BA9C-1D676E4D2FB6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {11848098-7B21-4510-A82C-64E6A28F8D43}
IE - HKLM\..\SearchScopes\{11848098-7B21-4510-A82C-64E6A28F8D43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2599837038-3619574724-1502302346-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKU\S-1-5-21-2599837038-3619574724-1502302346-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2599837038-3619574724-1502302346-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2599837038-3619574724-1502302346-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2599837038-3619574724-1502302346-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2599837038-3619574724-1502302346-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKU\S-1-5-21-2599837038-3619574724-1502302346-1002\..\SearchScopes,DefaultScope = {350C84B1-338C-4295-BA9C-1D676E4D2FB6}
IE - HKU\S-1-5-21-2599837038-3619574724-1502302346-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2599837038-3619574724-1502302346-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

Sal Pennah · Sep 12, 2012

Continuation of OTL.txt

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: fox@replace.fx:0.13.3
FF - prefs.js..extensions.enabledAddons: seo4firefox@seobook.com:3.6.5
FF - prefs.js..extensions.enabledAddons: seotoolbar@seobook.com:1.1.36
FF - prefs.js..extensions.enabledAddons: sm@submitter.net:1.0
FF - prefs.js..extensions.enabledAddons: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.5.0.4
FF - prefs.js..extensions.enabledAddons: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:13.0.0
FF - prefs.js..extensions.enabledAddons: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.17
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.0
FF - prefs.js..extensions.enabledAddons: autoreload@yz.com:1.13
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: seotoolbar@seobook.com:1.1.3
FF - prefs.js..extensions.enabledItems: seo4firefox@seobook.com:3.4.2
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.backup.ftp: "222.165.130.82"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.socks: "222.165.130.82"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "222.165.130.82"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/02/02 21:49:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\ [2012/09/12 10:24:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/09/11 10:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/09/10 22:39:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/11 05:10:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/16 14:12:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension [2011/01/28 00:03:39 | 000,000,000 | ---D | M]

[2011/02/02 20:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2012/09/05 21:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1iqfgxhs.default\extensions
[2012/08/02 17:51:27 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1iqfgxhs.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/05/16 13:15:15 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1iqfgxhs.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2012/09/05 21:13:11 | 000,023,140 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1iqfgxhs.default\extensions\autoreload@yz.com.xpi
[2012/09/01 00:27:15 | 001,625,368 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1iqfgxhs.default\extensions\firebug@software.joehewitt.com.xpi
[2012/08/31 22:26:35 | 000,238,009 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1iqfgxhs.default\extensions\fox@replace.fx.xpi
[2012/08/08 13:25:45 | 000,087,184 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1iqfgxhs.default\extensions\seo4firefox@seobook.com.xpi
[2012/08/02 17:51:25 | 000,221,589 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1iqfgxhs.default\extensions\seotoolbar@seobook.com.xpi
[2011/05/03 19:06:18 | 000,020,044 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1iqfgxhs.default\extensions\sm@submitter.net.xpi
[2012/06/04 11:33:36 | 000,030,312 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1iqfgxhs.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2012/08/27 13:42:34 | 000,270,021 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1iqfgxhs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/05/05 12:05:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/11 05:10:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:08:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2010/03/27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/08 06:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files (x86)\mozilla firefox\plugins\npmidas.dll
[2012/08/31 22:26:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/31 22:26:32 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmidas.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Click 2 Save = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahllmicjfilnopfmpmokidfabdacfkpi\1.1_0\
CHR - Extension: Angry Birds = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: SiteAdvisor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: PageSpeed Insights (by Google) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli\2.0.2.0_0\
CHR - Extension: Enhance Views Auto-Watch = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipohphkfcbeoiojnnpplnjmajbcnilof\0.7_0\
CHR - Extension: Click 2 Save = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kobefgncomcambiloeiedmmmpgnljeem\1.1_0\
CHR - Extension: RSS Feed Reader = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\3.3.9_0\

O1 HOSTS File: ([2011/07/16 16:51:20 | 000,001,569 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120910195501.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120910195502.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe ()
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2599837038-3619574724-1502302346-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2599837038-3619574724-1502302346-1002..\Run: [googletalk] C:\Users\User\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-2599837038-3619574724-1502302346-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2599837038-3619574724-1502302346-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2599837038-3619574724-1502302346-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2599837038-3619574724-1502302346-1004..\RunOnce: [] File not found
O4 - HKU\S-1-5-21-2599837038-3619574724-1502302346-1004..\RunOnce: [Lenovoautoqdrive] C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe ()
O4 - HKU\S-1-5-21-2599837038-3619574724-1502302346-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2599837038-3619574724-1502302346-1005..\RunOnce: [] File not found
O4 - HKU\S-1-5-21-2599837038-3619574724-1502302346-1005..\RunOnce: [Lenovoautoqdrive] C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe ()
O4 - HKU\S-1-5-21-2599837038-3619574724-1502302346-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DA885D4-EDF1-4C58-9165-944537E409B2}: DhcpNameServer = 64.71.255.198 64.71.255.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0A41E55-7780-4E83-88F8-FE9928C2292A}: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F11D77F5-D788-4787-9466-E0E675062D65}: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7643DDD-2053-4BEE-B414-755D7DE7257F}: DhcpNameServer = 8.8.8.8 4.2.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{6e8e9b6b-2839-11e1-82f0-95b9fda48f27}\Shell - "" = AutoRun
O33 - MountPoints2\{6e8e9b6b-2839-11e1-82f0-95b9fda48f27}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{73107598-2a8e-11e0-ba44-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{73107598-2a8e-11e0-ba44-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 17:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/12 20:19:11 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/09/12 20:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/09/12 10:35:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{50BF63E3-8F79-426A-80B9-BB04AF9A04FF}
[2012/09/12 01:31:12 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/12 00:00:08 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/09/11 23:25:27 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2012/09/11 23:21:39 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\RK_Quarantine
[2012/09/11 22:34:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A28219C4-E02E-4767-8D87-8326FB3A1765}
[2012/09/11 18:20:14 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\AV Software
[2012/09/11 15:16:21 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\SEO Tools
[2012/09/11 15:03:46 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\SMOH
[2012/09/11 13:55:29 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Web Projects
[2012/09/11 10:58:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012/09/11 10:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/11 10:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/11 10:57:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/11 10:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/11 10:55:21 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Desktop Backup
[2012/09/11 10:34:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EF12762E-9422-4FE0-8178-EDE853B10593}
[2012/09/11 10:14:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2789CC6C-A461-4D3C-84DA-3A297AA9F2D1}
[2012/09/10 19:47:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SiteAdvisor
[2012/09/10 19:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
[2012/09/10 19:45:21 | 000,010,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
[2012/09/10 19:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2012/09/10 19:45:19 | 000,162,224 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2012/09/10 19:45:17 | 000,647,208 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
[2012/09/10 19:45:17 | 000,487,296 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
[2012/09/10 19:45:17 | 000,289,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
[2012/09/10 19:45:17 | 000,229,528 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2012/09/10 19:45:17 | 000,160,792 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeapfk.sys
[2012/09/10 19:45:17 | 000,100,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2012/09/10 19:45:17 | 000,075,936 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfenlfk.sys
[2012/09/10 19:45:16 | 000,065,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
[2012/09/10 19:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2012/09/10 19:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2012/09/10 19:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012/09/10 19:44:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2012/09/10 19:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/09/07 18:56:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BE166267-F768-4E66-96D7-210E997A30A4}
[2012/09/07 16:59:28 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/09/07 14:18:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AD366A27-5559-468C-AF0D-09C9771C56CC}
[2012/09/06 20:19:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A13E4F86-B8CB-468F-BFE1-E3D62019926B}
[2012/09/06 12:24:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1EBB6398-F7FE-456D-9555-8C3B9C059F06}
[2012/08/31 22:15:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4087D341-16A9-4BA9-8FB4-9F6FED077FED}
[2012/08/31 12:38:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CB3DD80A-5162-476D-9F15-F3E0668F58AE}
[2012/08/30 23:41:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{28AB2F5E-324F-4FCC-BE4B-D6A45FB00BF1}
[2012/08/30 15:47:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C859F252-107F-4E35-8985-0983601DFA65}
[2012/08/29 21:52:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A7F7B8BE-4357-4370-8CD2-C74DE695EDAF}
[2012/08/29 13:26:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{28005105-3CC1-480E-A104-E58F240CFF39}
[2012/08/28 23:27:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CBB301F5-0914-44B4-8087-CFFAB6148CDF}
[2012/08/27 12:36:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7A1991B9-63B2-4D55-AE57-7FAD051D4D07}
[2012/08/25 17:27:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{14821B7F-AB9B-4E05-A59E-2C3D38DDA233}
[2012/08/24 13:28:40 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\TDSSKiller.exe
[2012/08/23 17:38:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C1E8FDAC-D2FA-4514-87CF-74A710F32024}
[2012/08/23 11:49:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{97EF6901-489A-454F-ACD3-2B5D130A8FAE}
[2012/08/22 14:59:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7B7C1F95-D0EB-4321-A2F6-CCB2BD2456BA}
[2012/08/21 22:14:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0B2475D9-F5E1-4CCD-94E5-65AA8861B4F4}
[2012/08/20 17:00:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9544AA04-8612-417E-BBC6-AE54104630BF}
[2012/08/20 10:22:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A77CBF22-9996-43C9-A344-A77A11C12DC6}
[2012/08/19 21:21:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D5686E41-96BC-493A-B27C-EC7544CC58E1}
[2012/08/17 14:17:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A7D89F9B-6D18-42B6-B375-1642DFB3C772}
[2012/08/17 14:17:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FB3B87CB-BAB4-4D6A-90A3-E777E33DF8B5}
[2012/08/17 11:20:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{14D0C7C2-A0B3-43FB-B421-3A70D5BF890B}
[2012/08/16 11:09:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{827D84DB-0FC3-464C-B034-3A8EBA95225D}
[2012/08/15 16:08:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{05AFB277-63AE-41BD-AE57-CD38E91F4300}
[2012/08/15 08:48:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{20289C5A-67A0-471A-AE63-F288F3429D44}
[2012/08/14 17:45:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E30AB018-91C7-4237-ABD5-0860066A4441}
[2012/08/14 17:45:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{79B93C8E-C619-46A7-81A3-2581FFE853FE}
[2012/08/13 22:10:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9BE38BBF-301C-4846-B8DC-67BDB8B68F01}
[2012/08/13 22:09:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6F787983-CF1E-4726-89E4-63366F6BAF3F}
[2011/12/15 15:54:32 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvbvm60.dll
[2011/12/15 15:54:32 | 001,077,336 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\mscomctl.ocx
[2011/12/15 15:54:32 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\oleaut32.dll
[2011/12/15 15:54:32 | 000,545,280 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\hhctrl.ocx
[2011/12/15 15:54:32 | 000,422,848 | ---- | C] (VideoSoft) -- C:\Program Files (x86)\vsflex7l.ocx
[2011/12/15 15:54:32 | 000,353,864 | ---- | C] (Catalyst Development Corporation) -- C:\Program Files (x86)\cswskax6.ocx
[2011/12/15 15:54:32 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\comdlg32.ocx
[2011/12/15 15:54:32 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\olepro32.dll
[2011/12/15 15:54:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\asycfilt.dll
[2011/12/15 15:54:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\stdole2.tlb
[2011/12/15 15:54:32 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\comcat.dll

========== Files - Modified Within 30 Days ==========

[2012/09/12 20:41:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/09/12 20:41:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/09/12 20:21:13 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2599837038-3619574724-1502302346-1002UA.job
[2012/09/12 20:19:16 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/09/12 20:02:16 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2012/09/12 18:42:13 | 000,244,729 | ---- | M] () -- C:\Users\User\Desktop\bb.png
[2012/09/12 16:17:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/12 10:31:11 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/12 10:31:11 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/12 10:23:32 | 3060,535,296 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/12 09:20:12 | 000,000,512 | ---- | M] () -- C:\Users\User\Desktop\MBR.dat
[2012/09/12 00:00:04 | 640,781,351 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/11 23:25:46 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2012/09/11 23:14:17 | 001,378,816 | ---- | M] () -- C:\Users\User\Desktop\RogueKiller.exe
[2012/09/11 23:13:11 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\TDSSKiller.exe
[2012/09/11 22:02:45 | 000,726,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/11 22:02:45 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/11 22:02:45 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/11 15:53:14 | 000,001,456 | ---- | M] () -- C:\Users\User\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/09/11 10:57:58 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/11 05:10:11 | 000,002,059 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/10 21:21:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2599837038-3619574724-1502302346-1002Core.job
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/20 21:06:36 | 000,029,530 | ---- | M] () -- C:\Users\User\Desktop\saa.jpg
[2012/08/15 10:07:10 | 000,001,333 | ---- | M] () -- C:\Users\User\Desktop\index.html
[2012/08/15 08:45:46 | 005,014,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/09/12 18:42:19 | 000,244,729 | ---- | C] () -- C:\Users\User\Desktop\bb.png
[2012/09/12 09:20:12 | 000,000,512 | ---- | C] () -- C:\Users\User\Desktop\MBR.dat
[2012/09/12 00:00:04 | 640,781,351 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/09/11 23:14:15 | 001,378,816 | ---- | C] () -- C:\Users\User\Desktop\RogueKiller.exe
[2012/09/11 10:57:58 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/10 22:49:39 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2012/08/20 21:06:40 | 000,029,530 | ---- | C] () -- C:\Users\User\Desktop\saa.jpg
[2012/03/11 02:53:52 | 000,000,745 | ---- | C] () -- C:\Windows\WinRos.ini
[2011/12/15 15:54:32 | 000,643,072 | ---- | C] () -- C:\Program Files (x86)\ECLActiveX.ocx
[2011/09/28 17:01:09 | 000,000,600 | ---- | C] () -- C:\Users\User\AppData\Local\PUTTY.RND
[2011/08/30 02:39:19 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/08/20 17:08:44 | 000,000,031 | ---- | C] () -- C:\Users\User\AppData\Roaming\Days5.ini
[2011/07/31 14:40:33 | 000,009,216 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/16 18:09:34 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2011/04/06 15:09:15 | 000,000,132 | ---- | C] () -- C:\Users\User\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/02/25 13:31:07 | 000,004,997 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2011/02/25 13:26:27 | 000,000,045 | ---- | C] () -- C:\Users\User\AppData\Local\machpro.dat
[2011/02/03 15:04:33 | 000,001,456 | ---- | C] () -- C:\Users\User\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/01/27 23:36:25 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/01/27 23:36:25 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/01/27 23:36:25 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/01/27 23:36:25 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/01/27 23:36:24 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

========== LOP Check ==========

[2011/02/05 13:34:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BMD12345
[2012/07/31 18:23:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canon
[2011/02/02 21:04:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2011/02/02 21:34:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Pro
[2011/11/14 21:40:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DancinDogg Golf
[2012/07/07 16:59:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla
[2012/03/11 02:53:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Interactive Data
[2012/02/06 15:54:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Kayako
[2011/02/03 09:59:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Lenovo
[2011/04/17 13:49:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera
[2011/11/14 21:45:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OptiShot
[2011/07/31 13:50:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Research In Motion
[2011/07/03 13:21:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\To-Do DeskList
[2012/05/17 01:04:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ulead Systems
[2011/04/25 15:09:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Update
[2012/09/10 22:38:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2012/09/12 20:41:00 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/05/27 01:41:44 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/12 20:41:00 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========

< End of report >

Sal Pennah · Sep 12, 2012

Extras.txt

OTL Extras logfile created on: 9/12/2012 8:25:05 PM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\User\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 63.37% Memory free
7.60 Gb Paging File | 5.30 Gb Available in Paging File | 69.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.82 Gb Total Space | 226.11 Gb Free Space | 49.71% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 2.03 Gb Free Space | 20.76% Space Free | Partition Type: NTFS

Computer Name: USER-THINK | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B976837-CE63-4FC2-AEA9-B6103457B3DA}" = eSignal
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi Software
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{3FD730D4-755F-439B-8082-B55E00924A44}" = Client Security - Password Manager
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{55CEDC7F-3965-47C0-AC71-40AAA418B6A5}" = ThinkVantage Fingerprint Software
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D00E997B-D651-4ec9-B02A-BC8F867CA98C}" = Canon MF4500 Series
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"114EB224AD576F278686036AA9E1EFB7847E3935" = Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
"30A4777E896192B8D398199AE1AB235B69BAB26D" = Windows Driver Package - Intel (HECIx64) System (09/17/2009 6.0.0.1179)
"3C4C8BB88656F616D170176E1905526541B60FDF" = Windows Driver Package - Intel (e1kexpress) Net (06/22/2010 11.5.10.1012)
"50BEEEA1F00D30E432867EA15672212B3FB5740E" = Windows Driver Package - Synaptics (SynTP) Mouse (04/22/2010 15.0.18.0)
"573C3C32A1DB5625CA00E633E584E8A0E6383672" = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)
"A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1" = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF" = Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07)
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"WinRAR archiver" = WinRAR 4.00 beta 5 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.06.02.02
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26
"{27BB10F8-E4F7-379C-0BE7-40A01F654A80}" = Unlock App®
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D57FB4E-6277-4A6D-8739-304C38051B89}" = Jitbit Macro Recorder LITE
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{4330AAE7-1893-42F9-BC38-539A1A60530B}" = Mobile Broadband
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5D68E3-CFE0-4235-9796-C2F60E1A8A84}" = TableNinja
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf11
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{878960F6-4636-42EB-B755-6BCC24FD781B}" = OneNote Word Count
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Rogers Connection Manager
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.1.0.19
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DAC0B889-5359-4FDC-893A-2B8EF6B71B6F}" = SIM MAX
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2B53C96-C9FC-4FC3-8324-1BCE50DEA7E7}" = QuickBooks
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB61B60D-1443-41FA-BBD7-BCD8217551B7}" = QuickBooks Premier Edition 2010
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7620-0758-4357-2556" = Woopra 1.4
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"BMD12345" = Unlock App®
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CrossLoop_is1" = CrossLoop 2.74
"Diagram Designer" = Diagram Designer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.5.3
"INGVCOMM&0B00&3070" = Ingenico CP210x USB to UART Bridge (Driver Removal)
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"king.com" = king.com (remove only)
"Lenovo Welcome_is1" = Lenovo Welcome
"LiveResponse" = Kayako Desktop
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Total Protection
"NST" = Norton Safe Web Lite
"NVIDIA.Updatus" = NVIDIA Updatus
"Opera 11.10.2092" = Opera 11.10
"Picture Resize Genius_is1" = Picture Resize Genius 3.0
"PKR" = PKR
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"To-Do DeskList_is1" = To-Do DeskList 1.7
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"WampServer 2_is1" = WampServer 2.1
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2599837038-3619574724-1502302346-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/31/2012 3:31:20 PM | Computer Name = User-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/31/2012 3:31:20 PM | Computer Name = User-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12012

Error - 7/31/2012 3:31:20 PM | Computer Name = User-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12012

Error - 7/31/2012 3:31:21 PM | Computer Name = User-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/31/2012 3:31:21 PM | Computer Name = User-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13026

Error - 7/31/2012 3:31:21 PM | Computer Name = User-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13026

Error - 7/31/2012 3:31:22 PM | Computer Name = User-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/31/2012 3:31:22 PM | Computer Name = User-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14025

Error - 7/31/2012 3:31:22 PM | Computer Name = User-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14025

Error - 7/31/2012 3:31:23 PM | Computer Name = User-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ Lenovo-Message Center Plus/Admin Events ]
Error - 10/7/2011 12:41:39 PM | Computer Name = User-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\stb_portal.asp
does not have a Lenovo Digital Signature. The file will be deleted

Error - 10/12/2011 12:57:21 PM | Computer Name = User-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\stb_portal.asp
does not have a Lenovo Digital Signature. The file will be deleted

Error - 12/21/2011 6:13:09 PM | Computer Name = User-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.html
does not have a Lenovo Digital Signature. The file will be deleted

Error - 12/26/2011 8:13:59 PM | Computer Name = User-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.html
does not have a Lenovo Digital Signature. The file will be deleted

Error - 2/2/2012 9:13:32 PM | Computer Name = User-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\stb_portal.asp
does not have a Lenovo Digital Signature. The file will be deleted

Error - 5/24/2012 7:01:47 AM | Computer Name = User-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 7/20/2012 8:20:50 AM | Computer Name = User-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
does not have a Lenovo Digital Signature. The file will be deleted

Error - 8/1/2012 12:59:33 PM | Computer Name = User-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\Intercept
does not have a Lenovo Digital Signature. The file will be deleted

Error - 8/10/2012 12:42:33 PM | Computer Name = User-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\Intercept
does not have a Lenovo Digital Signature. The file will be deleted

Error - 8/14/2012 10:58:10 AM | Computer Name = User-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\Intercept
does not have a Lenovo Digital Signature. The file will be deleted

[ OSession Events ]
Error - 11/26/2011 12:32:00 PM | Computer Name = User-THINK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1226
seconds with 240 seconds of active time. This session ended with a crash.

Error - 11/26/2011 12:33:19 PM | Computer Name = User-THINK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 69
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/12/2012 10:23:50 AM | Computer Name = User-THINK | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 9/12/2012 10:23:51 AM | Computer Name = User-THINK | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 9/12/2012 10:23:54 AM | Computer Name = User-THINK | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 9/12/2012 10:23:58 AM | Computer Name = User-THINK | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 9/12/2012 10:26:13 AM | Computer Name = User-THINK | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 9/12/2012 10:26:13 AM | Computer Name = User-THINK | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 9/12/2012 1:12:16 PM | Computer Name = User-THINK | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 9/12/2012 1:12:16 PM | Computer Name = User-THINK | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 9/12/2012 4:18:05 PM | Computer Name = User-THINK | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 9/12/2012 4:18:05 PM | Computer Name = User-THINK | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

< End of report >

Sal Pennah · Sep 12, 2012

I think I may have found the problem. I believe it was in the Google Chrome extensions - an extension called "click 2 save". Not sure how it got there, but it has been deleted.

Please let me know if the log files look clean.

Inactive [A] Tons of viruses. Help! trojan.zeroaccess

Posts: 22 +0

Posts: 22 +0

Posts: 56,041 +517

Posts: 22 +0

Posts: 22 +0

Posts: 56,041 +517

Posts: 22 +0

Posts: 56,041 +517

Posts: 22 +0

Posts: 56,041 +517

Posts: 22 +0

Posts: 56,041 +517

Attachments

Posts: 22 +0

Posts: 22 +0

Posts: 22 +0

Posts: 22 +0

Posts: 56,041 +517

Posts: 22 +0

Posts: 56,041 +517

Posts: 22 +0

Posts: 56,041 +517

Posts: 22 +0

Posts: 22 +0

Posts: 22 +0

Posts: 22 +0

Similar threads