Solved Homepage keeps changing

marimo727

Posts: 30   +0
Hi, my homepage on firefox keeps changing. My wireless connection sometimes doesn't work unless I restart the computer, but that's only when I'm at school, so I don't know if the issue is solely with my laptop or not (started happening more frequently recently, though). I've also noticed that my laptop has been getting slower to work, so all of this together made me worry about viruses... And thus I came here.

I did the 5 step thing. Uhm. I hope I'm doing this right... and I have MSE on my computer.

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.03.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ayi490 :: AYI490-PC [administrator]

03-Oct-12 3:19:24 PM
mbam-log-2012-10-03 (15-19-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241708
Time elapsed: 6 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-03 16:23:14
Windows 6.1.7601 Service Pack 1
Running: 0c8dv7pi.exe


---- Files - GMER 1.0.15 ----

File C:\Users\Student\AppData\Roaming\systemfl.$dk 990 bytes
File C:\Windows\SysWOW64\sys_drv_2.dat 5020 bytes
File C:\Windows\SysWOW64\WinFLdrv.sys 21888 bytes executable <-- ROOTKIT !!!

---- Services - GMER 1.0.15 ----

Service C:\Windows\SysWOW64\WinFLdrv.sys [AUTO] WinFLdrv <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by ayi490 at 16:26:33 on 2012-10-03
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3956.1675 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Users\Student\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Users\Student\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Student\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Student\AppData\Local\Temp\InstallBSRVista_v5.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://cpprod.stjohns.edu/cp/home/loginf
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
mWinlogon: Userinit=userinit.exe
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Akamai NetSession Interface] "C:\Users\Student\AppData\Local\Akamai\netsession_win.exe"
uRun: [AdobeBridge]
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Google Update] "C:\Users\Student\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Student\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Student\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: LogonType = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: stjohns.edu
Trusted Zone: tellmemorecampus.com\www.stjohns
Trusted Zone: tellmemorecampus.com\www.stjohns
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{538BC23C-8547-47A8-9AA9-1663E3A6EAE6} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{538BC23C-8547-47A8-9AA9-1663E3A6EAE6}\35A4553547574656E647 : DhcpNameServer = 10.64.250.2
TCP: Interfaces\{538BC23C-8547-47A8-9AA9-1663E3A6EAE6}\44561646C697026596275737 : DhcpNameServer = 192.168.3.1
TCP: Interfaces\{8CD64A98-0BB0-4C2C-A69D-7C6D76846B74} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
LSA: Notification Packages = scecli ACGina
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [(Default)]
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\9bh0w57m.default\
FF - prefs.js: browser.startup.homepage - hxxp://cpprod.stjohns.edu/cp/home/loginf
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Student\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\9bh0w57m.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-5-24 290832]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2010-5-20 50536]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2010-5-20 44984]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-5-20 74088]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-2-1 206120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-31 382312]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2010-10-22 5716848]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-2-1 185640]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2010-5-20 63928]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-6-1 2320920]
R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-14 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 250288]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-5-20 164200]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-14 136176]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 114144]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-5-20 75112]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-10-03 20:23:39 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3BCC08DC-C565-4630-8CA0-7072EAD4586F}\mpengine.dll
2012-10-03 19:18:36 -------- d-----w- C:\Users\Student\AppData\Roaming\Malwarebytes
2012-10-03 19:18:16 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-03 19:18:13 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-03 19:18:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-03 04:01:24 -------- d-----w- C:\Users\Student\AppData\Local\Bulents
2012-10-03 04:00:17 -------- d-----w- C:\Program Files\BSR Screen Recorder 6
2012-10-02 17:09:49 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-27 20:39:00 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-27 20:38:11 -------- d-----w- C:\Program Files\iPod
2012-09-27 20:38:10 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-27 20:38:10 -------- d-----w- C:\Program Files\iTunes
2012-09-27 20:38:10 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-27 13:04:35 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1125C0EB-E981-45AF-9997-4D60F9B7D47F}\gapaengine.dll
2012-09-17 20:37:33 44544 ----a-w- C:\Windows\SysWow64\agremove.exe
2012-09-12 21:15:00 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 21:15:00 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 21:15:00 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2012-09-21 04:18:45 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 04:18:45 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-17 19:25:51 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2012-08-31 02:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 02:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-29 00:24:56 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-08-29 00:24:53 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 16:26:56.32 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume2
Install Date: 22-Aug-10 11:18:54 PM
System Uptime: 03-Oct-12 4:22:16 AM (12 hours ago)
.
Motherboard: LENOVO | | 2522BM6
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | None | 2133/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 73.954 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP332: 24-Sep-12 10:37:28 PM - Installed Java(TM) 6 Update 35
RP333: 25-Sep-12 5:31:07 PM - Windows Update
RP334: 27-Sep-12 8:37:51 AM - Windows Update
RP335: 27-Sep-12 10:08:20 PM - Removed Google Talk Plugin
RP336: 27-Sep-12 10:09:51 PM - Removed Facebook Video Calling 1.2.0.159
RP337: 27-Sep-12 10:10:06 PM - Removed Facebook Messenger 2.1.4651.0
RP338: 30-Sep-12 6:28:54 PM - Windows Update
RP339: 03-Oct-12 12:00:26 AM - Installed Microsoft Visual C++ 2005 Redistributable
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
4500_G510af_Help_Web
4500G510af_Software_Min
4500G510af_web
Acrobat.com
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop Elements 6.0
Adobe Reader 9.3
Adobe Shockwave Player 11.6
AdventureTime_Screensaver
AIM 7
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Software Update
AuralogComponentsUninstall9
BIT.TRIP RUNNER
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
BufferChm
Burn.Now 4.5
CanoScan Toolbox Ver4.9
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Combined Community Codec Pack 2010-10-10
Computrace
Corel Burn.Now Lenovo Edition
DivX Setup
Download Updater (AOL LLC)
Dropbox
eReg
Google Chrome
Google Earth Plug-in
Google Update Helper
IHA_MessageCenter
Integrated Camera Driver Installer Package Ver.1.1.0.19
Intel(R) Management Engine Components
InterVideo WinDVD 8
iWisoft Free Video Converter 1.2
Java Auto Updater
Java(TM) 6 Update 35
JTablet
Left 4 Dead 2
Magicka
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel 2007 Get Started Tab
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint 2007 Get Started Tab
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007 Get Started Tab
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MV RegClean 5.9 English
MV RegClean 6.0
Nexon Game Manager
NVIDIA Stereoscopic 3D Driver
OpenAL
Pando Media Booster
PDF Settings CS5
PxMergeModule
QuickTime
Reader Library by Sony
Rescue and Recovery
RICOH R5U230 Media Driver ver.2.06.02.02
Safari
Scan
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 5.10
Source Filmmaker
Steam
swMSM
System Update
Team Fortress 2
Team Fortress 2 Beta
ThinkPad Power Manager
ThinkPad UltraNav Utility
ThinkPad Wireless LAN Adapter Software
ThinkVantage Access Connections
Toolbox
Torchlight
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Verizon Download Manager
Verizon FiOS Activation
VLC media player 2.0.1
VTFEdit 1.2.5
Vz In Home Agent
WebReg
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Winamp Detector Plug-in
Write-N-Cite
Xfire (remove only)
.
==== Event Viewer Messages From Past Week ========
.
30-Sep-12 6:38:24 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
30-Sep-12 1:31:57 AM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.
28-Sep-12 9:48:26 PM, Error: NetBT [4321] - The name "AYI490-PC :20" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 10.8.168.62 did not allow the name to be claimed by this computer.
28-Sep-12 9:48:26 PM, Error: NetBT [4321] - The name "AYI490-PC :0" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 10.8.168.62 did not allow the name to be claimed by this computer.
27-Sep-12 9:59:46 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer BLESSEDONE-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{538BC23C-8547-47A8-9AA9-1663E3A6EAE6}. The master browser is stopping or an election is being forced.
27-Sep-12 9:10:20 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MGOOD130-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{538BC23C-8547-47A8-9AA9-1663E3A6EAE6}. The master browser is stopping or an election is being forced.
27-Sep-12 8:47:47 AM, Error: NetBT [4321] - The name "AYI490-PC :20" could not be registered on the interface with IP address 10.8.164.64. The computer with the IP address 192.168.1.4 did not allow the name to be claimed by this computer.
27-Sep-12 8:47:47 AM, Error: NetBT [4321] - The name "AYI490-PC :0" could not be registered on the interface with IP address 10.8.164.64. The computer with the IP address 192.168.1.4 did not allow the name to be claimed by this computer.
27-Sep-12 8:44:38 AM, Error: NetBT [4321] - The name "AYI490-PC :20" could not be registered on the interface with IP address 169.254.143.112. The computer with the IP address 192.168.1.4 did not allow the name to be claimed by this computer.
27-Sep-12 8:44:38 AM, Error: NetBT [4321] - The name "AYI490-PC :0" could not be registered on the interface with IP address 169.254.143.112. The computer with the IP address 192.168.1.4 did not allow the name to be claimed by this computer.
27-Sep-12 7:43:45 PM, Error: NetBT [4321] - The name "AYI490-PC :20" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 10.10.161.29 did not allow the name to be claimed by this computer.
27-Sep-12 7:43:45 PM, Error: NetBT [4321] - The name "AYI490-PC :0" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 10.10.161.29 did not allow the name to be claimed by this computer.
27-Sep-12 4:37:14 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
27-Sep-12 4:36:14 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
27-Sep-12 4:35:47 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
26-Sep-12 8:42:08 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.9, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
03-Oct-12 4:24:23 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
03-Oct-12 4:21:31 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
03-Oct-12 2:55:25 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{538BC23C-8547-47A8-9AA9-1663E3A6EAE6} because another computer on the network has the same name. The server could not start.
03-Oct-12 2:55:25 PM, Error: NetBT [4321] - The name "AYI490-PC :20" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 10.8.164.87 did not allow the name to be claimed by this computer.
03-Oct-12 2:55:25 PM, Error: NetBT [4321] - The name "AYI490-PC :0" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 10.8.164.87 did not allow the name to be claimed by this computer.
02-Oct-12 12:49:03 PM, Error: Service Control Manager [7000] - The WMPNetworkSvc service failed to start due to the following error: The system cannot find the path specified.
02-Oct-12 12:45:02 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
02-Oct-12 11:55:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
02-Oct-12 11:55:25 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
01-Oct-12 9:07:02 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer TWEBS903-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{538BC23C-8547-47A8-9AA9-1663E3A6EAE6}. The master browser is stopping or an election is being forced.
01-Oct-12 10:33:39 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.7, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
01-Oct-12 10:33:38 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 169.254.134.115, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
.
==== End Of File ===========================

I have no idea what any of this means :l so thanks for any help you can give :)
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

=============================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
23:09:31.0918 6508 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
23:09:32.0258 6508 ============================================================
23:09:32.0258 6508 Current date / time: 2012/10/03 23:09:32.0258
23:09:32.0258 6508 SystemInfo:
23:09:32.0258 6508
23:09:32.0258 6508 OS Version: 6.1.7601 ServicePack: 1.0
23:09:32.0258 6508 Product type: Workstation
23:09:32.0258 6508 ComputerName: AYI490-PC
23:09:32.0258 6508 UserName: ayi490
23:09:32.0258 6508 Windows directory: C:\Windows
23:09:32.0258 6508 System windows directory: C:\Windows
23:09:32.0258 6508 Running under WOW64
23:09:32.0258 6508 Processor architecture: Intel x64
23:09:32.0258 6508 Number of processors: 4
23:09:32.0258 6508 Page size: 0x1000
23:09:32.0258 6508 Boot type: Normal boot
23:09:32.0258 6508 ============================================================
23:09:33.0368 6508 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
23:09:33.0368 6508 ============================================================
23:09:33.0368 6508 \Device\Harddisk0\DR0:
23:09:33.0378 6508 MBR partitions:
23:09:33.0378 6508 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x15BE800, BlocksNum 0x23E6F800
23:09:33.0378 6508 ============================================================
23:09:33.0408 6508 C: <-> \Device\Harddisk0\DR0\Partition1
23:09:33.0408 6508 ============================================================
23:09:33.0408 6508 Initialize success
23:09:33.0408 6508 ============================================================
23:09:48.0470 4192 ============================================================
23:09:48.0470 4192 Scan started
23:09:48.0470 4192 Mode: Manual;
23:09:48.0470 4192 ============================================================
23:09:48.0600 4192 ================ Scan system memory ========================
23:09:48.0600 4192 System memory - ok
23:09:48.0600 4192 ================ Scan services =============================
23:09:48.0860 4192 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:09:48.0860 4192 1394ohci - ok
23:09:48.0920 4192 [ 708CCD77B9363F245D9F9ACE480824CA ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
23:09:48.0920 4192 5U877 - ok
23:09:48.0970 4192 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:09:48.0980 4192 ACPI - ok
23:09:49.0020 4192 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:09:49.0020 4192 AcpiPmi - ok
23:09:49.0110 4192 [ CF2D68C16C7BE8D037DDD1BFA6E9C965 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
23:09:49.0110 4192 AcPrfMgrSvc - ok
23:09:49.0170 4192 [ B5060FE4AA0A074779C7B11AE7DB9D48 ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
23:09:49.0170 4192 AcSvc - ok
23:09:49.0276 4192 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
23:09:49.0291 4192 AdobeActiveFileMonitor6.0 - ok
23:09:49.0447 4192 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:09:49.0447 4192 AdobeFlashPlayerUpdateSvc - ok
23:09:49.0525 4192 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:09:49.0525 4192 adp94xx - ok
23:09:49.0572 4192 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:09:49.0572 4192 adpahci - ok
23:09:49.0588 4192 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:09:49.0603 4192 adpu320 - ok
23:09:49.0634 4192 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:09:49.0634 4192 AeLookupSvc - ok
23:09:49.0697 4192 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:09:49.0697 4192 AFD - ok
23:09:49.0744 4192 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:09:49.0744 4192 agp440 - ok
23:09:49.0931 4192 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll
23:09:49.0931 4192 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
23:09:49.0931 4192 Akamai ( HiddenFile.Multi.Generic ) - warning
23:09:49.0931 4192 Akamai - detected HiddenFile.Multi.Generic (1)
23:09:49.0978 4192 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:09:49.0978 4192 ALG - ok
23:09:50.0024 4192 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:09:50.0024 4192 aliide - ok
23:09:50.0024 4192 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:09:50.0040 4192 amdide - ok
23:09:50.0071 4192 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:09:50.0071 4192 AmdK8 - ok
23:09:50.0102 4192 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:09:50.0118 4192 AmdPPM - ok
23:09:50.0149 4192 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:09:50.0165 4192 amdsata - ok
23:09:50.0196 4192 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:09:50.0196 4192 amdsbs - ok
23:09:50.0227 4192 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:09:50.0227 4192 amdxata - ok
23:09:50.0274 4192 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:09:50.0274 4192 AppID - ok
23:09:50.0305 4192 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:09:50.0305 4192 AppIDSvc - ok
23:09:50.0352 4192 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:09:50.0368 4192 Appinfo - ok
23:09:50.0446 4192 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:09:50.0446 4192 Apple Mobile Device - ok
23:09:50.0492 4192 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
23:09:50.0492 4192 AppMgmt - ok
23:09:50.0539 4192 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:09:50.0539 4192 arc - ok
23:09:50.0570 4192 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:09:50.0570 4192 arcsas - ok
23:09:50.0586 4192 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:09:50.0586 4192 AsyncMac - ok
23:09:50.0633 4192 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:09:50.0633 4192 atapi - ok
23:09:50.0695 4192 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:09:50.0695 4192 AudioEndpointBuilder - ok
23:09:50.0711 4192 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:09:50.0711 4192 AudioSrv - ok
23:09:50.0789 4192 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:09:50.0789 4192 AxInstSV - ok
23:09:50.0836 4192 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:09:50.0851 4192 b06bdrv - ok
23:09:50.0882 4192 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:09:50.0898 4192 b57nd60a - ok
23:09:50.0945 4192 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:09:50.0945 4192 BDESVC - ok
23:09:50.0960 4192 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:09:50.0960 4192 Beep - ok
23:09:51.0023 4192 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:09:51.0023 4192 BFE - ok
23:09:51.0070 4192 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
23:09:51.0085 4192 BITS - ok
23:09:51.0116 4192 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:09:51.0116 4192 blbdrive - ok
23:09:51.0226 4192 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:09:51.0226 4192 Bonjour Service - ok
23:09:51.0272 4192 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:09:51.0272 4192 bowser - ok
23:09:51.0304 4192 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:09:51.0304 4192 BrFiltLo - ok
23:09:51.0319 4192 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:09:51.0319 4192 BrFiltUp - ok
23:09:51.0366 4192 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:09:51.0366 4192 Browser - ok
23:09:51.0397 4192 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:09:51.0397 4192 Brserid - ok
23:09:51.0428 4192 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:09:51.0428 4192 BrSerWdm - ok
23:09:51.0444 4192 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:09:51.0444 4192 BrUsbMdm - ok
23:09:51.0475 4192 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:09:51.0475 4192 BrUsbSer - ok
23:09:51.0491 4192 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:09:51.0491 4192 BTHMODEM - ok
23:09:51.0522 4192 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:09:51.0522 4192 bthserv - ok
23:09:51.0553 4192 [ 48360B88C4BF45850653BB7C86888ED4 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
23:09:51.0553 4192 CAXHWAZL - ok
23:09:51.0616 4192 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:09:51.0616 4192 cdfs - ok
23:09:51.0662 4192 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:09:51.0662 4192 cdrom - ok
23:09:51.0709 4192 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:09:51.0709 4192 CertPropSvc - ok
23:09:51.0740 4192 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:09:51.0740 4192 circlass - ok
23:09:51.0772 4192 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:09:51.0772 4192 CLFS - ok
23:09:51.0850 4192 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:09:51.0850 4192 clr_optimization_v2.0.50727_32 - ok
23:09:51.0896 4192 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:09:51.0896 4192 clr_optimization_v2.0.50727_64 - ok
23:09:51.0943 4192 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:09:51.0943 4192 CmBatt - ok
23:09:51.0990 4192 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:09:51.0990 4192 cmdide - ok
23:09:52.0021 4192 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
23:09:52.0037 4192 CNG - ok
23:09:52.0084 4192 [ D7D489ACF6DB4C64F88F1A65739770F7 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
23:09:52.0099 4192 CnxtHdAudService - ok
23:09:52.0130 4192 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:09:52.0130 4192 Compbatt - ok
23:09:52.0177 4192 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:09:52.0193 4192 CompositeBus - ok
23:09:52.0208 4192 COMSysApp - ok
23:09:52.0302 4192 [ C08063F052308B6F5882482615387F30 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
23:09:52.0302 4192 cpuz135 - ok
23:09:52.0318 4192 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:09:52.0318 4192 crcdisk - ok
23:09:52.0364 4192 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:09:52.0364 4192 CryptSvc - ok
23:09:52.0411 4192 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
23:09:52.0411 4192 CSC - ok
23:09:52.0520 4192 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
23:09:52.0520 4192 CscService - ok
23:09:52.0676 4192 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:09:52.0692 4192 DcomLaunch - ok
23:09:52.0801 4192 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:09:52.0817 4192 defragsvc - ok
23:09:52.0910 4192 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:09:52.0910 4192 DfsC - ok
23:09:53.0098 4192 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:09:53.0098 4192 Dhcp - ok
23:09:53.0129 4192 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:09:53.0129 4192 discache - ok
23:09:53.0176 4192 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:09:53.0176 4192 Disk - ok
23:09:53.0207 4192 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:09:53.0222 4192 Dnscache - ok
23:09:53.0254 4192 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:09:53.0269 4192 dot3svc - ok
23:09:53.0300 4192 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
23:09:53.0300 4192 Dot4 - ok
23:09:53.0332 4192 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
23:09:53.0332 4192 Dot4Print - ok
23:09:53.0347 4192 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
23:09:53.0363 4192 dot4usb - ok
23:09:53.0410 4192 [ 0467853BB18E2F6B0C02E5E991A6F087 ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
23:09:53.0410 4192 DozeSvc - ok
23:09:53.0456 4192 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:09:53.0456 4192 DPS - ok
23:09:53.0488 4192 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:09:53.0488 4192 drmkaud - ok
23:09:53.0550 4192 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:09:53.0550 4192 DXGKrnl - ok
23:09:53.0597 4192 [ 5BDEF3FAA1BFD9C9C5D3DC972049F0FA ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys
23:09:53.0597 4192 DzHDD64 - ok
23:09:53.0628 4192 [ F369E83F6CDAB987CA2DD764278659A6 ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
23:09:53.0628 4192 e1kexpress - ok
23:09:53.0659 4192 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:09:53.0659 4192 EapHost - ok
23:09:53.0753 4192 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:09:53.0784 4192 ebdrv - ok
23:09:53.0815 4192 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:09:53.0815 4192 EFS - ok
23:09:53.0893 4192 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:09:53.0909 4192 ehRecvr - ok
23:09:53.0924 4192 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:09:53.0940 4192 ehSched - ok
23:09:53.0971 4192 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:09:53.0971 4192 elxstor - ok
23:09:54.0018 4192 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:09:54.0018 4192 ErrDev - ok
23:09:54.0049 4192 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:09:54.0049 4192 EventSystem - ok
23:09:54.0080 4192 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:09:54.0080 4192 exfat - ok
23:09:54.0112 4192 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:09:54.0112 4192 fastfat - ok
23:09:54.0174 4192 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:09:54.0174 4192 Fax - ok
23:09:54.0205 4192 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:09:54.0205 4192 fdc - ok
23:09:54.0236 4192 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:09:54.0236 4192 fdPHost - ok
23:09:54.0252 4192 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:09:54.0252 4192 FDResPub - ok
23:09:54.0268 4192 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:09:54.0268 4192 FileInfo - ok
23:09:54.0283 4192 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:09:54.0283 4192 Filetrace - ok
23:09:54.0330 4192 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:09:54.0346 4192 FLEXnet Licensing Service - ok
23:09:54.0361 4192 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:09:54.0361 4192 flpydisk - ok
23:09:54.0408 4192 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:09:54.0408 4192 FltMgr - ok
23:09:54.0470 4192 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
23:09:54.0486 4192 FontCache - ok
23:09:54.0548 4192 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:09:54.0548 4192 FontCache3.0.0.0 - ok
23:09:54.0580 4192 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:09:54.0595 4192 FsDepends - ok
23:09:54.0626 4192 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:09:54.0642 4192 Fs_Rec - ok
23:09:54.0689 4192 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:09:54.0689 4192 fvevol - ok
23:09:54.0736 4192 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:09:54.0736 4192 gagp30kx - ok
23:09:54.0782 4192 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:09:54.0782 4192 GEARAspiWDM - ok
23:09:54.0845 4192 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:09:54.0860 4192 gpsvc - ok
23:09:54.0938 4192 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:09:54.0938 4192 gupdate - ok
23:09:54.0970 4192 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:09:54.0970 4192 gupdatem - ok
23:09:55.0016 4192 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
23:09:55.0032 4192 hamachi - ok
23:09:55.0063 4192 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:09:55.0063 4192 hcw85cir - ok
23:09:55.0110 4192 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:09:55.0110 4192 HdAudAddService - ok
23:09:55.0141 4192 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:09:55.0141 4192 HDAudBus - ok
23:09:55.0172 4192 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
23:09:55.0188 4192 HECIx64 - ok
23:09:55.0204 4192 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:09:55.0204 4192 HidBatt - ok
23:09:55.0219 4192 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:09:55.0219 4192 HidBth - ok
23:09:55.0297 4192 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:09:55.0297 4192 HidIr - ok
23:09:55.0344 4192 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
23:09:55.0360 4192 hidserv - ok
23:09:55.0375 4192 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:09:55.0375 4192 HidUsb - ok
23:09:55.0422 4192 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:09:55.0422 4192 hkmsvc - ok
23:09:55.0469 4192 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:09:55.0484 4192 HomeGroupListener - ok
23:09:55.0531 4192 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:09:55.0531 4192 HomeGroupProvider - ok
23:09:55.0562 4192 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:09:55.0578 4192 HpSAMD - ok
23:09:55.0672 4192 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
23:09:55.0687 4192 HsfXAudioService - ok
23:09:55.0750 4192 [ F6AC1087A131FBB385400667BEA64FBE ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
23:09:55.0781 4192 HSF_DPV - ok
23:09:55.0843 4192 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:09:55.0843 4192 HTTP - ok
23:09:55.0890 4192 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:09:55.0890 4192 hwpolicy - ok
23:09:55.0937 4192 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:09:55.0952 4192 i8042prt - ok
23:09:56.0046 4192 [ 85977CD13FC16069CE0AF7943A811775 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:09:56.0046 4192 iaStor - ok
23:09:56.0140 4192 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:09:56.0155 4192 iaStorV - ok
23:09:56.0171 4192 [ 3761FAB385F1C2F51B2FAD48CFABBE9D ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
23:09:56.0186 4192 IBMPMDRV - ok
23:09:56.0186 4192 [ FC22310F3862E2C7C8722EF4778D5CC3 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
23:09:56.0202 4192 IBMPMSVC - ok
23:09:56.0358 4192 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:09:56.0389 4192 idsvc - ok
23:09:56.0545 4192 [ C135BFF15563592B8EA070EA109967F7 ] IHA_MessageCenter C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
23:09:56.0561 4192 IHA_MessageCenter - ok
23:09:56.0623 4192 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:09:56.0639 4192 iirsp - ok
23:09:56.0748 4192 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:09:56.0764 4192 IKEEXT - ok
23:09:56.0795 4192 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:09:56.0795 4192 intelide - ok
23:09:56.0842 4192 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:09:56.0857 4192 intelppm - ok
23:09:56.0888 4192 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:09:56.0904 4192 IPBusEnum - ok
23:09:56.0951 4192 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:09:56.0966 4192 IpFilterDriver - ok
23:09:57.0060 4192 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:09:57.0076 4192 iphlpsvc - ok
23:09:57.0107 4192 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:09:57.0107 4192 IPMIDRV - ok
23:09:57.0138 4192 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:09:57.0138 4192 IPNAT - ok
23:09:57.0388 4192 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:09:57.0403 4192 iPod Service - ok
23:09:57.0434 4192 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:09:57.0434 4192 IRENUM - ok
23:09:57.0497 4192 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:09:57.0512 4192 isapnp - ok
23:09:57.0575 4192 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:09:57.0590 4192 iScsiPrt - ok
23:09:57.0684 4192 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
23:09:57.0700 4192 IviRegMgr - ok
23:09:57.0809 4192 [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
23:09:57.0809 4192 ivusb - ok
23:09:57.0840 4192 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:09:57.0840 4192 kbdclass - ok
23:09:57.0902 4192 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:09:57.0918 4192 kbdhid - ok
23:09:57.0934 4192 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:09:57.0934 4192 KeyIso - ok
23:09:57.0996 4192 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:09:58.0012 4192 KSecDD - ok
23:09:58.0058 4192 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:09:58.0074 4192 KSecPkg - ok
23:09:58.0121 4192 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:09:58.0136 4192 ksthunk - ok
23:09:58.0261 4192 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:09:58.0292 4192 KtmRm - ok
23:09:58.0370 4192 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:09:58.0370 4192 LanmanServer - ok
23:09:58.0433 4192 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:09:58.0448 4192 LanmanWorkstation - ok
23:09:58.0604 4192 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
23:09:58.0620 4192 LBTServ - ok
23:09:58.0714 4192 [ 23AAD440FE3A436087E066773954FA10 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
23:09:58.0729 4192 LENOVO.CAMMUTE - ok
23:09:58.0776 4192 [ E9953EEED1653D1CB9EC5C54FF8057DB ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
23:09:58.0776 4192 LENOVO.MICMUTE - ok
23:09:58.0792 4192 [ 5ACFF5823634BC2C4EBF559C3B33E18E ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
23:09:58.0792 4192 lenovo.smi - ok
23:09:58.0823 4192 [ 3488CDBCE014AD1E703FCDDD5BCF5AEC ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
23:09:58.0823 4192 LENOVO.TPKNRSVC - ok
23:09:58.0885 4192 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
23:09:58.0885 4192 LHidFilt - ok
23:09:58.0916 4192 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:09:58.0932 4192 lltdio - ok
23:09:58.0963 4192 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:09:58.0979 4192 lltdsvc - ok
23:09:58.0994 4192 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:09:59.0010 4192 lmhosts - ok
23:09:59.0057 4192 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
23:09:59.0072 4192 LMouFilt - ok
23:09:59.0182 4192 [ A7AD70A504FAC41492A95FE1D567CB52 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:09:59.0182 4192 LMS - ok
23:09:59.0213 4192 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:09:59.0244 4192 LSI_FC - ok
23:09:59.0291 4192 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:09:59.0291 4192 LSI_SAS - ok
23:09:59.0336 4192 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:09:59.0346 4192 LSI_SAS2 - ok
23:09:59.0376 4192 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:09:59.0406 4192 LSI_SCSI - ok
23:09:59.0476 4192 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:09:59.0476 4192 luafv - ok
23:09:59.0566 4192 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:09:59.0586 4192 Mcx2Svc - ok
23:09:59.0846 4192 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
23:09:59.0856 4192 MDM - ok
23:09:59.0986 4192 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:10:00.0006 4192 mdmxsdk - ok
23:10:00.0076 4192 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:10:00.0096 4192 megasas - ok
23:10:00.0126 4192 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:10:00.0156 4192 MegaSR - ok
23:10:00.0186 4192 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:10:00.0206 4192 MMCSS - ok
23:10:00.0236 4192 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:10:00.0246 4192 Modem - ok
23:10:00.0326 4192 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:10:00.0326 4192 monitor - ok
23:10:00.0386 4192 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:10:00.0406 4192 mouclass - ok
23:10:00.0466 4192 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:10:00.0476 4192 mouhid - ok
23:10:00.0536 4192 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:10:00.0546 4192 mountmgr - ok
23:10:00.0726 4192 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:10:00.0726 4192 MozillaMaintenance - ok
23:10:00.0796 4192 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
23:10:00.0796 4192 MpFilter - ok
23:10:00.0846 4192 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:10:00.0866 4192 mpio - ok
23:10:00.0896 4192 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:10:00.0906 4192 mpsdrv - ok
23:10:00.0976 4192 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:10:00.0996 4192 MpsSvc - ok
23:10:01.0056 4192 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:10:01.0066 4192 MRxDAV - ok
23:10:01.0116 4192 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:10:01.0126 4192 mrxsmb - ok
23:10:01.0196 4192 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:10:01.0196 4192 mrxsmb10 - ok
23:10:01.0216 4192 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:10:01.0226 4192 mrxsmb20 - ok
23:10:01.0286 4192 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:10:01.0296 4192 msahci - ok
23:10:01.0346 4192 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:10:01.0356 4192 msdsm - ok
 
23:10:01.0386 4192 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:10:01.0396 4192 MSDTC - ok
23:10:01.0426 4192 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:10:01.0426 4192 Msfs - ok
23:10:01.0456 4192 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:10:01.0456 4192 mshidkmdf - ok
23:10:01.0476 4192 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:10:01.0486 4192 msisadrv - ok
23:10:01.0536 4192 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:10:01.0546 4192 MSiSCSI - ok
23:10:01.0556 4192 msiserver - ok
23:10:01.0596 4192 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:10:01.0596 4192 MSKSSRV - ok
23:10:01.0756 4192 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:10:01.0756 4192 MsMpSvc - ok
23:10:01.0776 4192 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:10:01.0786 4192 MSPCLOCK - ok
23:10:01.0846 4192 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:10:01.0856 4192 MSPQM - ok
23:10:01.0906 4192 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:10:01.0916 4192 MsRPC - ok
23:10:01.0956 4192 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:10:01.0976 4192 mssmbios - ok
23:10:01.0996 4192 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:10:02.0016 4192 MSTEE - ok
23:10:02.0026 4192 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:10:02.0036 4192 MTConfig - ok
23:10:02.0046 4192 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:10:02.0056 4192 Mup - ok
23:10:02.0126 4192 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:10:02.0146 4192 napagent - ok
23:10:02.0216 4192 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:10:02.0226 4192 NativeWifiP - ok
23:10:02.0316 4192 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
23:10:02.0326 4192 NDIS - ok
23:10:02.0346 4192 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:10:02.0346 4192 NdisCap - ok
23:10:02.0396 4192 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:10:02.0406 4192 NdisTapi - ok
23:10:02.0446 4192 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:10:02.0456 4192 Ndisuio - ok
23:10:02.0496 4192 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:10:02.0496 4192 NdisWan - ok
23:10:02.0566 4192 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:10:02.0576 4192 NDProxy - ok
23:10:02.0656 4192 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:10:02.0666 4192 Net Driver HPZ12 - ok
23:10:02.0706 4192 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:10:02.0716 4192 NetBIOS - ok
23:10:02.0776 4192 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:10:02.0786 4192 NetBT - ok
23:10:02.0816 4192 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:10:02.0826 4192 Netlogon - ok
23:10:02.0886 4192 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:10:02.0896 4192 Netman - ok
23:10:02.0906 4192 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:10:02.0916 4192 netprofm - ok
23:10:02.0946 4192 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:10:02.0966 4192 NetTcpPortSharing - ok
23:10:03.0026 4192 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:10:03.0036 4192 nfrd960 - ok
23:10:03.0106 4192 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:10:03.0116 4192 NisDrv - ok
23:10:03.0176 4192 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
23:10:03.0186 4192 NisSrv - ok
23:10:03.0286 4192 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:10:03.0306 4192 NlaSvc - ok
23:10:03.0356 4192 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:10:03.0366 4192 Npfs - ok
23:10:03.0396 4192 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:10:03.0416 4192 nsi - ok
23:10:03.0446 4192 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:10:03.0456 4192 nsiproxy - ok
23:10:03.0636 4192 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:10:03.0656 4192 Ntfs - ok
23:10:03.0676 4192 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:10:03.0676 4192 Null - ok
23:10:03.0746 4192 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
23:10:03.0756 4192 NVHDA - ok
23:10:05.0519 4192 [ A48BFF12CEBF631DC329FB4223201BFA ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:10:05.0876 4192 nvlddmkm - ok
23:10:05.0926 4192 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:10:05.0926 4192 nvraid - ok
23:10:05.0926 4192 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:10:05.0936 4192 nvstor - ok
23:10:05.0996 4192 [ C4E884D605E12A1F815C89C830873BF7 ] nvsvc C:\Windows\system32\nvvsvc.exe
23:10:06.0006 4192 nvsvc - ok
23:10:06.0066 4192 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:10:06.0066 4192 nv_agp - ok
23:10:06.0146 4192 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:10:06.0156 4192 odserv - ok
23:10:06.0176 4192 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:10:06.0176 4192 ohci1394 - ok
23:10:06.0226 4192 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:10:06.0236 4192 ose - ok
23:10:06.0256 4192 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:10:06.0276 4192 p2pimsvc - ok
23:10:06.0286 4192 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:10:06.0306 4192 p2psvc - ok
23:10:06.0336 4192 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:10:06.0336 4192 Parport - ok
23:10:06.0376 4192 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:10:06.0376 4192 partmgr - ok
23:10:06.0376 4192 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:10:06.0386 4192 PcaSvc - ok
23:10:06.0416 4192 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:10:06.0426 4192 pci - ok
23:10:06.0436 4192 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:10:06.0436 4192 pciide - ok
23:10:06.0466 4192 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:10:06.0466 4192 pcmcia - ok
23:10:06.0486 4192 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:10:06.0486 4192 pcw - ok
23:10:06.0516 4192 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:10:06.0526 4192 PEAUTH - ok
23:10:06.0576 4192 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:10:06.0596 4192 PeerDistSvc - ok
23:10:06.0676 4192 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:10:06.0686 4192 PerfHost - ok
23:10:06.0756 4192 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:10:06.0776 4192 pla - ok
23:10:06.0836 4192 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:10:06.0846 4192 PlugPlay - ok
23:10:06.0916 4192 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:10:06.0916 4192 Pml Driver HPZ12 - ok
23:10:06.0936 4192 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:10:06.0946 4192 PNRPAutoReg - ok
23:10:06.0966 4192 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:10:06.0966 4192 PNRPsvc - ok
23:10:07.0016 4192 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:10:07.0026 4192 PolicyAgent - ok
23:10:07.0046 4192 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:10:07.0066 4192 Power - ok
23:10:07.0106 4192 [ EC9FC20699B7A5EB050EF1E3C3A5F024 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
23:10:07.0116 4192 Power Manager DBC Service - ok
23:10:07.0156 4192 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:10:07.0156 4192 PptpMiniport - ok
23:10:07.0186 4192 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:10:07.0196 4192 Processor - ok
23:10:07.0236 4192 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
23:10:07.0246 4192 ProfSvc - ok
23:10:07.0276 4192 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:10:07.0286 4192 ProtectedStorage - ok
23:10:07.0316 4192 [ 515A7C5A0886FCC60901916785EFD549 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
23:10:07.0316 4192 psadd - ok
23:10:07.0356 4192 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:10:07.0366 4192 Psched - ok
23:10:07.0456 4192 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
23:10:07.0456 4192 PxHlpa64 - ok
23:10:07.0516 4192 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:10:07.0536 4192 ql2300 - ok
23:10:07.0576 4192 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:10:07.0576 4192 ql40xx - ok
23:10:07.0626 4192 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:10:07.0646 4192 QWAVE - ok
23:10:07.0696 4192 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:10:07.0696 4192 QWAVEdrv - ok
23:10:07.0736 4192 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:10:07.0736 4192 RasAcd - ok
23:10:07.0766 4192 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:10:07.0766 4192 RasAgileVpn - ok
23:10:07.0796 4192 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:10:07.0806 4192 RasAuto - ok
23:10:07.0856 4192 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:10:07.0856 4192 Rasl2tp - ok
23:10:07.0906 4192 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:10:07.0916 4192 RasMan - ok
23:10:07.0946 4192 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:10:07.0956 4192 RasPppoe - ok
23:10:07.0956 4192 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:10:07.0966 4192 RasSstp - ok
23:10:08.0006 4192 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:10:08.0016 4192 rdbss - ok
23:10:08.0026 4192 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:10:08.0026 4192 rdpbus - ok
23:10:08.0046 4192 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:10:08.0046 4192 RDPCDD - ok
23:10:08.0096 4192 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:10:08.0096 4192 RDPDR - ok
23:10:08.0116 4192 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:10:08.0116 4192 RDPENCDD - ok
23:10:08.0126 4192 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:10:08.0136 4192 RDPREFMP - ok
23:10:08.0196 4192 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:10:08.0196 4192 RdpVideoMiniport - ok
23:10:08.0236 4192 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:10:08.0236 4192 RDPWD - ok
23:10:08.0306 4192 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:10:08.0316 4192 rdyboost - ok
23:10:08.0366 4192 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:10:08.0366 4192 RemoteAccess - ok
23:10:08.0416 4192 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:10:08.0426 4192 RemoteRegistry - ok
23:10:08.0456 4192 [ 3DCA561AAF776AA2E356FB5B142AA5F8 ] rimspci C:\Windows\system32\DRIVERS\rimspe64.sys
23:10:08.0466 4192 rimspci - ok
23:10:08.0506 4192 [ 71B48DDAF5E9C2B40E64DE5C405F5AAC ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
23:10:08.0506 4192 RimUsb - ok
23:10:08.0566 4192 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
23:10:08.0566 4192 RimVSerPort - ok
23:10:08.0586 4192 [ BE42F817597D3049960A54CE280C2493 ] rixdpcie C:\Windows\system32\DRIVERS\rixdpe64.sys
23:10:08.0586 4192 rixdpcie - ok
23:10:08.0616 4192 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
23:10:08.0616 4192 ROOTMODEM - ok
23:10:08.0626 4192 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:10:08.0636 4192 RpcEptMapper - ok
23:10:08.0656 4192 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:10:08.0666 4192 RpcLocator - ok
23:10:08.0716 4192 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:10:08.0726 4192 RpcSs - ok
23:10:08.0758 4192 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:10:08.0758 4192 rspndr - ok
23:10:08.0804 4192 [ C18587AC67F22087575BF12043A88218 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
23:10:08.0820 4192 rtl8192se - ok
23:10:08.0851 4192 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:10:08.0867 4192 s3cap - ok
23:10:08.0882 4192 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:10:08.0882 4192 SamSs - ok
23:10:08.0898 4192 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:10:08.0898 4192 sbp2port - ok
23:10:08.0929 4192 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:10:08.0945 4192 SCardSvr - ok
23:10:08.0976 4192 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:10:08.0992 4192 scfilter - ok
23:10:09.0038 4192 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:10:09.0054 4192 Schedule - ok
23:10:09.0101 4192 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:10:09.0101 4192 SCPolicySvc - ok
23:10:09.0163 4192 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
23:10:09.0163 4192 sdbus - ok
23:10:09.0194 4192 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:10:09.0210 4192 SDRSVC - ok
23:10:09.0257 4192 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:10:09.0257 4192 secdrv - ok
23:10:09.0304 4192 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:10:09.0314 4192 seclogon - ok
23:10:09.0354 4192 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
23:10:09.0364 4192 SENS - ok
23:10:09.0374 4192 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:10:09.0394 4192 SensrSvc - ok
23:10:09.0444 4192 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:10:09.0444 4192 Serenum - ok
23:10:09.0504 4192 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:10:09.0504 4192 Serial - ok
23:10:09.0564 4192 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:10:09.0564 4192 sermouse - ok
23:10:09.0614 4192 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:10:09.0634 4192 SessionEnv - ok
23:10:09.0654 4192 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:10:09.0664 4192 sffdisk - ok
23:10:09.0664 4192 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:10:09.0664 4192 sffp_mmc - ok
23:10:09.0674 4192 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:10:09.0674 4192 sffp_sd - ok
23:10:09.0744 4192 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:10:09.0744 4192 sfloppy - ok
23:10:09.0774 4192 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:10:09.0784 4192 SharedAccess - ok
23:10:09.0824 4192 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:10:09.0834 4192 ShellHWDetection - ok
23:10:09.0904 4192 [ C45942985943FC4AB8A7EA7A92F29C00 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
23:10:09.0904 4192 Shockprf - ok
23:10:09.0934 4192 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:10:09.0934 4192 SiSRaid2 - ok
23:10:09.0964 4192 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:10:09.0964 4192 SiSRaid4 - ok
23:10:10.0044 4192 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
23:10:10.0054 4192 SkypeUpdate - ok
23:10:10.0074 4192 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:10:10.0074 4192 Smb - ok
23:10:10.0114 4192 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:10:10.0144 4192 SNMPTRAP - ok
23:10:10.0224 4192 [ 3BB48F7E33C2B76184DDF233000C09CD ] Sony SCSI Helper Service C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
23:10:10.0244 4192 Sony SCSI Helper Service - ok
23:10:10.0284 4192 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:10:10.0314 4192 spldr - ok
23:10:10.0434 4192 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
23:10:10.0454 4192 Spooler - ok
23:10:10.0774 4192 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:10:10.0844 4192 sppsvc - ok
23:10:10.0894 4192 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:10:10.0904 4192 sppuinotify - ok
23:10:10.0934 4192 sprtsvc_verizondm - ok
23:10:11.0004 4192 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:10:11.0014 4192 srv - ok
23:10:11.0064 4192 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:10:11.0074 4192 srv2 - ok
23:10:11.0134 4192 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:10:11.0154 4192 SrvHsfHDA - ok
23:10:11.0194 4192 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:10:11.0224 4192 SrvHsfV92 - ok
23:10:11.0364 4192 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:10:11.0364 4192 SrvHsfWinac - ok
23:10:11.0394 4192 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:10:11.0404 4192 srvnet - ok
23:10:11.0464 4192 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:10:11.0484 4192 SSDPSRV - ok
23:10:11.0514 4192 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:10:11.0534 4192 SstpSvc - ok
23:10:11.0594 4192 Steam Client Service - ok
23:10:11.0814 4192 [ 5166A8690D912B0B9F29FBB028EA9FE7 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:10:11.0824 4192 Stereo Service - ok
23:10:11.0884 4192 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:10:11.0894 4192 stexstor - ok
23:10:11.0964 4192 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:10:11.0974 4192 stisvc - ok
23:10:12.0014 4192 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:10:12.0024 4192 storflt - ok
23:10:12.0044 4192 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
23:10:12.0054 4192 StorSvc - ok
23:10:12.0084 4192 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:10:12.0094 4192 storvsc - ok
23:10:12.0204 4192 [ CBBD685F75AFF6BE0171026FB7FE7A66 ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
23:10:12.0214 4192 SUService - ok
23:10:12.0244 4192 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
23:10:12.0254 4192 swenum - ok
23:10:12.0354 4192 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
23:10:12.0474 4192 SwitchBoard - ok
23:10:12.0524 4192 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:10:12.0534 4192 swprv - ok
23:10:12.0554 4192 Synth3dVsc - ok
23:10:12.0574 4192 [ 868DFB220A18312A12CEF01BA9AC069B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:10:12.0584 4192 SynTP - ok
23:10:12.0654 4192 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:10:12.0684 4192 SysMain - ok
23:10:12.0724 4192 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:10:12.0734 4192 TabletInputService - ok
23:10:12.0944 4192 [ 191394B308BD7FEDB4EBB4F7F04C1339 ] TabletServiceWacom C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
23:10:13.0004 4192 TabletServiceWacom - ok
23:10:13.0064 4192 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:10:13.0084 4192 TapiSrv - ok
23:10:13.0104 4192 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:10:13.0114 4192 TBS - ok
23:10:13.0185 4192 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:10:13.0205 4192 Tcpip - ok
23:10:13.0245 4192 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:10:13.0265 4192 TCPIP6 - ok
23:10:13.0305 4192 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:10:13.0305 4192 tcpipreg - ok
23:10:13.0335 4192 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:10:13.0345 4192 TDPIPE - ok
23:10:13.0385 4192 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:10:13.0385 4192 TDTCP - ok
23:10:13.0455 4192 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:10:13.0475 4192 tdx - ok
23:10:13.0575 4192 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:10:13.0575 4192 TermDD - ok
23:10:13.0785 4192 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:10:13.0825 4192 TermService - ok
23:10:13.0865 4192 tgsrvc_verizondm - ok
23:10:13.0955 4192 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:10:13.0995 4192 Themes - ok
23:10:14.0286 4192 [ 8EB3B845A55AFE8367C99C1B499340DF ] ThinkVantage Registry Monitor Service C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
23:10:14.0316 4192 ThinkVantage Registry Monitor Service - ok
23:10:14.0366 4192 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:10:14.0376 4192 THREADORDER - ok
23:10:14.0386 4192 [ 6DB3FAE611554DC373E266ED50111B1C ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
23:10:14.0406 4192 TPDIGIMN - ok
23:10:14.0436 4192 [ 47D2009FDC682833EE03B6DCBA23FDD2 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
23:10:14.0466 4192 TPHDEXLGSVC - ok
23:10:14.0706 4192 [ 88E1F5E9C121167D9E226CBE7FE5FB82 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
23:10:14.0726 4192 TPHKSVC - ok
23:10:14.0836 4192 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
23:10:14.0856 4192 TPM - ok
23:10:14.0896 4192 [ 2C067E01D6BBCCC88B233B868E210907 ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
23:10:14.0916 4192 TPPWRIF - ok
23:10:14.0956 4192 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:10:14.0966 4192 TrkWks - ok
23:10:15.0056 4192 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:10:15.0076 4192 TrustedInstaller - ok
23:10:15.0136 4192 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:10:15.0146 4192 tssecsrv - ok
23:10:15.0236 4192 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:10:15.0246 4192 TsUsbFlt - ok
23:10:15.0256 4192 tsusbhub - ok
23:10:15.0326 4192 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:10:15.0346 4192 tunnel - ok
23:10:15.0586 4192 [ 4E7F50B0735A9CC58997CC2C92E41290 ] TVT Backup Service C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
23:10:15.0606 4192 TVT Backup Service - ok
23:10:15.0676 4192 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:10:15.0706 4192 uagp35 - ok
23:10:15.0766 4192 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:10:15.0786 4192 udfs - ok
23:10:15.0856 4192 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:10:15.0866 4192 UI0Detect - ok
23:10:15.0936 4192 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:10:15.0966 4192 uliagpkx - ok
23:10:16.0016 4192 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
23:10:16.0036 4192 umbus - ok
23:10:16.0076 4192 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:10:16.0086 4192 UmPass - ok
23:10:16.0126 4192 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
23:10:16.0136 4192 UmRdpService - ok
23:10:16.0316 4192 [ 40C7C20D2D1798EEB68EEFD606C20689 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:10:16.0336 4192 UNS - ok
23:10:16.0406 4192 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:10:16.0426 4192 upnphost - ok
23:10:16.0466 4192 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
23:10:16.0476 4192 USBAAPL64 - ok
23:10:16.0516 4192 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:10:16.0516 4192 usbccgp - ok
23:10:16.0586 4192 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:10:16.0596 4192 usbcir - ok
23:10:16.0656 4192 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
23:10:16.0666 4192 usbehci - ok
23:10:16.0736 4192 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:10:16.0746 4192 usbhub - ok
23:10:16.0786 4192 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:10:16.0796 4192 usbohci - ok
23:10:16.0876 4192 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:10:16.0906 4192 usbprint - ok
23:10:16.0956 4192 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:10:16.0956 4192 usbscan - ok
23:10:17.0026 4192 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:10:17.0036 4192 USBSTOR - ok
23:10:17.0076 4192 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:10:17.0076 4192 usbuhci - ok
23:10:17.0136 4192 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
23:10:17.0136 4192 usbvideo - ok
23:10:17.0217 4192 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:10:17.0287 4192 UxSms - ok
23:10:17.0327 4192 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:10:17.0337 4192 VaultSvc - ok
23:10:17.0397 4192 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:10:17.0407 4192 vdrvroot - ok
23:10:17.0517 4192 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:10:17.0537 4192 vds - ok
23:10:17.0597 4192 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:10:17.0607 4192 vga - ok
23:10:17.0617 4192 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:10:17.0627 4192 VgaSave - ok
23:10:17.0627 4192 VGPU - ok
23:10:17.0737 4192 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:10:17.0757 4192 vhdmp - ok
23:10:17.0797 4192 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:10:17.0797 4192 viaide - ok
23:10:17.0877 4192 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:10:17.0877 4192 vmbus - ok
23:10:17.0927 4192 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:10:17.0937 4192 VMBusHID - ok
23:10:17.0947 4192 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:10:17.0947 4192 volmgr - ok
23:10:18.0027 4192 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:10:18.0047 4192 volmgrx - ok
23:10:18.0077 4192 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:10:18.0077 4192 volsnap - ok
23:10:18.0157 4192 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:10:18.0157 4192 vsmraid - ok
23:10:18.0248 4192 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:10:18.0268 4192 VSS - ok
23:10:18.0328 4192 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:10:18.0328 4192 vwifibus - ok
23:10:18.0368 4192 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:10:18.0368 4192 vwififlt - ok
23:10:18.0408 4192 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:10:18.0408 4192 vwifimp - ok
23:10:18.0438 4192 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:10:18.0458 4192 W32Time - ok
23:10:18.0508 4192 [ FE75777289278A4941FE6139E82B3BD9 ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
23:10:18.0518 4192 wacmoumonitor - ok
23:10:18.0558 4192 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
23:10:18.0568 4192 wacommousefilter - ok
23:10:18.0598 4192 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:10:18.0608 4192 WacomPen - ok
23:10:18.0658 4192 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
23:10:18.0658 4192 wacomvhid - ok
23:10:18.0718 4192 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:10:18.0718 4192 WANARP - ok
23:10:18.0718 4192 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:10:18.0728 4192 Wanarpv6 - ok
23:10:18.0848 4192 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:10:18.0858 4192 WatAdminSvc - ok
23:10:18.0918 4192 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:10:18.0958 4192 wbengine - ok
23:10:19.0008 4192 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:10:19.0018 4192 WbioSrvc - ok
23:10:19.0068 4192 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:10:19.0078 4192 wcncsvc - ok
23:10:19.0108 4192 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:10:19.0118 4192 WcsPlugInService - ok
23:10:19.0148 4192 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:10:19.0148 4192 Wd - ok
23:10:19.0188 4192 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:10:19.0198 4192 Wdf01000 - ok
23:10:19.0218 4192 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:10:19.0228 4192 WdiServiceHost - ok
23:10:19.0238 4192 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:10:19.0248 4192 WdiSystemHost - ok
23:10:19.0288 4192 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:10:19.0298 4192 WebClient - ok
23:10:19.0338 4192 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:10:19.0358 4192 Wecsvc - ok
23:10:19.0388 4192 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:10:19.0398 4192 wercplsupport - ok
23:10:19.0448 4192 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:10:19.0458 4192 WerSvc - ok
23:10:19.0518 4192 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:10:19.0518 4192 WfpLwf - ok
23:10:19.0548 4192 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:10:19.0558 4192 WIMMount - ok
23:10:19.0608 4192 [ 1EDBBF412A382550AF6EB35F5E46928E ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
23:10:19.0618 4192 winachsf - ok
23:10:19.0628 4192 WinDefend - ok
23:10:19.0788 4192 [ 0AE97898030BC89D64BE429A88C33A7F ] WinFLdrv C:\Windows\syswow64\WinFLdrv.sys
23:10:19.0798 4192 Suspicious file (Hidden): C:\Windows\syswow64\WinFLdrv.sys. md5: 0AE97898030BC89D64BE429A88C33A7F
23:10:19.0798 4192 WinFLdrv ( HiddenFile.Multi.Generic ) - warning
23:10:19.0798 4192 WinFLdrv - detected HiddenFile.Multi.Generic (1)
23:10:19.0808 4192 WinHttpAutoProxySvc - ok
23:10:19.0898 4192 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:10:19.0918 4192 Winmgmt - ok
23:10:20.0058 4192 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:10:20.0088 4192 WinRM - ok
23:10:20.0178 4192 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:10:20.0189 4192 WinUsb - ok
23:10:20.0349 4192 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:10:20.0369 4192 Wlansvc - ok
23:10:20.0449 4192 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:10:20.0449 4192 WmiAcpi - ok
23:10:20.0479 4192 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:10:20.0479 4192 wmiApSrv - ok
23:10:20.0539 4192 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:10:20.0549 4192 WPCSvc - ok
23:10:20.0599 4192 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:10:20.0609 4192 WPDBusEnum - ok
23:10:20.0639 4192 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:10:20.0639 4192 ws2ifsl - ok
23:10:20.0679 4192 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
23:10:20.0689 4192 wscsvc - ok
23:10:20.0689 4192 WSearch - ok
23:10:20.0779 4192 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:10:20.0809 4192 wuauserv - ok
23:10:20.0859 4192 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:10:20.0859 4192 WudfPf - ok
23:10:20.0889 4192 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:10:20.0899 4192 WUDFRd - ok
23:10:20.0949 4192 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:10:20.0959 4192 wudfsvc - ok
23:10:20.0999 4192 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:10:21.0009 4192 WwanSvc - ok
23:10:21.0029 4192 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
23:10:21.0039 4192 XAudio - ok
23:10:21.0039 4192 ================ Scan global ===============================
23:10:21.0099 4192 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:10:21.0139 4192 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:10:21.0159 4192 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:10:21.0209 4192 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:10:21.0249 4192 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:10:21.0269 4192 [Global] - ok
23:10:21.0269 4192 ================ Scan MBR ==================================
23:10:21.0299 4192 [ 325EFB654DCC313115A50E86F0027E18 ] \Device\Harddisk0\DR0
23:10:21.0619 4192 \Device\Harddisk0\DR0 - ok
23:10:21.0619 4192 ================ Scan VBR ==================================
23:10:21.0619 4192 [ 6D2F2E49F52CCEE03FB915C160F9ADBB ] \Device\Harddisk0\DR0\Partition1
23:10:21.0619 4192 \Device\Harddisk0\DR0\Partition1 - ok
23:10:21.0619 4192 ============================================================
23:10:21.0619 4192 Scan finished
23:10:21.0619 4192 ============================================================
23:10:21.0639 7072 Detected object count: 2
23:10:21.0639 7072 Actual detected object count: 2
23:11:35.0685 7072 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
23:11:35.0685 7072 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
23:11:35.0685 7072 WinFLdrv ( HiddenFile.Multi.Generic ) - skipped by user
23:11:35.0685 7072 WinFLdrv ( HiddenFile.Multi.Generic ) - User select action: Skip
 
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ayi490 [Admin rights]
Mode : Scan -- Date : 10/03/2012 23:17:17

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤
[TASK][SUSP PATH] {7A707390-71A0-402E-8E81-E826DE19EA03} : C:\Windows\system32\pcalua.exe -a C:\Users\Student\Desktop\JTabletSetupv0.9.5.exe -d "C:\Program Files (x86)\Mozilla Firefox" -> FOUND
[TASK][SUSP PATH] {80B38E40-7A83-40E7-ABE1-A7EB28544A78} : C:\Windows\system32\pcalua.exe -a C:\Users\Student\Desktop\lide25vst6411011aen\SetupSG.exe -d C:\Users\Student\Desktop\lide25vst6411011aen -> FOUND
[TASK][SUSP PATH] {937EBC88-6282-498C-960A-57A7FEDA79C3} : C:\Windows\system32\pcalua.exe -a "C:\Users\Student\Desktop\Easy Paint Tool SAI.exe" -d C:\Users\Student\Desktop -> FOUND
[TASK][SUSP PATH] {B1DA31C0-A3DF-49EC-86DB-907E9F73F878} : C:\Windows\system32\pcalua.exe -a C:\Users\Student\Desktop\MCPR.exe -d C:\Users\Student\Desktop -> FOUND
[TASK][SUSP PATH] {E007DDDD-4BF7-466A-AD68-F8F3DD25442A} : C:\Windows\system32\pcalua.exe -a C:\Users\Student\Desktop\Shockwave_Installer_Slim.exe -d "C:\Program Files (x86)\Mozilla Firefox" -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 3dns-2.adobe.com #192.150.22.22
127.0.0.1 3dns-3.adobe.com #192.150.14.21
127.0.0.1 3dns-4.adobe.com #192.150.18.247
127.0.0.1 3dns-5.adobe.com #192.150.22.46
127.0.0.1 adobe-dns.adobe.com #192.150.11.30
127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247
127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30
127.0.0.1 adobe.activate.com #69.175.22.26
127.0.0.1 activate.adobe.com #192.150.22.40
127.0.0.1 activate.wip3.adobe.com #192.150.22.40
127.0.0.1 activate.wip4.adobe.com #192.150.22.40
127.0.0.1 activate-sea.adobe.com #192.150.22.40
127.0.0.1 activate-sjc0.adobe.com #192.150.14.69
127.0.0.1 ereg.adobe.com #192.150.18.103
127.0.0.1 ereg.wip3.adobe.com #192.150.18.63
127.0.0.1 ereg.wip4.adobe.com #192.150.18.103
127.0.0.1 practivate.adobe.com #192.150.18.54
127.0.0.1 www.wip3.adobe.com #192.150.8.60
127.0.0.1 www.wip4.adobe.com #192.150.18.200
127.0.0.1 www.adobeereg.com #75.125.24.83
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HITACHI HTS725032A9A364 +++++
--- User ---
[MBR] 45d33f846187e74f95d8a09a6a1255a3
[BSP] b0140874fbdbae3556ea9cb68578aeed : Lenovo tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11132 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 22800384 | Size: 294111 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ayi490 [Admin rights]
Mode : Remove -- Date : 10/03/2012 23:18:11

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[TASK][SUSP PATH] {7A707390-71A0-402E-8E81-E826DE19EA03} : C:\Windows\system32\pcalua.exe -a C:\Users\Student\Desktop\JTabletSetupv0.9.5.exe -d "C:\Program Files (x86)\Mozilla Firefox" -> DELETED
[TASK][SUSP PATH] {80B38E40-7A83-40E7-ABE1-A7EB28544A78} : C:\Windows\system32\pcalua.exe -a C:\Users\Student\Desktop\lide25vst6411011aen\SetupSG.exe -d C:\Users\Student\Desktop\lide25vst6411011aen -> DELETED
[TASK][SUSP PATH] {937EBC88-6282-498C-960A-57A7FEDA79C3} : C:\Windows\system32\pcalua.exe -a "C:\Users\Student\Desktop\Easy Paint Tool SAI.exe" -d C:\Users\Student\Desktop -> DELETED
[TASK][SUSP PATH] {B1DA31C0-A3DF-49EC-86DB-907E9F73F878} : C:\Windows\system32\pcalua.exe -a C:\Users\Student\Desktop\MCPR.exe -d C:\Users\Student\Desktop -> DELETED
[TASK][SUSP PATH] {E007DDDD-4BF7-466A-AD68-F8F3DD25442A} : C:\Windows\system32\pcalua.exe -a C:\Users\Student\Desktop\Shockwave_Installer_Slim.exe -d "C:\Program Files (x86)\Mozilla Firefox" -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 3dns-2.adobe.com #192.150.22.22
127.0.0.1 3dns-3.adobe.com #192.150.14.21
127.0.0.1 3dns-4.adobe.com #192.150.18.247
127.0.0.1 3dns-5.adobe.com #192.150.22.46
127.0.0.1 adobe-dns.adobe.com #192.150.11.30
127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247
127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30
127.0.0.1 adobe.activate.com #69.175.22.26
127.0.0.1 activate.adobe.com #192.150.22.40
127.0.0.1 activate.wip3.adobe.com #192.150.22.40
127.0.0.1 activate.wip4.adobe.com #192.150.22.40
127.0.0.1 activate-sea.adobe.com #192.150.22.40
127.0.0.1 activate-sjc0.adobe.com #192.150.14.69
127.0.0.1 ereg.adobe.com #192.150.18.103
127.0.0.1 ereg.wip3.adobe.com #192.150.18.63
127.0.0.1 ereg.wip4.adobe.com #192.150.18.103
127.0.0.1 practivate.adobe.com #192.150.18.54
127.0.0.1 www.wip3.adobe.com #192.150.8.60
127.0.0.1 www.wip4.adobe.com #192.150.18.200
127.0.0.1 www.adobeereg.com #75.125.24.83
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HITACHI HTS725032A9A364 +++++
--- User ---
[MBR] 45d33f846187e74f95d8a09a6a1255a3
[BSP] b0140874fbdbae3556ea9cb68578aeed : Lenovo tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11132 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 22800384 | Size: 294111 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-03 23:19:57
-----------------------------
23:19:57.618 OS Version: Windows x64 6.1.7601 Service Pack 1
23:19:57.618 Number of processors: 4 586 0x2502
23:19:57.618 ComputerName: AYI490-PC UserName: ayi490
23:19:59.007 Initialize success
23:25:25.095 AVAST engine defs: 12100302
23:26:31.255 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:26:31.255 Disk 0 Vendor: HITACHI_ PC3Z Size: 305245MB BusType: 3
23:26:31.270 Disk 0 MBR read successfully
23:26:31.270 Disk 0 MBR scan
23:26:31.286 Disk 0 unknown MBR code
23:26:31.302 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 11132 MB offset 2048
23:26:31.317 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 294111 MB offset 22800384
23:26:31.364 Disk 0 scanning C:\Windows\system32\drivers
23:26:46.714 Service scanning
23:27:32.391 Modules scanning
23:27:32.391 Disk 0 trace - called modules:
23:27:32.407 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
23:27:32.423 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069bd060]
23:27:32.438 3 CLASSPNP.SYS[fffff880011c543f] -> nt!IofCallDriver -> [0xfffffa8004959800]
23:27:32.454 5 ACPI.sys[fffff88000f507a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800495f050]
23:27:33.686 AVAST engine scan C:\Windows
23:27:36.697 AVAST engine scan C:\Windows\system32
23:32:10.030 AVAST engine scan C:\Windows\system32\drivers
23:32:34.569 AVAST engine scan C:\Users\Student
23:39:00.935 Disk 0 MBR has been saved successfully to "C:\Users\Student\Desktop\MBR.dat"
23:39:00.950 The log file has been saved successfully to "C:\Users\Student\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-03 23:19:57
-----------------------------
23:19:57.618 OS Version: Windows x64 6.1.7601 Service Pack 1
23:19:57.618 Number of processors: 4 586 0x2502
23:19:57.618 ComputerName: AYI490-PC UserName: ayi490
23:19:59.007 Initialize success
23:25:25.095 AVAST engine defs: 12100302
23:26:31.255 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:26:31.255 Disk 0 Vendor: HITACHI_ PC3Z Size: 305245MB BusType: 3
23:26:31.270 Disk 0 MBR read successfully
23:26:31.270 Disk 0 MBR scan
23:26:31.286 Disk 0 unknown MBR code
23:26:31.302 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 11132 MB offset 2048
23:26:31.317 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 294111 MB offset 22800384
23:26:31.364 Disk 0 scanning C:\Windows\system32\drivers
23:26:46.714 Service scanning
23:27:32.391 Modules scanning
23:27:32.391 Disk 0 trace - called modules:
23:27:32.407 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
23:27:32.423 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069bd060]
23:27:32.438 3 CLASSPNP.SYS[fffff880011c543f] -> nt!IofCallDriver -> [0xfffffa8004959800]
23:27:32.454 5 ACPI.sys[fffff88000f507a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800495f050]
23:27:33.686 AVAST engine scan C:\Windows
23:27:36.697 AVAST engine scan C:\Windows\system32
23:32:10.030 AVAST engine scan C:\Windows\system32\drivers
23:32:34.569 AVAST engine scan C:\Users\Student
23:39:00.935 Disk 0 MBR has been saved successfully to "C:\Users\Student\Desktop\MBR.dat"
23:39:00.950 The log file has been saved successfully to "C:\Users\Student\Desktop\aswMBR.txt"
23:53:54.840 AVAST engine scan C:\ProgramData
00:00:31.059 Scan finished successfully
00:01:36.315 Disk 0 MBR has been saved successfully to "C:\Users\Student\Desktop\MBR.dat"
00:01:36.362 The log file has been saved successfully to "C:\Users\Student\Desktop\aswMBR.txt"


^( I accidentally saved the log once during the scan...)
 
Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

====================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If restarting doesn't help use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 12-10-03.03 - ayi490 04-Oct-12 1:00.1.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3956.1430 [GMT -4:00]
Running from: c:\users\Student\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\3002.abs
c:\programdata\3002.xml
c:\users\Public\sdelevURL.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-04 to 2012-10-04 )))))))))))))))))))))))))))))))
.
.
2012-10-04 05:11 . 2012-10-04 05:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-04 05:11 . 2012-10-04 05:11 -------- d-----w- c:\users\Administrator.AYI490-PC\AppData\Local\temp
2012-10-03 20:29 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FC0F79EE-9C8E-4EC7-B4EB-DD92187D17D8}\mpengine.dll
2012-10-03 19:18 . 2012-10-03 19:18 -------- d-----w- c:\users\Student\AppData\Roaming\Malwarebytes
2012-10-03 19:18 . 2012-10-03 19:18 -------- d-----w- c:\programdata\Malwarebytes
2012-10-03 19:18 . 2012-10-03 19:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-03 19:18 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-03 04:01 . 2012-10-03 04:01 -------- d-----w- c:\users\Default\AppData\Local\Bulents
2012-10-03 04:01 . 2012-10-03 04:01 -------- d-----w- c:\users\Administrator.AYI490-PC\AppData\Local\Bulents
2012-10-03 04:01 . 2012-10-03 04:01 -------- d-----w- c:\users\Student\AppData\Local\Bulents
2012-10-03 04:00 . 2012-10-03 04:01 -------- d-----w- c:\program files\BSR Screen Recorder 6
2012-10-02 17:09 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-27 20:39 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-27 20:38 . 2012-09-27 20:38 -------- d-----w- c:\program files\iPod
2012-09-27 20:38 . 2012-09-27 20:38 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-27 20:38 . 2012-09-27 20:38 -------- d-----w- c:\program files\iTunes
2012-09-27 20:38 . 2012-09-27 20:38 -------- d-----w- c:\program files (x86)\iTunes
2012-09-27 13:04 . 2012-09-27 13:04 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1125C0EB-E981-45AF-9997-4D60F9B7D47F}\gapaengine.dll
2012-09-17 20:37 . 2012-09-17 20:37 44544 ----a-w- c:\windows\SysWow64\agremove.exe
2012-09-12 21:15 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 21:15 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 21:15 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-09 06:41 . 2012-09-09 06:44 -------- d-----w- c:\programdata\TrackMania
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 04:18 . 2012-04-06 13:50 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 04:18 . 2011-05-29 21:40 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-17 19:25 . 2010-05-20 19:35 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-09-12 21:51 . 2010-05-20 18:01 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2011-04-27 13:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-29 00:24 . 2012-06-21 04:31 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-29 00:24 . 2011-04-01 01:19 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-21 17:01 . 2010-05-21 15:19 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2010-05-21 15:19 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-18 18:15 . 2012-08-15 00:16 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Student\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Student\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Student\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Student\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\Student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Student\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"LogonType"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-14 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-03-03 164200]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-14 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-09 114144]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-03-03 75112]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-09-28 55808]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-11-02 13312]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1255736]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2010-03-03 30320]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-10-09 23592]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-03-10 50536]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-11-17 44984]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-03-10 74088]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-02-01 206120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-31 382312]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 5716848]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-02-01 185640]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-01-18 63928]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-12-14 163072]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-30 292864]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-12-10 294064]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-31 1098784]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 04:18]
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-14 07:01]
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-14 07:01]
.
2012-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3330628032-2925737617-41503417-1002Core.job
- c:\users\Student\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 05:51]
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3330628032-2925737617-41503417-1002UA.job
- c:\users\Student\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 05:51]
.
2012-09-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2012-10-04 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Student\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Student\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Student\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Student\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-17 307768]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-03-10 62312]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://cpprod.stjohns.edu/cp/home/loginf
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: stjohns.edu
Trusted Zone: tellmemorecampus.com\www.stjohns
Trusted Zone: tellmemorecampus.com\www.stjohns
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\9bh0w57m.default\
FF - prefs.js: browser.startup.homepage - hxxp://cpprod.stjohns.edu/cp/home/loginf
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-rpcnet
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-AuralogComponentsUninstall9.exe - c:\windows\system32\\Auralog\tmm\Uninstall\AuralogComponentsUninstall9.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Completion time: 2012-10-04 01:19:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-04 05:19
.
Pre-Run: 79,471,960,064 bytes free
Post-Run: 78,917,423,104 bytes free
.
- - End Of File - - 4F62B7E05C8D8E9A9165DDD6B3D0FB66

firefox said it wasn't the default browser when I opened it after restarting.
 
Combofix did it. You can reset Firefox as default.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 04-Oct-12 3:24:37 PM - Run 1
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Student\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.86 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 68.97% Memory free
7.72 Gb Paging File | 6.16 Gb Available in Paging File | 79.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.22 Gb Total Space | 73.54 Gb Free Space | 25.61% Space Free | Partition Type: NTFS

Computer Name: AYI490-PC | User Name: ayi490 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-10-04 15:23:29 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Student\Desktop\OTL.exe
PRC - [2012-08-10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Student\AppData\Local\Akamai\netsession_win.exe
PRC - [2012-05-31 12:27:14 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-05-24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Student\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011-02-01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2011-02-01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2010-03-10 14:36:04 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010-03-10 14:35:44 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2010-03-10 14:35:40 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2010-03-01 11:29:12 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2010-03-01 11:29:10 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2010-03-01 11:17:52 | 000,344,064 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2010-01-18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009-12-21 18:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009-12-09 16:49:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009-12-09 14:37:14 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009-11-24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009-11-17 18:06:02 | 000,044,984 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2009-11-11 17:33:10 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2009-10-19 17:18:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2009-10-01 16:14:30 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009-09-25 16:11:08 | 001,028,096 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009-03-05 16:28:26 | 000,059,760 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2007-09-11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007-01-04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011-06-24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011-06-24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012-09-12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012-09-12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011-09-27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010-11-15 11:08:10 | 005,716,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2010-03-10 14:36:04 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2010-03-10 14:35:44 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2010-01-18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2009-11-18 14:04:24 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009-11-17 18:06:02 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2009-10-09 12:12:52 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2009-07-13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-10-02 23:54:53 | 000,531,792 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-09-21 00:18:46 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-09-09 19:41:07 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-09-06 16:19:55 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)
SRV - [2012-07-03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-05-31 12:27:14 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-12-12 06:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011-02-01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2011-02-01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2010-10-22 20:03:08 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-04-02 22:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010-03-03 03:20:00 | 000,164,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2010-03-03 03:20:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010-03-01 11:29:12 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2010-03-01 11:29:10 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-12-09 16:49:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009-12-09 14:37:14 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009-10-19 17:18:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009-09-25 16:11:08 | 001,028,096 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009-06-10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-04-29 11:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2007-09-11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007-01-04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-08-30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012-08-21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012-03-01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-15 06:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012-01-17 08:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011-09-21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011-09-02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011-09-02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011-03-11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-02-16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010-11-20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-11-20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010-11-02 16:07:54 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010-08-26 12:01:22 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010-08-26 12:01:18 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010-07-29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010-07-12 14:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010-05-21 12:48:23 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2010-04-23 00:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010-03-30 21:56:02 | 001,098,784 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010-03-03 03:20:00 | 000,030,320 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2010-03-03 03:20:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2010-01-20 07:14:06 | 000,682,040 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010-01-15 12:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009-12-14 17:09:08 | 000,163,072 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2009-12-10 09:37:56 | 000,294,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2009-11-18 14:04:04 | 000,032,880 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009-10-26 14:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009-10-09 12:11:38 | 000,136,744 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009-10-09 12:10:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009-09-28 16:46:00 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009-09-17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009-07-13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009-07-13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009-06-30 13:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009-06-30 13:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009-06-30 12:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009-06-10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009-06-10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009-06-10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009-06-10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-04-29 11:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009-01-09 17:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008-05-12 18:04:24 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2006-06-18 22:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009-07-13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cpprod.stjohns.edu/cp/home/loginf
IE - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 29 4A C9 68 3F F8 CA 01 [binary data]
IE - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\..\SearchScopes,DefaultScope = {CC93B958-2BFA-4897-B0AA-1F2D4B1D917F}
IE - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\..\SearchScopes\{CC93B958-2BFA-4897-B0AA-1F2D4B1D917F}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: ALone-live@ya.ru:1.3.8
FF - prefs.js..extensions.enabledAddons: DeviceDetection@logitech.com:1.23.0.5
FF - prefs.js..extensions.enabledAddons: faviconizetab@espion.just-size.jp:1.0.6
FF - prefs.js..extensions.enabledAddons: isreaditlater@ideashower.com:3.0.0
FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledAddons: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.9.1
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledItems: faviconizetab@espion.just-size.jp:1.0.1
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Student\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Student\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-11-28 02:42:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-11-28 04:17:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-12-16 02:47:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-09-09 19:41:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-09-09 19:40:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-09-09 19:41:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-09-09 19:40:34 | 000,000,000 | ---D | M]

[2010-05-21 14:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\Extensions
[2012-10-02 22:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\Firefox\Profiles\9bh0w57m.default\extensions
[2012-10-02 22:48:29 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Student\AppData\Roaming\mozilla\Firefox\Profiles\9bh0w57m.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012-08-03 21:38:36 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Users\Student\AppData\Roaming\mozilla\Firefox\Profiles\9bh0w57m.default\extensions\ALone-live@ya.ru
[2011-08-09 02:33:30 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Student\AppData\Roaming\mozilla\Firefox\Profiles\9bh0w57m.default\extensions\DeviceDetection@logitech.com
[2012-07-11 22:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\Firefox\Profiles\9bh0w57m.default\ReadItLater\RIL_assets\slot1.images.wikia.nocookie.net\__am\56196\sass\color-body3D25230c98c626color-page3D2523ebf2f526co\extensions
[2012-07-11 22:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\Firefox\Profiles\9bh0w57m.default\ReadItLater\RIL_assets\slot1.images.wikia.nocookie.net\__am\56196\sass\color-body3D25230c98c626color-page3D2523ebf2f526co\extensions\wikia
[2011-08-31 20:55:45 | 000,010,259 | ---- | M] () (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\firefox\profiles\9bh0w57m.default\extensions\faviconizetab@espion.just-size.jp.xpi
[2012-07-11 22:16:11 | 000,223,394 | ---- | M] () (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\firefox\profiles\9bh0w57m.default\extensions\isreaditlater@ideashower.com.xpi
[2012-09-01 18:03:25 | 000,185,363 | ---- | M] () (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\firefox\profiles\9bh0w57m.default\extensions\jid0-HYNmqxA9zQGfJADREri4n2AHKSI@jetpack.xpi
[2011-03-30 17:27:27 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\firefox\profiles\9bh0w57m.default\extensions\personas@christopher.beard.xpi
[2012-09-18 18:08:46 | 000,506,361 | ---- | M] () (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\firefox\profiles\9bh0w57m.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2012-07-24 22:22:03 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\firefox\profiles\9bh0w57m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012-03-19 08:12:09 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\firefox\profiles\9bh0w57m.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012-09-14 18:16:03 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\firefox\profiles\9bh0w57m.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012-04-09 16:51:07 | 000,006,108 | ---- | M] () (No name found) -- C:\Users\Student\AppData\Roaming\mozilla\firefox\profiles\9bh0w57m.default\ReadItLater\RIL_assets\a.deviantart.net\avatars\x\p\xpiggyyy3.png
[2012-09-24 22:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012-09-09 19:40:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012-09-24 22:39:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2011-12-16 02:47:22 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012-09-09 19:41:08 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-01-02 15:09:46 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011-12-09 13:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012-08-29 20:44:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-08-29 20:44:42 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://cpprod.stjohns.edu/cp/home/loginf
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://cpprod.stjohns.edu/cp/home/loginf
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Student\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Student\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Student\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Student\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Reader Library (Enabled) = C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Student\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Student\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: All Mangas Reader = C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjloagockgobfpopemejpgjjechcpfd\1.4.0_0\
CHR - Extension: Pocket (formerly Read It Later) = C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.1.3_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-10-04 01:13:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3330628032-2925737617-41503417-1002..\Run: [Akamai NetSession Interface] C:\Users\Student\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3330628032-2925737617-41503417-1002..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3330628032-2925737617-41503417-1002..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Student\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: stjohns.edu ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: tellmemorecampus.com ([www.stjohns] http in Trusted sites)
O15 - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\..Trusted Domains: stjohns.edu ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\..Trusted Domains: tellmemorecampus.com ([www.stjohns] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 149.68.17.12 149.68.23.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{538BC23C-8547-47A8-9AA9-1663E3A6EAE6}: DhcpNameServer = 149.68.17.12 149.68.23.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CD64A98-0BB0-4C2C-A69D-7C6D76846B74}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-10-04 15:23:27 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Student\Desktop\OTL.exe
[2012-10-04 01:19:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-10-04 01:14:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-10-04 00:58:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-10-04 00:58:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-10-04 00:58:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-10-04 00:58:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-10-04 00:52:38 | 004,761,955 | R--- | C] (Swearware) -- C:\Users\Student\Desktop\ComboFix.exe
[2012-10-03 22:37:09 | 000,000,000 | ---D | C] -- C:\Users\Student\Desktop\clearing
[2012-10-03 15:18:36 | 000,000,000 | ---D | C] -- C:\Users\Student\AppData\Roaming\Malwarebytes
[2012-10-03 15:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-10-03 15:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-10-03 15:18:13 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-10-03 15:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012-10-03 00:01:24 | 000,000,000 | ---D | C] -- C:\Users\Student\AppData\Local\Bulents
[2012-10-03 00:00:19 | 000,000,000 | ---D | C] -- C:\Users\Student\Documents\BSR Projects
[2012-10-03 00:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\BSR Screen Recorder 6
[2012-09-27 16:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012-09-27 16:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012-09-27 16:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012-09-27 16:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012-09-27 16:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012-09-27 16:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012-09-27 14:29:02 | 000,000,000 | ---D | C] -- C:\Users\Student\Desktop\external
[2012-09-26 17:18:04 | 000,000,000 | ---D | C] -- C:\Users\Student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012-09-20 22:07:29 | 000,000,000 | ---D | C] -- C:\Users\Student\Desktop\FALL12 MOVE TO GREEN
[2012-09-17 16:37:33 | 000,044,544 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\agremove.exe
[2012-09-09 19:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012-09-09 02:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2012-09-09 02:41:40 | 000,000,000 | ---D | C] -- C:\Users\Student\Documents\TrackMania

========== Files - Modified Within 30 Days ==========

[2012-10-04 15:23:29 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Student\Desktop\OTL.exe
[2012-10-04 15:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-10-04 14:57:08 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012-10-04 14:50:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3330628032-2925737617-41503417-1002UA.job
[2012-10-04 14:36:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-10-04 14:01:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-10-04 08:18:56 | 000,016,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-10-04 08:18:56 | 000,016,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-10-04 08:11:54 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012-10-04 08:10:45 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-10-04 08:10:05 | 3110,866,944 | -HS- | M] () -- C:\hiberfil.sys
[2012-10-04 01:13:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-10-04 00:52:51 | 004,761,955 | R--- | M] (Swearware) -- C:\Users\Student\Desktop\ComboFix.exe
[2012-10-03 04:50:01 | 000,000,862 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3330628032-2925737617-41503417-1002Core.job
[2012-09-29 00:14:28 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-09-29 00:14:28 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-09-29 00:14:28 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-09-27 08:39:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012-09-17 16:37:49 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\agremove.exe
[2012-09-17 15:25:51 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2012-09-10 08:49:53 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012-09-09 20:26:18 | 000,002,044 | ---- | M] () -- C:\Users\Student\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-09-07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012-10-04 00:58:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-10-04 00:58:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-10-04 00:58:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-10-04 00:58:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-10-04 00:58:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-08-21 18:36:06 | 000,003,690 | ---- | C] () -- C:\Users\Student\.jmf-resource
[2012-08-10 23:51:46 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012-06-10 02:26:04 | 000,000,132 | ---- | C] () -- C:\Users\Student\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012-05-31 12:27:26 | 000,418,152 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012-04-03 12:50:01 | 000,001,456 | ---- | C] () -- C:\Users\Student\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012-03-28 12:06:07 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-05-07 22:20:31 | 000,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys
[2011-05-07 22:20:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\WinFLsrv.exe
[2011-01-16 20:49:49 | 000,141,113 | ---- | C] () -- C:\Windows\hpwins27.dat
[2011-01-16 20:49:49 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat
[2011-01-09 21:37:14 | 000,003,584 | ---- | C] () -- C:\Users\Student\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-11-01 23:22:46 | 000,758,018 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010-11-01 23:22:46 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010-10-22 19:59:25 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010-08-27 17:58:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-05-21 15:06:16 | 000,002,162 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009-07-14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010-05-25 14:16:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator.AYI490-PC\AppData\Roaming\Ulead Systems
[2010-05-27 10:08:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator.AYI490-PC\AppData\Roaming\Update
[2010-05-25 14:16:00 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Ulead Systems
[2010-05-27 10:08:06 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Update
[2010-05-25 14:16:00 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Ulead Systems
[2010-05-27 10:08:06 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Update
[2010-08-27 18:04:41 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\acccore
[2011-08-02 22:39:05 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\Blackberry Desktop
[2012-04-27 13:21:12 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\Canon
[2012-04-27 13:28:36 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\Canon_Inc_IC
[2012-01-02 15:09:46 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\Catalina Marketing Corp
[2011-09-13 23:07:32 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\Downloaded Installations
[2012-10-04 15:01:15 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\Dropbox
[2010-09-03 23:36:40 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\Leadertech
[2010-08-28 00:11:04 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\ooVoo Details
[2012-05-07 13:01:33 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\PCDr
[2010-11-09 19:42:39 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\Research In Motion
[2011-08-25 22:02:35 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\StepMania 5
[2011-05-28 21:19:10 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\SYSTEMAX Software Development
[2011-06-14 12:46:09 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\TechWizard
[2010-05-25 14:16:00 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\Ulead Systems
[2012-05-04 18:14:10 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\Update
[2012-08-10 23:32:14 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\uTorrent
[2012-08-29 11:05:18 | 000,000,000 | ---D | M] -- C:\Users\Student\AppData\Roaming\Xerox

========== Purity Check ==========



< End of report >
 
OTL Extras logfile created on: 04-Oct-12 3:24:37 PM - Run 1
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Student\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.86 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 68.97% Memory free
7.72 Gb Paging File | 6.16 Gb Available in Paging File | 79.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.22 Gb Total Space | 73.54 Gb Free Space | 25.61% Space Free | Partition Type: NTFS

Computer Name: AYI490-PC | User Name: ayi490 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3330628032-2925737617-41503417-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F6D280-EEFD-433B-9CF3-C513BB970BE7}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0FE703C7-2F8E-4F99-8C88-77C9653C0127}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10ABAE3A-7FB6-4BC3-9111-E5545B2F7712}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{129D10E3-B19D-4875-A801-B853B37C21BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1B1D2E96-D840-4DA5-A11F-5F672C6A46E9}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1F0DEB74-0EA5-4B51-9D07-CD00AF8B3DBF}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{1FB62E23-2111-4D2B-B0B3-5988FE4342CC}" = lport=50006 | protocol=17 | dir=in | name=iha_messagecenter |
"{1FF9C6DC-AE43-4C3A-BE50-843A7BB4ADB1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{20FBC689-E1C9-4CB8-8881-B8309DE957F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{235CD83B-2FBE-485A-AE23-678EA4E8C6BC}" = lport=56548 | protocol=17 | dir=in | name=pando media booster |
"{27BA0555-04C2-48DA-B98B-ECB5A221D5F9}" = lport=50001 | protocol=17 | dir=in | name=iha_messagecenter |
"{288C3D60-4B02-409D-8F53-16744C3CDF02}" = lport=50016 | protocol=17 | dir=in | name=iha_messagecenter |
"{2C2D035E-C308-4B8D-A0B5-81DADE66C005}" = rport=10243 | protocol=6 | dir=out | app=system |
"{30B621A1-02F0-411B-A9A7-4F97B4579F02}" = rport=445 | protocol=6 | dir=out | app=system |
"{3663CFFF-B61B-49EB-91A5-5F0CBADA01CD}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{37E89BA3-06BE-4C14-836F-0DF8BB775D8F}" = lport=56548 | protocol=17 | dir=in | name=pando media booster |
"{3852B017-AA8A-4EC1-9F6A-5B7DD4BB11C7}" = lport=50120 | protocol=17 | dir=in | name=iha_messagecenter |
"{3BD7CCE9-7C67-4CFD-9D40-BF6E928EC550}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{45ED6580-A0E2-4109-B430-F0CF5E6C0F5A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5A80F6DA-E1F6-42AA-B4F5-315D6D85BADC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5ADEC110-AC9F-45BE-81E9-BCD71D9040C3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5CD4DD06-9809-4836-97B2-7D17B39F65F9}" = lport=139 | protocol=6 | dir=in | app=system |
"{5F0A2EFB-0B36-44FE-AC7C-3EA60E5206EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{60863641-B172-4899-B590-66AE476BDD73}" = rport=139 | protocol=6 | dir=out | app=system |
"{61517C41-73DC-40BB-A908-ABB31F23D829}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73D8DD87-BDEE-46EF-8124-42E7F521AD92}" = lport=50006 | protocol=17 | dir=in | name=iha_messagecenter |
"{756E68EE-BF00-4FE9-838B-8F810268E23C}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{79F88984-BD85-48E0-B5BB-C1FA0A0A28B6}" = lport=50008 | protocol=17 | dir=in | name=iha_messagecenter |
"{7D086D84-2FDF-471C-A604-103FAA0585BC}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{7E8014E0-4DF7-42DD-AAE0-C9D1F64AC803}" = lport=137 | protocol=17 | dir=in | app=system |
"{7F105708-3D3B-4147-9437-A67B3349F007}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8F048E65-382F-46B6-B183-DB6F418B5E6D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8F04A2DD-C8D1-4621-90DB-063714E8341F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{95AA72FF-E558-46DB-AC6F-19273C272EF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{969BD47F-3557-4AE0-A081-DB3E6C8869CC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A186F9FB-8A8C-437E-A232-FCB0E73E245D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{A23EE68F-A9B0-477B-A9CC-A5D0927EFD58}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A35B127F-2933-45CB-B535-0C0554FCE245}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A4CE3C11-E414-447C-BF0F-5F5E83A09086}" = lport=50120 | protocol=17 | dir=in | name=iha_messagecenter |
"{A74E5E24-8E7C-4EC3-8E35-FCDA0C57D14E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAC30094-1898-41A9-A75A-F8B54850FC8F}" = lport=50002 | protocol=17 | dir=in | name=iha_messagecenter |
"{AC2654E8-8550-4643-9EF2-B891D922C61C}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{B1B20CD9-59D7-48BE-B09A-76C5C94D96F1}" = lport=445 | protocol=6 | dir=in | app=system |
"{B26538F0-A1A7-4641-AEB7-31868FD97C37}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B573F819-EF70-4096-813F-607D8EEB1E5D}" = lport=138 | protocol=17 | dir=in | app=system |
"{BC794436-3302-4131-B0A7-0672EAE6DD2B}" = lport=56548 | protocol=6 | dir=in | name=pando media booster |
"{BF3C3B13-A5E1-4C4E-A11F-3EF3B8B77C4D}" = lport=56548 | protocol=6 | dir=in | name=pando media booster |
"{C24A6A05-DDDC-44D1-B4E8-B96B92105F86}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C4594B46-6F32-4E3E-A942-C96D19A89D78}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF1201C2-9028-4610-AC99-51010AFEBE10}" = rport=137 | protocol=17 | dir=out | app=system |
"{CF5B1143-E3E6-4FB8-BFF0-CB5BB6982BE9}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{D40A2B7C-3861-434D-B6D5-2472B68DDC66}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD95C5BB-E3F6-44FC-B700-ABF1654D6B5E}" = lport=50004 | protocol=17 | dir=in | name=iha_messagecenter |
"{DDBB92B3-D220-42A7-8112-C338EF4E13E9}" = rport=138 | protocol=17 | dir=out | app=system |
"{DF937E32-3997-4CE7-A977-652E5E34FE23}" = lport=50001 | protocol=17 | dir=in | name=iha_messagecenter |
"{E53D5D51-16D5-493F-BF63-251107DA2E2D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E9A392DC-6934-4EB0-A33A-39419B67512E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EA8F476D-4528-4F2C-BD96-D5214701F481}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6408782-D808-45C9-8CB7-B824F7EBDBFB}" = lport=50002 | protocol=17 | dir=in | name=iha_messagecenter |
"{F662D543-491D-48C4-BDDB-210D219303AC}" = rport=2869 | protocol=6 | dir=out | app=system |
"{F94DE338-1BC6-46CA-925B-4506B3FE2311}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0166D48D-8879-4B27-AFCF-21F4B0147E3A}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{03A360E9-35AD-440D-9DD4-763D2B7D63E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe |
"{0BB76C9B-D7F1-4F53-B5BB-A81325E74EAC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0E9A443E-9F52-4C66-9E6D-3DB4B606EDC6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{110A7782-70DA-4E85-A9CC-7321E7E87531}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1116012F-9F98-41BF-AA35-FEB4CDA3EE43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{111A14B3-BEE8-49F9-B3F3-9C00A89D405F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{11920327-E4F8-4F24-95AC-E95A44E6406C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1C4214ED-E1A8-44A1-98EF-53C99E083BCF}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{200EE95C-3F20-4FD1-A0AE-18CF48593E88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe |
"{24DC33F9-A2C5-4F28-B806-FEE49C7523D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{28168E01-E76E-44ED-BE32-2792DB648E21}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2C168CDB-563C-4370-82E7-D857035F643C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2FB4C703-F4A8-458C-86DC-0CFEF32C5A2C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{30EE4A4C-F56C-497E-8719-DAC7024EC4DF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{31D6985B-6F77-4E97-8A42-6E5BC1FB9285}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{3266F504-2660-434A-9D25-65390B6A9100}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{3594A4DE-DEAD-46BD-93DD-02B5F21AF95F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{3D78B1ED-27FB-4800-B8DC-785E6EB02C9D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{400B17DE-DBFF-4095-BF46-7A376029298E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{405A3571-10A6-48F2-B07C-A492593A585B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{43C07DB2-E374-4F23-9FB0-8D3992EF404E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{47BAD92E-5D6B-4837-B533-86B84F6D7865}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{47CC9AC9-7E2F-48E9-936C-5DAD771D05F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{4B953D56-7453-47F0-96ED-F7DC8E638D7B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{4CF9F539-6144-4A45-988F-F467728AB2C8}" = protocol=6 | dir=in | app=c:\users\student\appdata\roaming\dropbox\bin\dropbox.exe |
"{4FD3BB3B-BA88-4B9A-A34B-6A333D387C96}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{531AE0A7-C4D6-49D4-B119-0E89E4485623}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5995EC75-DE2F-4B0D-A63C-D33204228FCE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5C3D8538-7BFB-434E-8A9A-346C03D1ACB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{60E2146C-EABA-4599-A27E-DE27699DC8F8}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{63A52BD0-84DA-4724-BC42-5B6DE48E07FC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{671D346C-B591-4655-8907-A0D3E1FFB924}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6CF945E2-DF83-488C-A9AC-F84095DF00E2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6E010F04-DA18-451C-A9CC-E9AB04092834}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{75ECCC89-CE0D-4A23-8D0F-1AFDF4C0DEBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{78A7A29B-4000-463F-929C-092DC2CE8BCD}" = protocol=17 | dir=in | app=c:\users\student\appdata\roaming\dropbox\bin\dropbox.exe |
"{7CF48A68-38A8-41E9-B0A3-F3575E74B087}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe |
"{7F910FD4-6F76-420E-AF31-AA6A52587975}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{81620BFE-0E4B-4E78-854F-102D0DAE7568}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{853CD477-584B-490E-A0B8-32A2F064DDCE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{8C5CD581-1466-48B2-A3FB-FE5A89D87DD3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{8E42DD0C-E9E6-4AE4-9AB5-482C02BBA261}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{91E6A0D3-95D3-4633-A211-E64E626C7203}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{94B444E3-EA3C-4305-A060-DE5DDEED8B2B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{95089DEA-F90B-4A8D-83FA-860A0D957046}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{95BB96CC-D1DC-44FE-91E5-E5475BFE2833}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{99B9F803-A0B2-4E9F-A619-A290D04021F4}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{9A64A22E-8E0B-4497-B26B-6B3D1406C59F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9FB851C5-2634-4E01-B6FD-6F8BE22B73B6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe |
"{A261330D-E08B-4D3E-97D7-07E4D6A5DAC4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A4B44CAB-C164-4336-8383-0FAF158B389D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{A8024612-F0CB-4340-96FF-908C42D3E346}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B17F8220-9A86-436F-8504-5FE45D21C21B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B69EBCA8-AF8E-4116-8505-B963015B8BB1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{B7C5CB1E-6BD6-4DB9-8EB7-68369CB3DD83}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C8E08F0A-0162-4310-AA62-131AE94418F5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe |
"{C932C042-475F-462D-92A3-1321469B5EB4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe |
"{D2663289-ABB6-43B7-AA67-08CC97C3D8A6}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{D2966250-0113-40F6-9DFF-DFFEA7EE6FB5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D4A44869-39BA-4568-AA76-56835F531CDA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DEB2FB24-B728-499F-85F8-E1349D42EACF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe |
"{E212AAA1-BEEA-4116-9AFB-04DB08ABA021}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{E222E503-0806-432D-9323-6A39B25B156D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe |
"{E4A3CF73-6E72-4516-818F-FC1D191F62FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7FCC753-C54F-4027-8475-5C7D96FFCD02}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe |
"{E9F0BEBF-D7A1-4949-8F3E-E715B57211C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E9F2109B-EC4F-403B-A78C-A132D40636AB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{EF362DDC-0A61-412D-8BF0-CA09ADE4562F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{F0224EBF-6880-458E-B25E-0C34A2F7C90D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{F503D4F8-073E-4C6E-9C28-BD06B25A36E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe |
"{F58F2E27-0FCF-4DAF-A4DE-32DD4F0B6845}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F7E6A84F-405F-4588-B70F-2A30A00EFE7B}" = protocol=6 | dir=out | app=system |
"{FAB55D33-E74C-40C1-A437-E0FEEBB4BAB6}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{10CE433B-E960-42B2-8D0C-3AEE7CF17965}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{3FE14A0A-E3BF-4AC3-90BE-B05AA4C9F979}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{4E295460-B67B-480C-A73C-FA0DDF99F5C9}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{62D1B7F4-A980-4031-9463-0C8CADD8D3C1}C:\program files (x86)\steam\steamapps\kitcat1200\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\kitcat1200\team fortress 2\hl2.exe |
"TCP Query User{64DD7AA3-4DD8-4766-9449-82E7DFAC8937}C:\users\student\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\student\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{69694A89-9451-44A7-B92A-3C0427346699}C:\users\student\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\student\appdata\local\akamai\netsession_win.exe |
"TCP Query User{8E8E05DF-9C4F-4E94-A939-B03ED1819E12}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{D7FDC0FD-6ABD-4746-8AA2-5D1BD088A591}C:\users\student\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\student\appdata\local\akamai\netsession_win.exe |
"UDP Query User{28813FC5-F810-4648-B207-964D8DA63A72}C:\users\student\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\student\appdata\local\akamai\netsession_win.exe |
"UDP Query User{42F55E2F-D37E-4368-B5ED-FDA7067FA43E}C:\users\student\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\student\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{463F0859-6864-4D9F-AB0D-B8273F0560AD}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{6486498D-D846-4CC6-A711-1FC51E29473C}C:\users\student\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\student\appdata\local\akamai\netsession_win.exe |
"UDP Query User{89D19C9D-D3FF-4719-A434-870724AFC1BA}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{92A535C0-EA85-4718-9EF9-7C752AAAD98A}C:\program files (x86)\steam\steamapps\kitcat1200\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\kitcat1200\team fortress 2\hl2.exe |
"UDP Query User{BE88254A-6ADF-46CB-9491-92A791A1ED1D}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{C2E759A9-507C-4506-8B11-789A5AC5A3A2}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1EB2596D-80B0-4D55-AC31-6FCFE757081E}" = HP Officejet 4500 G510a-f
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.19
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"PROSet" = Intel(R) Network Connections Drivers
"SP6" = Logitech SetPoint 6.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Wacom Tablet Driver" = Wacom Tablet

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.06.02.02
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{35D103FC-FB66-4D1A-B1F9-E1D3CF43B2A7}" = Computrace
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5AE5DB70-5CE6-4876-A83E-8246CC36FC28}" = Microsoft Office PowerPoint 2007 Get Started Tab
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68B52EFD-86CC-486E-A8D0-A3A1554CB5BC}" = Microsoft Office Word 2007 Get Started Tab
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}" = Vz In Home Agent
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D2C60-A55F-4fed-B2B9-17394396DF01}" = ThinkPad Wireless LAN Adapter Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB706D91-2242-4E1D-B4D0-1ED35387F5A7}" = Microsoft Office Excel 2007 Get Started Tab
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
"{BEDF5135-3DDC-4488-BA2C-D94AB4BB8DA2}" = IHA_MessageCenter
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help_Web
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.1.0.19
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D547A594-AA85-4B92-80EB-47B371B98C68}" = Verizon Download Manager
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EC2F135B-48ED-4682-A90B-54846218C1F3}" = 4500G510af_web
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AdventureTime_Screensaver" = AdventureTime_Screensaver
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface Service
"AuralogComponentsUninstall9.exe" = AuralogComponentsUninstall9
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"DivX Setup" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"iWisoft Free Video Converter_is1" = iWisoft Free Video Converter 1.2
"JTablet" = JTablet
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MV RegClean 5.9 English_is1" = MV RegClean 5.9 English
"MV RegClean 6.0_is1" = MV RegClean 6.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 1840" = Source Filmmaker
"Steam App 41500" = Torchlight
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 520" = Team Fortress 2 Beta
"Steam App 550" = Left 4 Dead 2
"Steam App 63710" = BIT.TRIP RUNNER
"uTorrent" = µTorrent
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"VLC media player" = VLC media player 2.0.1
"VTFEdit_is1" = VTFEdit 1.2.5
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Winamp" = Winamp
"Write-N-Cite" = Write-N-Cite
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3330628032-2925737617-41503417-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 31-Jul-12 9:55:25 AM | Computer Name = ayi490-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 30071923

Error - 31-Jul-12 9:55:25 AM | Computer Name = ayi490-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 30071923

Error - 31-Jul-12 9:55:32 AM | Computer Name = ayi490-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=17,
authorId=9, vendorId=0, vendorType=0

Error - 31-Jul-12 9:55:32 AM | Computer Name = ayi490-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=25,
authorId=9, vendorId=0, vendorType=0

Error - 31-Jul-12 9:55:32 AM | Computer Name = ayi490-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=43,
authorId=9, vendorId=0, vendorType=0

Error - 31-Jul-12 8:05:47 PM | Computer Name = ayi490-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 31-Jul-12 8:05:47 PM | Computer Name = ayi490-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 36260685

Error - 31-Jul-12 8:05:47 PM | Computer Name = ayi490-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 36260685

Error - 31-Jul-12 8:05:54 PM | Computer Name = ayi490-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=17,
authorId=9, vendorId=0, vendorType=0

Error - 31-Jul-12 8:05:54 PM | Computer Name = ayi490-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=25,
authorId=9, vendorId=0, vendorType=0

Error - 31-Jul-12 8:05:54 PM | Computer Name = ayi490-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Skipping: Eap method DLL path validation failed. Error: typeId=43,
authorId=9, vendorId=0, vendorType=0

[ OSession Events ]
Error - 05-Mar-12 5:30:05 PM | Computer Name = ayi490-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 191
seconds with 0 seconds of active time. This session ended with a crash.

Error - 20-Jul-12 11:48:01 AM | Computer Name = ayi490-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1678
seconds with 120 seconds of active time. This session ended with a crash.

Error - 01-Aug-12 9:49:22 PM | Computer Name = ayi490-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1703
seconds with 600 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 04-Oct-12 12:47:35 PM | Computer Name = ayi490-PC | Source = ipnathlp | ID = 31004
Description =

Error - 04-Oct-12 12:47:44 PM | Computer Name = ayi490-PC | Source = ipnathlp | ID = 31004
Description =

Error - 04-Oct-12 12:47:46 PM | Computer Name = ayi490-PC | Source = ipnathlp | ID = 31004
Description =

Error - 04-Oct-12 2:01:06 PM | Computer Name = ayi490-PC | Source = ipnathlp | ID = 31004
Description =

Error - 04-Oct-12 2:03:11 PM | Computer Name = ayi490-PC | Source = ipnathlp | ID = 31004
Description =

Error - 04-Oct-12 2:03:23 PM | Computer Name = ayi490-PC | Source = ipnathlp | ID = 31004
Description =

Error - 04-Oct-12 2:03:36 PM | Computer Name = ayi490-PC | Source = ipnathlp | ID = 31004
Description =

Error - 04-Oct-12 3:30:30 PM | Computer Name = ayi490-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error - 04-Oct-12 3:30:30 PM | Computer Name = ayi490-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error - 04-Oct-12 3:30:30 PM | Computer Name = ayi490-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume2.


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
    O4 - HKLM..\Run: [] File not found
    O15:64bit: - ..Trusted Domains: stjohns.edu ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: tellmemorecampus.com ([www.stjohns] http in Trusted sites)
    O15 - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\..Trusted Domains: stjohns.edu ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-3330628032-2925737617-41503417-1002\..Trusted Domains: tellmemorecampus.com ([www.stjohns] http in Trusted sites)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
    [2009-07-14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
    
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
    
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
    
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
    
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-3330628032-2925737617-41503417-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tellmemorecampus.com\www.stjohns\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3330628032-2925737617-41503417-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\stjohns.edu\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3330628032-2925737617-41503417-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tellmemorecampus.com\www.stjohns\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: Administrator.AYI490-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: ayi490
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Student
->Temp folder emptied: 204997 bytes
->Temporary Internet Files folder emptied: 32569579 bytes
->Java cache emptied: 8460 bytes
->FireFox cache emptied: 546459334 bytes
->Google Chrome cache emptied: 276933999 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 39408 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6462 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66784 bytes
RecycleBin emptied: 1788 bytes

Total Files Cleaned = 817.00 mb


[EMPTYJAVA]

User: Administrator

User: Administrator.AYI490-PC
->Java cache emptied: 0 bytes

User: All Users

User: ayi490

User: Default
->Java cache emptied: 0 bytes

User: Default User
->Java cache emptied: 0 bytes

User: Public

User: Student
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.AYI490-PC
->Flash cache emptied: 0 bytes

User: All Users

User: ayi490

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Student
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.70.2 log created on 10042012_160546

Files\Folders moved on Reboot...
C:\Users\Student\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

My homepage changed again. Continue last scans?
 
Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java(TM) 6 Update 35
Java version out of Date!
Adobe Flash Player 11.4.402.265
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 19-09-2012
Ran by ayi490 (administrator) on 04-10-2012 at 16:32:05
Running from "C:\Users\Student\Desktop"
Microsoft Windows 7 Enterprise Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
# AdwCleaner v2.003 - Logfile created 10/04/2012 at 16:33:54
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (64 bits)
# User : ayi490 - AYI490-PC
# Boot Mode : Normal
# Running from : C:\Users\Student\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\Student\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\9bh0w57m.default\prefs.js

C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\9bh0w57m.default\user.js ... Deleted !

[OK] File is clean.

Profile name : default
File : C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\9bh0w57m.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3616 octets] - [04/10/2012 16:33:54]

########## EOF - C:\AdwCleaner[S1].txt - [3676 octets] ##########
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

==============================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

==============================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

13. Please, let me know, how your computer is doing.
 
You're very welcome
th_smiley_says_hello.gif


Make sure you complete all final steps.
 
So, lol turns out my homepage keeps changing after connecting to my school's wifi. I have no idea what that means. haha
 
I suggest you talk to your school IT people.
Maybe they are infected with some bug.
 
Back