Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Mevio Redirect


  • Please log in to reply

#1
dl9796

dl9796

    Member

  • Member
  • PipPipPip
  • 109 posts
Hello -

i have been infected by the Mevio virus. I keep getting redirected when i browse the internet. Malwarebytes is able to run but does not find anything to remove (same with avast). Nothing i try seems to get rid of this nasty beast. Running windows 7 64bit Pro. Any assistance would be appreciated. Here is my Log:

OTL logfile created on: 11/27/2011 10:54:50 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\dloomis\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.89 Gb Total Physical Memory | 5.21 Gb Available Physical Memory | 66.08% Memory free
15.78 Gb Paging File | 12.79 Gb Available in Paging File | 81.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.96 Gb Total Space | 314.54 Gb Free Space | 70.06% Space Free | Partition Type: NTFS
Drive E: | 3.62 Gb Total Space | 3.24 Gb Free Space | 89.53% Space Free | Partition Type: FAT32
Drive O: | 448.96 Gb Total Space | 314.54 Gb Free Space | 70.06% Space Free | Partition Type: CSC-CACHE
Drive Q: | 15.62 Gb Total Space | 6.73 Gb Free Space | 43.08% Space Free | Partition Type: NTFS

Computer Name: DL-ITDEPT | User Name: dloomis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/11/27 10:54:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\dloomis\Desktop\OTL.exe
PRC - [2011/09/06 15:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/09/01 19:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\dloomis\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/06/15 12:28:18 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe
PRC - [2011/06/15 12:28:18 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mlauncher.exe
PRC - [2011/06/15 12:28:18 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mcomm.exe
PRC - [2011/04/28 12:56:18 | 000,075,776 | ---- | M] () -- C:\Program Files (x86)\InfoDynamics, Inc\Intact Document Solution\IntactPrinter.Net.exe
PRC - [2011/03/30 15:24:26 | 000,135,168 | ---- | M] (MWA Intelligence) -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IDM_DCPC_SNMP.exe
PRC - [2011/03/30 08:58:30 | 000,160,768 | ---- | M] (MWA Intelligence) -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IMPSDiscoveryEngine.exe
PRC - [2011/03/30 08:57:32 | 000,046,080 | ---- | M] (MWA Intelligence) -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\IMPSUpdateEngine.exe
PRC - [2011/03/24 14:01:18 | 000,010,240 | ---- | M] (MWA Intelligence) -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\DCPC Watchdog Service.exe
PRC - [2011/03/14 19:04:14 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2011/02/25 20:46:30 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011/02/25 20:46:28 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2011/02/25 20:46:14 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/03 13:45:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/01/16 20:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/01/16 20:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/29 01:18:32 | 000,137,656 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2010/12/29 01:18:14 | 000,259,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2010/12/16 21:36:18 | 000,281,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
PRC - [2010/12/14 16:07:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2010/12/01 22:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/11/29 14:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010/11/24 02:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/07/01 05:05:32 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\InfoDynamics\Indexer\DocumentIndexingService.exe
PRC - [2010/06/07 06:39:36 | 005,395,968 | ---- | M] (hMailServer) -- C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe
PRC - [2010/04/07 00:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010/04/01 00:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010/03/11 16:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/03/08 17:59:18 | 000,131,584 | ---- | M] (SHARP CORPORATION) -- C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe
PRC - [2010/02/21 21:41:18 | 000,819,712 | ---- | M] (SHARP CORPORATION) -- C:\Program Files (x86)\Sharp\Sharpdesk\FTPServer.exe
PRC - [2010/02/21 21:38:04 | 000,919,552 | ---- | M] (SHARP CORPORATION) -- C:\Program Files (x86)\Sharp\Sharpdesk\nsapp.exe
PRC - [2010/02/15 17:23:30 | 000,595,208 | ---- | M] (ABBYY) -- C:\Program Files (x86)\InfoDynamics\License Server\EngineDongleManager.exe
PRC - [2009/10/20 16:27:34 | 000,057,344 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\tomcat6.exe
PRC - [2009/10/20 14:22:06 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2009/10/20 14:21:56 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2009/10/20 14:21:20 | 000,322,096 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe
PRC - [2009/10/20 14:21:20 | 000,121,392 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe
PRC - [2009/05/28 00:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/04/24 11:05:42 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/03/12 15:11:00 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactFTPServer.exe
PRC - [2009/02/25 09:52:50 | 000,049,152 | ---- | M] (InfoDynamics, Inc) -- C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactWebServer.exe
PRC - [2008/01/10 14:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 08:03:33 | 000,135,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\c523aa7f545394a1ed7f9a6358cf18e3\System.Data.DataSetExtensions.ni.dll
MOD - [2011/10/13 06:24:46 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011/10/12 16:12:39 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011/10/12 16:12:32 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll
MOD - [2011/10/12 16:12:32 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.Wrapper.dll
MOD - [2011/10/12 16:12:31 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011/10/12 16:12:31 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll
MOD - [2011/10/12 16:12:13 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 16:12:07 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 16:12:05 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/10/12 16:11:52 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/12 16:11:49 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 16:11:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/12 16:11:44 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/23 22:29:47 | 003,547,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Telerik.WinControls.UI\2010.1.10.504__5bb2a467cbec794e\Telerik.WinControls.UI.dll
MOD - [2011/06/23 22:29:47 | 001,609,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Telerik.WinControls\2010.1.10.504__5bb2a467cbec794e\Telerik.WinControls.dll
MOD - [2011/06/23 22:29:47 | 000,913,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Telerik.WinControls.UI.Design\2010.1.10.504__5bb2a467cbec794e\Telerik.WinControls.UI.Design.dll
MOD - [2011/06/23 22:29:46 | 001,753,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Telerik.WinControls.Themes.Office2007Silver\2010.1.10.504__5bb2a467cbec794e\Telerik.WinControls.Themes.Office2007Silver.dll
MOD - [2011/06/23 22:29:46 | 001,257,472 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Telerik.WinControls.Themes.Vista\2010.1.10.504__5bb2a467cbec794e\Telerik.WinControls.Themes.Vista.dll
MOD - [2011/06/23 22:29:46 | 001,212,416 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Telerik.WinControls.Themes.Telerik\2010.1.10.504__5bb2a467cbec794e\Telerik.WinControls.Themes.Telerik.dll
MOD - [2011/06/23 22:29:46 | 000,929,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Telerik.WinControls.GridView\2010.1.10.504__5bb2a467cbec794e\Telerik.WinControls.GridView.dll
MOD - [2011/06/23 22:29:46 | 000,113,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Telerik.WinControls.Themes.Office2010\2010.1.10.504__5bb2a467cbec794e\Telerik.WinControls.Themes.Office2010.dll
MOD - [2011/06/23 22:29:45 | 001,966,080 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Telerik.WinControls.Themes.Office2007Black\2010.1.10.504__5bb2a467cbec794e\Telerik.WinControls.Themes.Office2007Black.dll
MOD - [2011/06/23 22:29:45 | 001,265,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Telerik.WinControls.Themes.Miscellaneous\2010.1.10.504__5bb2a467cbec794e\Telerik.WinControls.Themes.Miscellaneous.dll
MOD - [2011/06/23 22:29:44 | 002,061,312 | ---- | M] () -- C:\Windows\assembly\GAC_32\Atalasoft.dotImage.PdfRasterizer\9.0.1.38592__2b02b46f7326f73b\Atalasoft.dotImage.PdfRasterizer.dll
MOD - [2011/06/23 22:29:44 | 001,400,832 | ---- | M] () -- C:\Windows\assembly\GAC_32\Atalasoft.dotImage\9.0.1.38592__2b02b46f7326f73b\Atalasoft.dotImage.dll
MOD - [2011/06/23 22:29:44 | 000,634,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\TelerikCommon\2010.1.10.504__5bb2a467cbec794e\TelerikCommon.dll
MOD - [2011/06/23 22:29:44 | 000,548,864 | ---- | M] () -- C:\Windows\assembly\GAC_32\Atalasoft.dotImage.WinControls\9.0.1.38592__2b02b46f7326f73b\Atalasoft.dotImage.WinControls.dll
MOD - [2011/06/23 22:29:44 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Atalasoft.Shared\3.0.0.2__2b02b46f7326f73b\Atalasoft.Shared.dll
MOD - [2011/06/23 22:29:44 | 000,180,224 | ---- | M] () -- C:\Windows\assembly\GAC_32\Atalasoft.dotImage.Ocr\9.0.1.38592__2b02b46f7326f73b\Atalasoft.dotImage.Ocr.dll
MOD - [2011/06/23 22:29:43 | 001,836,544 | ---- | M] () -- C:\Windows\assembly\GAC_32\Atalasoft.dotImage.Lib\9.0.1.38592__2b02b46f7326f73b\Atalasoft.dotImage.Lib.dll
MOD - [2011/06/23 22:29:42 | 002,399,232 | ---- | M] () -- C:\Windows\assembly\GAC_32\Atalasoft.dotImage.Barcoding\9.0.1.38592__2b02b46f7326f73b\Atalasoft.dotImage.Barcoding.dll
MOD - [2011/06/23 22:29:41 | 001,126,400 | ---- | M] () -- C:\Windows\assembly\GAC_32\Atalasoft.DotAnnotate\9.0.1.38592__2b02b46f7326f73b\Atalasoft.DotAnnotate.dll
MOD - [2011/06/23 22:29:41 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_32\Atalasoft.DotImage.Annotate\9.0.1.38592__2b02b46f7326f73b\Atalasoft.DotImage.Annotate.dll
MOD - [2011/04/28 12:56:18 | 000,075,776 | ---- | M] () -- C:\Program Files (x86)\InfoDynamics, Inc\Intact Document Solution\IntactPrinter.Net.exe
MOD - [2011/04/28 12:52:40 | 000,285,696 | ---- | M] () -- C:\Program Files (x86)\InfoDynamics, Inc\Intact Document Solution\Intact.Common.UI.Integration.dll
MOD - [2011/04/28 12:52:08 | 001,864,704 | ---- | M] () -- C:\Program Files (x86)\InfoDynamics, Inc\Intact Document Solution\Intact.Common.UI.dll
MOD - [2011/04/28 12:51:12 | 000,215,040 | ---- | M] () -- C:\Program Files (x86)\InfoDynamics, Inc\Intact Document Solution\Intact.Common.UI.Dialog.dll
MOD - [2011/04/28 12:51:08 | 000,113,664 | ---- | M] () -- C:\Program Files (x86)\InfoDynamics, Inc\Intact Document Solution\Intact.Common.Print.dll
MOD - [2011/04/28 12:50:18 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\InfoDynamics, Inc\Intact Document Solution\Intact.Common.Settings.dll
MOD - [2011/04/28 12:50:14 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\InfoDynamics, Inc\Intact Document Solution\Intact.Common.Logging.dll
MOD - [2011/04/28 12:50:12 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\InfoDynamics, Inc\Intact Document Solution\Impersonator.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | -H-- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/20 22:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/20 22:24:07 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/04/06 11:05:16 | 002,085,888 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cv210.dll
MOD - [2010/04/06 11:04:06 | 002,201,088 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cxcore210.dll
MOD - [2010/02/21 21:50:06 | 000,930,304 | ---- | M] () -- C:\Program Files (x86)\Sharp\Sharpdesk\SCprMfpif.dll
MOD - [2010/02/21 21:44:36 | 000,006,144 | ---- | M] () -- C:\Program Files (x86)\Sharp\Sharpdesk\discoveryps.dll
MOD - [2009/06/10 16:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/05/28 00:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/02/25 20:46:30 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2011/02/25 20:46:14 | 000,040,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011/01/26 06:38:11 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2010/12/18 17:50:36 | 000,962,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/12/17 16:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/17 16:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/12/17 07:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010/12/15 18:46:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/12/03 15:01:54 | 000,116,072 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV:64bit: - [2010/12/02 21:00:56 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2010/12/01 22:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2010/11/24 02:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2010/11/20 22:24:51 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010/11/20 22:24:38 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2010/11/12 04:48:50 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/07 00:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2009/11/05 11:24:00 | 001,044,992 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\LMabcoms.exe -- (lmab_device)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 20:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
SRV:64bit: - [2009/07/13 20:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2007/05/29 18:48:04 | 000,020,480 | ---- | M] (Oki Data Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\OPHGLDCS.EXE -- (OKI OPHG DCS Loader)
SRV - [2011/03/30 15:24:26 | 000,135,168 | ---- | M] (MWA Intelligence) [Auto | Running] -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IDM_DCPC_SNMP.exe -- (IDM_DCPC_SNMP)
SRV - [2011/03/30 08:58:30 | 000,160,768 | ---- | M] (MWA Intelligence) [Auto | Running] -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IMPSDiscoveryEngine.exe -- (IMPSDiscoveryEngine)
SRV - [2011/03/30 08:57:32 | 000,046,080 | ---- | M] (MWA Intelligence) [Auto | Running] -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\IMPSUpdateEngine.exe -- (IMPSUpdateEngine)
SRV - [2011/03/24 14:01:18 | 000,010,240 | ---- | M] (MWA Intelligence) [Auto | Running] -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\DCPC Watchdog Service.exe -- (MWAServiceMonitor)
SRV - [2011/03/14 19:04:14 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/03 13:45:00 | 000,155,496 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2011/02/03 13:45:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011/01/16 20:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/01/16 20:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/12/14 16:07:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010/11/29 14:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel®
SRV - [2010/11/20 22:25:10 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/11/20 22:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 22:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 22:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/09/02 13:06:38 | 000,016,896 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\InfoDynamics\IntactActionService\IntactActionService.exe -- (IntactActionService)
SRV - [2010/07/01 05:05:32 | 000,010,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\InfoDynamics\Indexer\DocumentIndexingService.exe -- (DocumentIndexingService)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/06/07 06:39:36 | 005,395,968 | ---- | M] (hMailServer) [Auto | Running] -- C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe -- (hMailServer)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 16:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/15 17:23:30 | 000,595,208 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\InfoDynamics\License Server\EngineDongleManager.exe -- (Engine9DongleManagerService)
SRV - [2009/11/05 11:24:00 | 000,593,920 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\LMabcoms.exe -- (lmab_device)
SRV - [2009/10/20 16:27:34 | 000,057,344 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe -- (VMwareServerWebAccess)
SRV - [2009/10/20 14:22:06 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/20 14:21:56 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/20 14:21:20 | 000,322,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe -- (VMwareHostd)
SRV - [2009/10/20 14:21:20 | 000,121,392 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/09/03 21:22:46 | 000,065,024 | ---- | M] (Gravic) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Gravic\RemarkFTPUtility12.exe -- (Remark FTP Utility)
SRV - [2009/07/13 20:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/23 14:49:56 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/03/12 15:11:00 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactFTPServer.exe -- (IntactFTPServer)
SRV - [2009/02/25 09:52:50 | 000,049,152 | ---- | M] (InfoDynamics, Inc) [Auto | Running] -- C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactWebServer.exe -- (IntactWebServer)
SRV - [2008/01/10 14:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2007/05/24 06:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 15:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 15:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 15:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 15:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 15:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 15:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/06/04 07:28:54 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 22:10:38 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2011/03/10 22:10:30 | 012,264,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/02/17 05:25:02 | 001,419,824 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/02/09 13:48:56 | 001,577,600 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/03 13:45:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2011/02/03 13:45:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2010/12/23 14:55:44 | 000,166,528 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010/12/21 11:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/12/20 11:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®
DRV:64bit: - [2010/12/18 02:58:00 | 000,425,000 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010/12/18 02:57:34 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/12/18 02:57:34 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/12/18 02:57:32 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/12/18 02:57:32 | 000,145,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/12/15 18:45:16 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2010/12/15 18:43:00 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010/12/14 21:12:00 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2010/12/03 15:01:58 | 000,031,592 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 08:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 06:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/12 04:48:30 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2010/11/05 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/09/07 00:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/08/20 23:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/12/02 02:33:30 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/10/20 14:23:48 | 000,076,336 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2009/10/20 14:23:44 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2009/10/20 14:23:36 | 000,065,072 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2009/10/20 14:22:54 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2009/10/20 14:21:10 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2009/10/20 14:21:10 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009/09/24 06:58:38 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2009/09/09 12:38:24 | 000,072,736 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\nlem64nt.sys -- (nlem64nt)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\dloomis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\dloomis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/25 21:07:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/14 17:44:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/06/14 17:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dloomis\AppData\Roaming\mozilla\Extensions
[2011/11/27 08:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/15 07:18:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/25 21:07:14 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\dloomis\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\dloomis\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\dloomis\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\dloomis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\dloomis\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Qualys BrowserCheck = C:\Users\dloomis\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekpjhkjhpbabigpoojijebfpficekjp\1.3.23.1_0\

O1 HOSTS File: ([2011/11/27 10:01:05 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [SR0XRCV] C:\Windows\SysNative\spool\drivers\x64\3\SR0XRCV.exe (SHARP CORPORATION)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FtpServer.exe] C:\Program Files (x86)\Sharp\Sharpdesk\FtpServer.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [IndexTray.exe] C:\Program Files (x86)\Sharp\Sharpdesk\IndexTray.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [SharpTray.exe] C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe (SHARP CORPORATION)
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - Startup: C:\Users\dloomis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\dloomis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll (VMware, Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} https://browsercheck....com/qbc_ax.cab (Qualys BrowserCheck)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} http://75.147.67.38:...dows-i586-p.exe (Java Plug-in)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://lexmark-even...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MANNING.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D1B0F2F-6668-45DA-ABF9-F27D23542FD6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25061D1D-6EF0-4AA5-9098-2491B61CC892}: NameServer = 132.145.80.89
O18:64bit: - Protocol\Handler\intu-help-qb1 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\sds - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\sds {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files (x86)\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/27 08:55:49 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/27 10:54:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\dloomis\Desktop\OTL.exe
[2011/11/27 10:03:34 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\GooredFix Backups
[2011/11/27 09:43:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/11/27 09:43:56 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/27 09:01:52 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Local\CrashDumps
[2011/11/27 08:55:37 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/11/27 08:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/11/27 08:54:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/11/27 08:49:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/27 08:31:31 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\dloomis\Desktop\tdsskiller.exe
[2011/11/27 08:19:55 | 000,065,072 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmci.sys
[2011/11/27 08:19:51 | 000,038,448 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2011/11/27 08:19:49 | 000,076,336 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2011/11/27 08:19:10 | 000,326,192 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2011/11/27 08:19:06 | 000,399,920 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2011/11/27 08:19:05 | 000,030,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2011/11/27 08:18:58 | 000,920,112 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2011/11/27 01:21:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/27 01:21:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/27 01:21:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/27 01:20:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/27 01:19:57 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/27 01:14:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/27 00:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/11/27 00:43:05 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/11/27 00:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/11/27 00:42:25 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Documents\Symantec
[2011/11/27 00:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/11/27 00:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2011/11/27 00:32:35 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Local\ID Vault
[2011/11/27 00:31:18 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\ID Vault
[2011/11/27 00:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Constant Guard Protection Suite
[2011/11/27 00:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\White Sky, Inc
[2011/11/27 00:22:46 | 000,000,000 | ---D | C] -- C:\Users\dloomis\DoctorWeb
[2011/11/26 22:35:49 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\qualys
[2011/11/26 22:25:12 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/11/26 22:24:34 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Local\Google
[2011/11/26 21:50:17 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\tdsskiller
[2011/11/26 19:51:03 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware
[2011/11/26 19:21:20 | 532,132,088 | ---- | C] (VMware, Inc.) -- C:\VMware-server-2.0.2-203138.exe
[2011/11/26 19:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2011/11/26 18:24:13 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\ABBYY FineReader Engine 9.0
[2011/11/26 18:24:13 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Local\ABBYY FineReader Engine 9.0
[2011/11/26 18:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sherpa
[2011/11/26 17:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Business Objects
[2011/11/26 17:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/11/26 17:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/11/26 15:35:20 | 000,000,000 | ---D | C] -- C:\Copy of VMware
[2011/11/26 12:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/11/26 10:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/11/26 10:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/11/25 23:00:36 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\Malwarebytes
[2011/11/25 23:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/25 23:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/25 23:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/25 21:21:30 | 532,132,088 | ---- | C] (VMware, Inc.) -- C:\Users\dloomis\Desktop\VMware-server-2.0.2-203138.exe
[2011/11/21 09:08:55 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\OMD
[2011/11/08 14:03:46 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\Panasonic
[2011/11/07 09:31:53 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\6420-1055_equitrac_medusa_1_12_08
[2011/11/07 08:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Equitrac
[2011/11/07 08:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Equitrac
[2011/10/30 17:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/30 17:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/30 17:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/30 17:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/30 17:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/30 17:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/08/30 20:48:53 | 001,040,384 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabserv.dll
[2011/08/30 20:48:53 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcomc.dll
[2011/08/30 20:48:53 | 000,593,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcoms.exe
[2011/08/30 20:48:53 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcomm.dll
[2011/08/30 20:48:53 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabhcp.dll

========== Files - Modified Within 30 Days ==========

[2011/11/27 10:54:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\dloomis\Desktop\OTL.exe
[2011/11/27 10:47:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000UA.job
[2011/11/27 10:36:11 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 10:36:11 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 10:35:57 | 000,931,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/27 10:35:57 | 000,771,534 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/27 10:35:57 | 000,160,578 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/27 10:29:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127UA.job
[2011/11/27 10:26:22 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/11/27 10:25:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/27 10:25:25 | 2058,801,151 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/27 10:01:05 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/11/27 09:43:56 | 000,002,985 | ---- | M] () -- C:\Users\dloomis\Desktop\HiJackThis.lnk
[2011/11/27 08:59:32 | 001,008,114 | ---- | M] () -- C:\Users\dloomis\Desktop\iExplore.exe
[2011/11/27 08:55:49 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/11/27 08:31:31 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\dloomis\Desktop\tdsskiller.exe
[2011/11/27 00:40:30 | 000,001,376 | ---- | M] () -- C:\Users\dloomis\Desktop\Norton Installation Files.lnk
[2011/11/26 22:29:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127Core.job
[2011/11/26 18:14:45 | 000,001,899 | ---- | M] () -- C:\Users\dloomis\Desktop\Compass Sherpa.lnk
[2011/11/26 17:38:35 | 000,002,325 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intact Printer.lnk
[2011/11/26 17:05:44 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/11/26 11:47:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000Core.job
[2011/11/25 21:26:07 | 532,132,088 | ---- | M] (VMware, Inc.) -- C:\VMware-server-2.0.2-203138.exe
[2011/11/25 21:26:07 | 532,132,088 | ---- | M] (VMware, Inc.) -- C:\Users\dloomis\Desktop\VMware-server-2.0.2-203138.exe
[2011/11/25 21:11:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/25 16:14:15 | 000,000,336 | ---- | M] () -- C:\ProgramData\IoohtsDmVFndjq
[2011/11/23 13:19:25 | 000,002,008 | -H-- | M] () -- C:\Users\dloomis\Documents\Default.rdp
[2011/11/23 12:15:21 | 000,000,441 | ---- | M] () -- C:\Users\dloomis\Documents\ChatLog Print Submission Webinar 2011_11_23 12_15.rtf
[2011/11/22 16:30:09 | 003,409,919 | ---- | M] () -- C:\Users\dloomis\Desktop\websubmission.pdf
[2011/11/21 09:07:47 | 000,001,890 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/11/21 09:07:04 | 000,007,597 | ---- | M] () -- C:\Users\dloomis\AppData\Local\Resmon.ResmonCfg
[2011/11/19 18:01:36 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/16 11:28:59 | 000,383,432 | ---- | M] () -- C:\Users\dloomis\Desktop\OCM Comments.pdf
[2011/11/14 19:14:42 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/11/10 15:01:00 | 000,456,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/09 11:35:17 | 000,965,838 | ---- | M] () -- C:\Users\dloomis\Desktop\Faxcore_ PO.pdf
[2011/11/09 09:50:41 | 000,071,125 | ---- | M] () -- C:\Users\dloomis\Desktop\GroupReport.pdf
[2011/11/04 22:09:48 | 000,018,281 | ---- | M] () -- C:\Users\dloomis\Desktop\success.csv
[2011/11/03 11:41:34 | 004,493,312 | ---- | M] () -- C:\Users\dloomis\Documents\OCM Call Tracker.accdb

========== Files Created - No Company Name ==========

[2011/11/27 09:43:56 | 000,002,985 | ---- | C] () -- C:\Users\dloomis\Desktop\HiJackThis.lnk
[2011/11/27 08:59:22 | 001,008,114 | ---- | C] () -- C:\Users\dloomis\Desktop\iExplore.exe
[2011/11/27 08:55:49 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/11/27 01:21:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/27 01:21:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/27 01:21:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/27 01:21:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/27 01:21:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/27 00:50:41 | 000,002,445 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/11/27 00:40:30 | 000,001,376 | ---- | C] () -- C:\Users\dloomis\Desktop\Norton Installation Files.lnk
[2011/11/26 22:24:37 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127UA.job
[2011/11/26 22:24:35 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127Core.job
[2011/11/26 18:14:45 | 000,001,899 | ---- | C] () -- C:\Users\dloomis\Desktop\Compass Sherpa.lnk
[2011/11/26 18:00:07 | 000,002,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compass Sherpa.lnk
[2011/11/26 17:05:44 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/11/26 11:42:48 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000UA.job
[2011/11/26 11:42:47 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000Core.job
[2011/11/25 16:14:15 | 000,000,336 | ---- | C] () -- C:\ProgramData\IoohtsDmVFndjq
[2011/11/23 12:15:21 | 000,000,441 | ---- | C] () -- C:\Users\dloomis\Documents\ChatLog Print Submission Webinar 2011_11_23 12_15.rtf
[2011/11/22 16:30:09 | 003,409,919 | ---- | C] () -- C:\Users\dloomis\Desktop\websubmission.pdf
[2011/11/21 09:07:04 | 000,007,597 | ---- | C] () -- C:\Users\dloomis\AppData\Local\Resmon.ResmonCfg
[2011/11/16 11:28:59 | 000,383,432 | ---- | C] () -- C:\Users\dloomis\Desktop\OCM Comments.pdf
[2011/11/09 11:35:17 | 000,965,838 | ---- | C] () -- C:\Users\dloomis\Desktop\Faxcore_ PO.pdf
[2011/11/09 09:50:41 | 000,071,125 | ---- | C] () -- C:\Users\dloomis\Desktop\GroupReport.pdf
[2011/11/04 22:09:48 | 000,018,281 | ---- | C] () -- C:\Users\dloomis\Desktop\success.csv
[2011/08/30 08:13:19 | 000,024,052 | ---- | C] () -- C:\Windows\net32.bin
[2011/08/15 09:54:03 | 000,159,836 | ---- | C] () -- C:\Windows\_isusr32.dll
[2011/08/15 09:54:03 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\_isusr2k.dll
[2011/08/06 11:10:29 | 000,026,427 | ---- | C] () -- C:\Windows\CSTBox.INI
[2011/07/12 19:27:10 | 000,000,088 | -HS- | C] () -- C:\ProgramData\763428A7D1.sys
[2011/06/14 17:09:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/06/13 12:06:59 | 000,000,244 | ---- | C] () -- C:\Windows\omd.ini
[2011/06/10 22:01:56 | 000,884,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/10 15:22:39 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/06/09 12:53:11 | 000,002,820 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/06/04 07:34:14 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/06/04 07:34:14 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/06/04 07:34:13 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/06/04 07:16:54 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/09/09 10:45:18 | 000,039,800 | ---- | C] () -- C:\Windows\SysWow64\secbuild.dll
[2009/09/09 10:45:10 | 000,030,072 | ---- | C] () -- C:\Windows\SysWow64\sectools.dll
[2009/09/09 10:44:56 | 000,055,160 | ---- | C] () -- C:\Windows\SysWow64\nlem32nt.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/12 12:35:00 | 000,857,307 | ---- | C] () -- C:\Windows\SysWow64\SSCProt.dll
[2007/10/29 23:26:30 | 000,516,096 | ---- | C] () -- C:\Windows\SysWow64\IntactResources.dll
[2006/01/13 10:19:06 | 000,000,837 | ---- | C] () -- C:\Windows\SysWow64\noise.dat
[2005/06/03 14:54:06 | 000,002,545 | ---- | C] () -- C:\Windows\SysWow64\stemming.dat
[2002/04/16 08:14:44 | 001,683,456 | R--- | C] () -- C:\Windows\SysWow64\Ltclr13n.dll
[2002/04/16 08:14:44 | 000,118,784 | R--- | C] () -- C:\Windows\SysWow64\Lfkodak.dll
[2002/04/16 08:14:42 | 000,338,944 | R--- | C] () -- C:\Windows\SysWow64\Lffpx7.dll
[2001/01/19 14:02:46 | 000,003,769 | ---- | C] () -- C:\Windows\SysWow64\OPTIONS.DAT

< End of report >

Edited by dl9796, 27 November 2011 - 10:23 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi Ron,

Here are the logs from Malwarebytes, Combo and OTL. The other two programs don't start- TDSSKiller and aswMBR. Thank you for your help. I'll stand by for your reply:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8253

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/27/2011 2:59:02 PM
mbam-log-2011-11-27 (14-59-02).txt

Scan type: Quick scan
Objects scanned: 272904
Time elapsed: 1 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
_________________________________________

ComboFix 11-11-26.04 - dloomis 11/27/2011 1:32.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8079.5335 [GMT -5:00]
Running from: c:\users\dloomis\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\contacts.bin
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\hr3
c:\programdata\AMMYY\settings.bin
c:\programdata\AMMYY\settings3.bin
c:\programdata\PCDr\5849\AddOnDownloaded\96963609-8feb-4f10-b100-425cef18a0db.dll
c:\programdata\PCDr\5849\AddOnDownloaded\a2010314-d0e4-41be-bfeb-ca5bf837f119.dll
c:\programdata\Roaming
c:\users\dloomis\g2mdlhlpx.exe
c:\users\dloomis\GoToAssistDownloadHelper.exe
c:\windows\system32\Thumbs.db
c:\windows\SysWow64\regobj.dll
Q:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-27 07:14 . 2011-11-27 07:14 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2011-11-27 07:14 . 2011-11-27 07:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-27 07:14 . 2011-11-27 07:14 -------- d-----w- c:\users\Dave\AppData\Local\temp
2011-11-27 07:14 . 2011-11-27 07:14 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2011-11-27 07:14 . 2011-11-27 07:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-27 07:14 . 2011-11-27 07:14 -------- d-----w- c:\users\Administrator.DL-ITDEPT\AppData\Local\temp
2011-11-27 05:45 . 2011-11-27 05:45 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-11-27 05:43 . 2010-08-21 04:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-11-27 05:42 . 2011-11-27 05:42 174640 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-11-27 05:42 . 2011-11-27 05:42 -------- d-----w- c:\program files\Symantec
2011-11-27 05:42 . 2011-11-27 05:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-11-27 05:42 . 2011-11-27 05:42 -------- d-----w- c:\windows\system32\drivers\N360x64
2011-11-27 05:42 . 2011-11-27 05:42 -------- d-----w- c:\program files (x86)\Norton Security Suite
2011-11-27 05:42 . 2011-11-27 05:42 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-11-27 05:40 . 2011-11-27 05:42 -------- d-----w- c:\programdata\Norton
2011-11-27 05:32 . 2011-11-27 05:33 -------- d-----w- c:\users\dloomis\AppData\Local\ID Vault
2011-11-27 05:32 . 2011-11-27 05:32 -------- d-----w- c:\programdata\IsolatedStorage
2011-11-27 05:31 . 2011-11-18 21:37 91720 ----a-w- c:\program files (x86)\Mozilla Firefox\IdVaultCore.XmlSerializers.dll
2011-11-27 05:31 . 2011-11-18 21:37 1642056 ----a-w- c:\program files (x86)\Mozilla Firefox\IdVaultCore.dll
2011-11-27 05:30 . 2011-11-27 05:30 -------- d-----w- c:\programdata\White Sky, Inc
2011-11-27 05:22 . 2011-11-27 05:22 -------- d-----w- c:\users\dloomis\DoctorWeb
2011-11-27 03:35 . 2011-11-27 03:35 -------- d-----w- c:\users\dloomis\AppData\Roaming\qualys
2011-11-27 03:24 . 2011-11-27 03:25 -------- d-----w- c:\users\dloomis\AppData\Local\Google
2011-11-27 03:22 . 2011-11-27 03:22 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-11-27 00:52 . 2009-10-20 19:23 65072 ----a-w- c:\windows\system32\drivers\vmci.sys
2011-11-27 00:52 . 2009-10-20 19:22 38448 ----a-w- c:\windows\system32\drivers\hcmon.sys
2011-11-27 00:52 . 2009-10-20 19:23 76336 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-11-27 00:51 . 2009-10-20 19:21 326192 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2011-11-27 00:51 . 2009-10-20 19:22 399920 ----a-w- c:\windows\SysWow64\vmnat.exe
2011-11-27 00:51 . 2009-10-20 19:23 30256 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-11-27 00:51 . 2009-10-20 19:22 920112 ----a-w- c:\windows\system32\vnetlib64.dll
2011-11-27 00:21 . 2011-11-26 02:26 532132088 ----a-w- C:\VMware-server-2.0.2-203138.exe
2011-11-27 00:13 . 2011-11-27 00:13 -------- d-----w- c:\program files (x86)\Common Files\VMware
2011-11-26 23:24 . 2011-11-26 23:24 -------- d-----w- c:\users\Public\ABBYY FineReader Engine 9.0
2011-11-26 23:24 . 2011-11-26 23:24 -------- d-----w- c:\users\dloomis\AppData\Roaming\ABBYY FineReader Engine 9.0
2011-11-26 23:24 . 2011-11-26 23:24 -------- d-----w- c:\users\dloomis\AppData\Local\ABBYY FineReader Engine 9.0
2011-11-26 22:59 . 2011-11-26 22:59 -------- d-----w- c:\program files (x86)\Common Files\Business Objects
2011-11-26 22:05 . 2011-11-26 22:05 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-26 22:05 . 2011-11-26 22:05 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-11-26 22:05 . 2011-11-26 22:05 -------- d-----w- c:\programdata\Hitman Pro
2011-11-26 20:35 . 2011-11-26 20:35 -------- d-----w- C:\Copy of VMware
2011-11-26 17:07 . 2011-11-26 17:07 -------- d-----w- c:\users\Dave\AppData\Roaming\qualys
2011-11-26 17:01 . 2011-11-26 17:01 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-26 16:42 . 2011-11-26 16:43 -------- d-----w- c:\users\Dave\AppData\Local\Google
2011-11-26 15:53 . 2011-11-26 22:46 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-11-26 15:53 . 2011-11-26 22:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-26 04:00 . 2011-11-26 04:00 -------- d-----w- c:\users\dloomis\AppData\Roaming\Malwarebytes
2011-11-26 04:00 . 2011-11-26 04:00 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 04:00 . 2011-11-26 04:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-26 02:17 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4C596EE-FE75-4251-99DA-3F2FBEFFA23C}\mpengine.dll
2011-11-09 13:28 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 13:28 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 13:28 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 13:28 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 13:55 . 2011-11-07 13:55 -------- d-----w- c:\program files (x86)\Equitrac
2011-10-30 22:41 . 2011-11-26 02:03 -------- d-----w- c:\program files\iTunes
2011-10-30 22:41 . 2011-11-26 02:02 -------- d-----w- c:\program files (x86)\iTunes
2011-10-30 22:41 . 2011-11-26 01:47 -------- d-----w- c:\program files\iPod
2011-10-30 22:39 . 2011-11-26 02:06 -------- d-----w- c:\program files\Bonjour
2011-10-30 22:39 . 2011-11-26 02:06 -------- d-----w- c:\program files (x86)\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 14:07 . 2011-06-10 20:22 1890 --sha-w- c:\programdata\KGyGaAvL.sys
2011-11-19 23:01 . 2011-06-16 23:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 09:06 . 2011-06-15 12:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-06 20:45 . 2011-06-10 00:48 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-06-10 00:48 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-06 20:45 . 2011-06-10 00:48 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-06-10 00:48 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:38 . 2011-06-10 00:48 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-06-10 00:48 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-06-10 00:48 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-06-10 00:48 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2011-06-10 00:48 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-01 05:24 . 2011-10-12 16:37 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 16:37 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 16:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 16:37 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 16:37 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 16:37 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 910208]
"GoToMeeting"="c:\program files (x86)\Citrix\GoToMeeting\723\g2mstart.exe" [2011-06-15 39816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-02-03 1543016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"SharpTray.exe"="c:\program files (x86)\Sharp\Sharpdesk\SharpTray.exe" [2010-03-08 131584]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"IndexTray.exe"="c:\program files (x86)\Sharp\Sharpdesk\IndexTray.exe" [2010-03-08 395264]
"FtpServer.exe"="c:\program files (x86)\Sharp\Sharpdesk\FtpServer.exe" [2010-02-22 819712]
.
c:\users\dloomis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\dloomis\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-18 1202976]
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2011-11-18 4680264]
Intact Printer.lnk - c:\program files (x86)\InfoDynamics, Inc\Intact Document Solution\IntactPrinter.Net.exe [2011-4-28 75776]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-4-24 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]
R2 IntactActionService;IntactActionService;c:\program files (x86)\InfoDynamics\IntactActionService\IntactActionService.exe [2010-09-02 16896]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-02-03 155496]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 OKI OPHG DCS Loader;OKI OPHG DCS Loader;c:\windows\system32\spool\DRIVERS\x64\3\OPHGLDCS.EXE [2007-05-29 20480]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-02-03 79208]
R3 Remark FTP Utility;Remark FTP Utility;c:\program files (x86)\Common Files\Gravic\RemarkFTPUtility12.exe [2009-09-04 65024]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 nlem64nt;nlem64nt; [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0500000.07D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0500000.07D\SYMEFA64.SYS [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-23 953904]
S1 GIDv2;GIDv2; [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSVia64.sys [2010-11-11 476792]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0500000.07D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0500000.07D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
S2 DocumentIndexingService;Document Indexing Service;c:\program files (x86)\InfoDynamics\Indexer\DocumentIndexingService.exe [2010-07-01 10752]
S2 Engine9DongleManagerService;FineReader Engine 9.0 Network License Server;c:\program files (x86)\InfoDynamics\License Server\EngineDongleManager.exe \service [x]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 hMailServer;hMailServer;c:\program files (x86)\hMailServer\Bin\hMailServer.exe RunAsService [x]
S2 IDM_DCPC_SNMP;MWA Intelligence DCPC Service;c:\program files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IDM_DCPC_SNMP.exe [2011-03-30 135168]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2011-11-18 63048]
S2 IMPSDiscoveryEngine;IMPSDiscoveryEngine;c:\program files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IMPSDiscoveryEngine.exe [2011-03-30 160768]
S2 IMPSUpdateEngine;IMPSUpdateEngine;c:\program files (x86)\MWA Intelligence\iMPS Enterprise\IMPSUpdateEngine.exe [2011-03-30 46080]
S2 IntactFTPServer;IntactFTPServer;c:\program files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactFTPServer.exe [2009-03-12 36864]
S2 IntactWebServer;IntactWebServer;c:\program files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactWebServer.exe [2009-02-25 49152]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-02-26 40808]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-02-26 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 MSSQL$INTACT;SQL Server (INTACT);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 MWAServiceMonitor;MWAServiceMonitor;c:\program files (x86)\MWA Intelligence\iMPS Enterprise\DCPC Watchdog Service.exe [2011-03-24 10240]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.0.0.125\ccSvcHst.exe [2010-11-24 130000]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMwareHostd;VMware Host Agent;c:\program files (x86)\VMware\VMware Server\vmware-hostd.exe [2009-10-20 322096]
S2 VMwareServerWebAccess;VMware Server Web Access;c:\program files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe [2009-10-20 57344]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-25 138360]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ERASERUTILREBOOTDRV
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 15:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127Core.job
- c:\users\dloomis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-27 03:24]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127UA.job
- c:\users\dloomis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-27 03:24]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000Core.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 16:42]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000UA.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 16:42]
.
2011-11-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2011-11-26 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2010-12-09 380776]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-02-26 41320]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2010-12-17 281448]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-15 316032]
"SR0XRCV"="c:\windows\system32\spool\drivers\x64\3\SR0XRCV.exe" [2006-10-23 102400]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\VMware\VMware Server\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{25061D1D-6EF0-4AA5-9098-2491B61CC892}: NameServer = 132.145.80.89
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
FF - ProfilePath - c:\users\dloomis\AppData\Roaming\Mozilla\Firefox\Profiles\jbxhww7e.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.0.0.125\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.032"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.abr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.amr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ani"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.apd"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.arw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bay"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bmp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bwf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cel"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cr2"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.crw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cs1"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cur"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcx"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dib"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djv"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djvu"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dng"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.emf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.eps"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.erf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fff"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.flc"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fli"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fpx"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.gif"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.hdr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icl"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icn"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iff"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ilbm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.int"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.inta"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iw4"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2c"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2k"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jbr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jfif"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jif"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jp2"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpc"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpe"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpeg"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpg"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpk"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpx"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.kar"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.kdc"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.lbm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.m15"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.m1a"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.m2a"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.m75"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mef"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mos"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mpv"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mrw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nef"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nrw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.orf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcd"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pct"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcx"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pef"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pgm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pic"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pics"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pict"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pix"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.png"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ppm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psd"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspbrush"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspimage"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.qcp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.qtpf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ras"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgb"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgba"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rle"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rsb"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rw2"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rwl"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sdv"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sfil"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sgi"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.smf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.smi"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.smil"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sml"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sr2"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.srf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.swa"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tga"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.thm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tif"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tiff"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttc"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ulw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.vfw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbmp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wmf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xbm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xif"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xmp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xpm"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-27 02:38:57
ComboFix-quarantined-files.txt 2011-11-27 07:38
.
Pre-Run: 336,165,302,272 bytes free
Post-Run: 335,749,832,704 bytes free
.
- - End Of File - - 60CD58388E7469476357F12FFDFD6D84
_______________________________________________________-

OTL logfile created on: 11/27/2011 3:29:39 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\dloomis\Desktop\geeks
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.89 Gb Total Physical Memory | 4.79 Gb Available Physical Memory | 60.74% Memory free
15.78 Gb Paging File | 12.44 Gb Available in Paging File | 78.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.96 Gb Total Space | 313.57 Gb Free Space | 69.84% Space Free | Partition Type: NTFS
Drive E: | 3.62 Gb Total Space | 3.24 Gb Free Space | 89.53% Space Free | Partition Type: FAT32
Drive O: | 448.96 Gb Total Space | 313.57 Gb Free Space | 69.84% Space Free | Partition Type: CSC-CACHE
Drive Q: | 15.62 Gb Total Space | 6.73 Gb Free Space | 43.08% Space Free | Partition Type: NTFS

Computer Name: DL-ITDEPT | User Name: dloomis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/27 10:54:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\dloomis\Desktop\geeks\OTL.exe
PRC - [2011/09/06 15:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/15 12:28:18 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe
PRC - [2011/06/15 12:28:18 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mlauncher.exe
PRC - [2011/06/15 12:28:18 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mcomm.exe
PRC - [2011/03/30 15:24:26 | 000,135,168 | ---- | M] (MWA Intelligence) -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IDM_DCPC_SNMP.exe
PRC - [2011/03/30 08:58:30 | 000,160,768 | ---- | M] (MWA Intelligence) -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IMPSDiscoveryEngine.exe
PRC - [2011/03/30 08:57:32 | 000,046,080 | ---- | M] (MWA Intelligence) -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\IMPSUpdateEngine.exe
PRC - [2011/03/24 14:01:18 | 000,010,240 | ---- | M] (MWA Intelligence) -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\DCPC Watchdog Service.exe
PRC - [2011/03/14 19:04:14 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2011/02/25 20:46:30 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011/02/25 20:46:14 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/16 20:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/01/16 20:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/29 01:18:32 | 000,137,656 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2010/12/29 01:18:14 | 000,259,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2010/12/14 16:07:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2010/12/01 22:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/11/29 14:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010/11/24 02:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/11/20 22:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/07/01 05:05:32 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\InfoDynamics\Indexer\DocumentIndexingService.exe
PRC - [2010/06/07 06:39:36 | 005,395,968 | ---- | M] (hMailServer) -- C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe
PRC - [2010/04/07 00:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010/04/01 00:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010/03/11 16:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/02/15 17:23:30 | 000,595,208 | ---- | M] (ABBYY) -- C:\Program Files (x86)\InfoDynamics\License Server\EngineDongleManager.exe
PRC - [2009/10/20 16:27:34 | 000,057,344 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\tomcat6.exe
PRC - [2009/10/20 14:22:06 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2009/10/20 14:21:56 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2009/10/20 14:21:20 | 000,322,096 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe
PRC - [2009/10/20 14:21:20 | 000,121,392 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe
PRC - [2009/07/13 20:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2009/05/28 00:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/03/12 15:11:00 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactFTPServer.exe
PRC - [2009/02/25 09:52:50 | 000,049,152 | ---- | M] (InfoDynamics, Inc) -- C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactWebServer.exe
PRC - [2008/01/10 14:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/16 23:11:16 | 004,297,568 | -H-- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/20 22:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 22:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/05/28 00:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/02/25 20:46:30 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2011/02/25 20:46:14 | 000,040,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011/01/26 06:38:11 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2010/12/18 17:50:36 | 000,962,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/12/17 16:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/17 16:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/12/17 07:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010/12/15 18:46:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/12/03 15:01:54 | 000,116,072 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV:64bit: - [2010/12/02 21:00:56 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2010/12/01 22:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2010/11/24 02:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2010/11/20 22:24:51 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010/11/20 22:24:38 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2010/11/12 04:48:50 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/07 00:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2009/11/05 11:24:00 | 001,044,992 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\LMabcoms.exe -- (lmab_device)
SRV:64bit: - [2009/07/13 20:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 20:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
SRV:64bit: - [2009/07/13 20:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2007/05/29 18:48:04 | 000,020,480 | ---- | M] (Oki Data Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\OPHGLDCS.EXE -- (OKI OPHG DCS Loader)
SRV - [2011/03/30 15:24:26 | 000,135,168 | ---- | M] (MWA Intelligence) [Auto | Running] -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IDM_DCPC_SNMP.exe -- (IDM_DCPC_SNMP)
SRV - [2011/03/30 08:58:30 | 000,160,768 | ---- | M] (MWA Intelligence) [Auto | Running] -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IMPSDiscoveryEngine.exe -- (IMPSDiscoveryEngine)
SRV - [2011/03/30 08:57:32 | 000,046,080 | ---- | M] (MWA Intelligence) [Auto | Running] -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\IMPSUpdateEngine.exe -- (IMPSUpdateEngine)
SRV - [2011/03/24 14:01:18 | 000,010,240 | ---- | M] (MWA Intelligence) [Auto | Running] -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\DCPC Watchdog Service.exe -- (MWAServiceMonitor)
SRV - [2011/03/14 19:04:14 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/03 13:45:00 | 000,155,496 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2011/02/03 13:45:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011/01/16 20:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/01/16 20:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/12/14 16:07:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010/11/29 14:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel®
SRV - [2010/11/20 22:25:10 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/11/20 22:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 22:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 22:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/09/02 13:06:38 | 000,016,896 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\InfoDynamics\IntactActionService\IntactActionService.exe -- (IntactActionService)
SRV - [2010/07/01 05:05:32 | 000,010,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\InfoDynamics\Indexer\DocumentIndexingService.exe -- (DocumentIndexingService)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/06/07 06:39:36 | 005,395,968 | ---- | M] (hMailServer) [Auto | Running] -- C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe -- (hMailServer)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 16:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/15 17:23:30 | 000,595,208 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\InfoDynamics\License Server\EngineDongleManager.exe -- (Engine9DongleManagerService)
SRV - [2009/11/05 11:24:00 | 000,593,920 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\LMabcoms.exe -- (lmab_device)
SRV - [2009/10/20 16:27:34 | 000,057,344 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe -- (VMwareServerWebAccess)
SRV - [2009/10/20 14:22:06 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/20 14:21:56 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/20 14:21:20 | 000,322,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe -- (VMwareHostd)
SRV - [2009/10/20 14:21:20 | 000,121,392 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/09/03 21:22:46 | 000,065,024 | ---- | M] (Gravic) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Gravic\RemarkFTPUtility12.exe -- (Remark FTP Utility)
SRV - [2009/07/13 20:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/23 14:49:56 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/03/12 15:11:00 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactFTPServer.exe -- (IntactFTPServer)
SRV - [2009/02/25 09:52:50 | 000,049,152 | ---- | M] (InfoDynamics, Inc) [Auto | Running] -- C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactWebServer.exe -- (IntactWebServer)
SRV - [2008/01/10 14:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2007/05/24 06:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 15:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 15:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 15:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 15:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 15:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 15:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/06/04 07:28:54 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 22:10:38 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2011/03/10 22:10:30 | 012,264,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/02/17 05:25:02 | 001,419,824 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/02/09 13:48:56 | 001,577,600 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/03 13:45:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2011/02/03 13:45:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2010/12/23 14:55:44 | 000,166,528 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010/12/21 11:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/12/20 11:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®
DRV:64bit: - [2010/12/18 02:58:00 | 000,425,000 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010/12/18 02:57:34 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/12/18 02:57:34 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/12/18 02:57:32 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/12/18 02:57:32 | 000,145,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/12/15 18:45:16 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2010/12/15 18:43:00 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010/12/14 21:12:00 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2010/12/03 15:01:58 | 000,031,592 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 08:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 06:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/12 04:48:30 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2010/11/05 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/09/07 00:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/08/20 23:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/12/02 02:33:30 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/10/20 14:23:48 | 000,076,336 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2009/10/20 14:23:44 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2009/10/20 14:23:36 | 000,065,072 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2009/10/20 14:22:54 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2009/10/20 14:21:10 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2009/10/20 14:21:10 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009/09/24 06:58:38 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2009/09/09 12:38:24 | 000,072,736 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\nlem64nt.sys -- (nlem64nt)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2421173305-923280183-2936765214-1127\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2421173305-923280183-2936765214-1127\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\dloomis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\dloomis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/25 21:07:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/14 17:44:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/06/14 17:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dloomis\AppData\Roaming\mozilla\Extensions
[2011/11/27 08:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/15 07:18:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/25 21:07:14 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\dloomis\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\dloomis\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\dloomis\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\dloomis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\dloomis\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Qualys BrowserCheck = C:\Users\dloomis\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekpjhkjhpbabigpoojijebfpficekjp\1.3.23.1_0\

Hosts file not found
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2421173305-923280183-2936765214-1127\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKU\S-1-5-21-2421173305-923280183-2936765214-1127..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - Startup: C:\Users\dloomis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\dloomis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2421173305-923280183-2936765214-1127\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2421173305-923280183-2936765214-1127\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll (VMware, Inc.)
O15 - HKU\S-1-5-21-2421173305-923280183-2936765214-1127\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} https://browsercheck....com/qbc_ax.cab (Qualys BrowserCheck)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} http://75.147.67.38:...dows-i586-p.exe (Java Plug-in)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://lexmark-even...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MANNING.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D1B0F2F-6668-45DA-ABF9-F27D23542FD6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25061D1D-6EF0-4AA5-9098-2491B61CC892}: NameServer = 132.145.80.89
O18:64bit: - Protocol\Handler\intu-help-qb1 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\sds - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\sds {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files (x86)\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/27 08:55:49 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/27 15:23:46 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/27 15:03:19 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\geeks
[2011/11/27 14:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/27 12:54:02 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Users\dloomis\AppData\Local\ndf.exe
[2011/11/27 12:54:02 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Users\dloomis\AppData\Local\fmd.exe
[2011/11/27 12:43:31 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/11/27 12:43:19 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Users\dloomis\AppData\Local\wif.exe
[2011/11/27 10:03:34 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\GooredFix Backups
[2011/11/27 09:43:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/11/27 09:43:56 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/27 09:01:52 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Local\CrashDumps
[2011/11/27 08:55:37 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/11/27 08:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/11/27 08:54:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/11/27 08:49:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/27 08:19:55 | 000,065,072 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmci.sys
[2011/11/27 08:19:51 | 000,038,448 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2011/11/27 08:19:49 | 000,076,336 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2011/11/27 08:19:10 | 000,326,192 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2011/11/27 08:19:06 | 000,399,920 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2011/11/27 08:19:05 | 000,030,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2011/11/27 08:18:58 | 000,920,112 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2011/11/27 01:21:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/27 01:21:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/27 01:21:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/27 01:20:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/27 01:14:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/27 00:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/11/27 00:43:05 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/11/27 00:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/11/27 00:42:25 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Documents\Symantec
[2011/11/27 00:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/11/27 00:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2011/11/27 00:32:35 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Local\ID Vault
[2011/11/27 00:31:18 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\ID Vault
[2011/11/27 00:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Constant Guard Protection Suite
[2011/11/27 00:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\White Sky, Inc
[2011/11/27 00:22:46 | 000,000,000 | ---D | C] -- C:\Users\dloomis\DoctorWeb
[2011/11/26 22:35:49 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\qualys
[2011/11/26 22:25:12 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/11/26 22:24:34 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Local\Google
[2011/11/26 19:51:03 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware
[2011/11/26 19:21:20 | 532,132,088 | ---- | C] (VMware, Inc.) -- C:\VMware-server-2.0.2-203138.exe
[2011/11/26 19:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2011/11/26 18:24:13 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\ABBYY FineReader Engine 9.0
[2011/11/26 18:24:13 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Local\ABBYY FineReader Engine 9.0
[2011/11/26 18:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sherpa
[2011/11/26 17:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Business Objects
[2011/11/26 17:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/11/26 17:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/11/26 15:35:20 | 000,000,000 | ---D | C] -- C:\Copy of VMware
[2011/11/26 12:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/11/26 10:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/11/26 10:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/11/25 23:00:36 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\Malwarebytes
[2011/11/25 23:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/25 23:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/25 21:21:30 | 532,132,088 | ---- | C] (VMware, Inc.) -- C:\Users\dloomis\Desktop\VMware-server-2.0.2-203138.exe
[2011/11/21 09:08:55 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\OMD
[2011/11/08 14:03:46 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\Panasonic
[2011/11/07 09:31:53 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\6420-1055_equitrac_medusa_1_12_08
[2011/11/07 08:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Equitrac
[2011/11/07 08:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Equitrac
[2011/10/30 17:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/30 17:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/30 17:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/30 17:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/30 17:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/30 17:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/08/30 20:48:53 | 001,040,384 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabserv.dll
[2011/08/30 20:48:53 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcomc.dll
[2011/08/30 20:48:53 | 000,593,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcoms.exe
[2011/08/30 20:48:53 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcomm.dll
[2011/08/30 20:48:53 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabhcp.dll

========== Files - Modified Within 30 Days ==========

[2011/11/27 15:29:04 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127UA.job
[2011/11/27 15:17:28 | 000,931,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/27 15:17:28 | 000,771,534 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/27 15:17:28 | 000,160,578 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/27 15:16:22 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 15:16:22 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 15:08:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/27 15:08:36 | 2058,801,151 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/27 14:47:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000UA.job
[2011/11/27 14:31:17 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/27 12:54:12 | 000,007,470 | -HS- | M] () -- C:\Users\dloomis\AppData\Local\041730n6j756f472t653x1hmb4g0
[2011/11/27 12:54:12 | 000,007,470 | -HS- | M] () -- C:\ProgramData\041730n6j756f472t653x1hmb4g0
[2011/11/27 12:54:02 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Users\dloomis\AppData\Local\ndf.exe
[2011/11/27 12:54:02 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Users\dloomis\AppData\Local\fmd.exe
[2011/11/27 12:43:19 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Users\dloomis\AppData\Local\wif.exe
[2011/11/27 10:26:22 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/11/27 08:55:49 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/11/26 22:29:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127Core.job
[2011/11/26 18:14:45 | 000,001,899 | ---- | M] () -- C:\Users\dloomis\Desktop\Compass Sherpa.lnk
[2011/11/26 17:05:44 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/11/26 11:47:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000Core.job
[2011/11/25 21:26:07 | 532,132,088 | ---- | M] (VMware, Inc.) -- C:\VMware-server-2.0.2-203138.exe
[2011/11/25 21:26:07 | 532,132,088 | ---- | M] (VMware, Inc.) -- C:\Users\dloomis\Desktop\VMware-server-2.0.2-203138.exe
[2011/11/25 21:11:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/25 16:14:15 | 000,000,336 | ---- | M] () -- C:\ProgramData\IoohtsDmVFndjq
[2011/11/23 13:19:25 | 000,002,008 | -H-- | M] () -- C:\Users\dloomis\Documents\Default.rdp
[2011/11/23 12:15:21 | 000,000,441 | ---- | M] () -- C:\Users\dloomis\Documents\ChatLog Print Submission Webinar 2011_11_23 12_15.rtf
[2011/11/22 16:30:09 | 003,409,919 | ---- | M] () -- C:\Users\dloomis\Desktop\websubmission.pdf
[2011/11/21 09:07:47 | 000,001,890 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/11/21 09:07:04 | 000,007,597 | ---- | M] () -- C:\Users\dloomis\AppData\Local\Resmon.ResmonCfg
[2011/11/19 18:01:36 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/16 11:28:59 | 000,383,432 | ---- | M] () -- C:\Users\dloomis\Desktop\OCM Comments.pdf
[2011/11/14 19:14:42 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/11/10 15:01:00 | 000,456,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/09 11:35:17 | 000,965,838 | ---- | M] () -- C:\Users\dloomis\Desktop\Faxcore_ PO.pdf
[2011/11/09 09:50:41 | 000,071,125 | ---- | M] () -- C:\Users\dloomis\Desktop\GroupReport.pdf
[2011/11/04 22:09:48 | 000,018,281 | ---- | M] () -- C:\Users\dloomis\Desktop\success.csv
[2011/11/03 11:41:34 | 004,493,312 | ---- | M] () -- C:\Users\dloomis\Documents\OCM Call Tracker.accdb

========== Files Created - No Company Name ==========

[2011/11/27 14:31:17 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/27 12:43:19 | 000,007,470 | -HS- | C] () -- C:\Users\dloomis\AppData\Local\041730n6j756f472t653x1hmb4g0
[2011/11/27 12:43:19 | 000,007,470 | -HS- | C] () -- C:\ProgramData\041730n6j756f472t653x1hmb4g0
[2011/11/27 08:55:49 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/11/27 01:21:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/27 01:21:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/27 01:21:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/27 01:21:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/27 01:21:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/26 22:24:37 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127UA.job
[2011/11/26 22:24:35 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127Core.job
[2011/11/26 18:14:45 | 000,001,899 | ---- | C] () -- C:\Users\dloomis\Desktop\Compass Sherpa.lnk
[2011/11/26 18:00:07 | 000,002,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compass Sherpa.lnk
[2011/11/26 17:05:44 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/11/26 11:42:48 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000UA.job
[2011/11/26 11:42:47 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000Core.job
[2011/11/25 16:14:15 | 000,000,336 | ---- | C] () -- C:\ProgramData\IoohtsDmVFndjq
[2011/11/23 12:15:21 | 000,000,441 | ---- | C] () -- C:\Users\dloomis\Documents\ChatLog Print Submission Webinar 2011_11_23 12_15.rtf
[2011/11/22 16:30:09 | 003,409,919 | ---- | C] () -- C:\Users\dloomis\Desktop\websubmission.pdf
[2011/11/21 09:07:04 | 000,007,597 | ---- | C] () -- C:\Users\dloomis\AppData\Local\Resmon.ResmonCfg
[2011/11/16 11:28:59 | 000,383,432 | ---- | C] () -- C:\Users\dloomis\Desktop\OCM Comments.pdf
[2011/11/09 11:35:17 | 000,965,838 | ---- | C] () -- C:\Users\dloomis\Desktop\Faxcore_ PO.pdf
[2011/11/09 09:50:41 | 000,071,125 | ---- | C] () -- C:\Users\dloomis\Desktop\GroupReport.pdf
[2011/11/04 22:09:48 | 000,018,281 | ---- | C] () -- C:\Users\dloomis\Desktop\success.csv
[2011/08/30 08:13:19 | 000,024,052 | ---- | C] () -- C:\Windows\net32.bin
[2011/08/15 09:54:03 | 000,159,836 | ---- | C] () -- C:\Windows\_isusr32.dll
[2011/08/15 09:54:03 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\_isusr2k.dll
[2011/08/06 11:10:29 | 000,026,427 | ---- | C] () -- C:\Windows\CSTBox.INI
[2011/07/12 19:27:10 | 000,000,088 | -HS- | C] () -- C:\ProgramData\763428A7D1.sys
[2011/06/14 17:09:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/06/13 12:06:59 | 000,000,244 | ---- | C] () -- C:\Windows\omd.ini
[2011/06/10 22:01:56 | 000,884,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/10 15:22:39 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/06/09 12:53:11 | 000,002,820 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/06/04 07:34:14 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/06/04 07:34:14 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/06/04 07:34:13 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/06/04 07:16:54 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/09/09 10:45:18 | 000,039,800 | ---- | C] () -- C:\Windows\SysWow64\secbuild.dll
[2009/09/09 10:45:10 | 000,030,072 | ---- | C] () -- C:\Windows\SysWow64\sectools.dll
[2009/09/09 10:44:56 | 000,055,160 | ---- | C] () -- C:\Windows\SysWow64\nlem32nt.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/12 12:35:00 | 000,857,307 | ---- | C] () -- C:\Windows\SysWow64\SSCProt.dll
[2007/10/29 23:26:30 | 000,516,096 | ---- | C] () -- C:\Windows\SysWow64\IntactResources.dll
[2006/01/13 10:19:06 | 000,000,837 | ---- | C] () -- C:\Windows\SysWow64\noise.dat
[2005/06/03 14:54:06 | 000,002,545 | ---- | C] () -- C:\Windows\SysWow64\stemming.dat
[2002/04/16 08:14:44 | 001,683,456 | R--- | C] () -- C:\Windows\SysWow64\Ltclr13n.dll
[2002/04/16 08:14:44 | 000,118,784 | R--- | C] () -- C:\Windows\SysWow64\Lfkodak.dll
[2002/04/16 08:14:42 | 000,338,944 | R--- | C] () -- C:\Windows\SysWow64\Lffpx7.dll
[2001/01/19 14:02:46 | 000,003,769 | ---- | C] () -- C:\Windows\SysWow64\OPTIONS.DAT

< End of report >
____________________-

OTL Extras logfile created on: 11/27/2011 3:29:39 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\dloomis\Desktop\geeks
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.89 Gb Total Physical Memory | 4.79 Gb Available Physical Memory | 60.74% Memory free
15.78 Gb Paging File | 12.44 Gb Available in Paging File | 78.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.96 Gb Total Space | 313.57 Gb Free Space | 69.84% Space Free | Partition Type: NTFS
Drive E: | 3.62 Gb Total Space | 3.24 Gb Free Space | 89.53% Space Free | Partition Type: FAT32
Drive O: | 448.96 Gb Total Space | 313.57 Gb Free Space | 69.84% Space Free | Partition Type: CSC-CACHE
Drive Q: | 15.62 Gb Total Space | 6.73 Gb Free Space | 43.08% Space Free | Partition Type: NTFS

Computer Name: DL-ITDEPT | User Name: dloomis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- "%1" %*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel® PROSet/Wireless WiFi Software
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.VISIOR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0409-1000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.VISIOR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.VISIOR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows Driver Package - Intel System (09/10/2010 9.2.0.1011)
"466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)
"6D23A494E9A245843FB8584D9307D3E328DF8613" = Windows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0)
"77A943AB876C131591E0EA5DB6AB08D89EE2EA9E" = Windows Driver Package - Synaptics (SynTP) Mouse (02/17/2011 15.2.14.0)
"90FD26A77B849AE03FF5F07A1CDA7F950406A8D8" = Windows Driver Package - Intel (MEIx64) System (10/19/2010 7.0.0.1144)
"A513FC5E5A08D4EF27F234E91E0E942A0234210B" = Windows Driver Package - Intel System (09/10/2010 9.2.0.1011)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"D97688B8E3830BF9820E15EB8D9552DCBF988CFD" = Windows Driver Package - Intel USB (09/16/2010 9.2.0.1013)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"FE1BEBFD475BB832AAF104F5C63348E98A9286DF" = Windows Driver Package - Intel System (10/04/2010 9.2.0.1015)
"HitmanPro35" = Hitman Pro 3.5
"Intact Printer_is1" = Intact Printer (novaPDF OEM 7.3 printer)
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Lexmark_HostCD" = Lexmark Software Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BA0F407-4A89-469C-9BED-6F0405686BF9}" = Compass Sherpa
"{0dff3440-a901-11dc-8314-0800200c9a66}" = Inter-Tel Collaboration Client 2.0
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{151746D8-8BAB-4111-9411-0C8886C66CCF}" = Intact Books SMART Server
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (INTACT)
"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel® Identity Protection Technology 1.0.71.0
"{3172C1B0-8275-479D-9FE3-B3B448B983ED}" = Intact SMART Office 2010
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3F9D4E76-4035-43CC-8C27-2942533F7B76}" = Intact Infusion
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47034EC8-418F-43C0-A6A9-D7342EA7BD64}" = Intact OSA 3
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{594F633A-1CC2-432A-ACCA-5B49594A6490}" = Intact Work SMART Server
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5F4877C6-E074-4AB1-AFF7-27F0B23A7572}" = Intact SMART
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C73CCC-DBC3-4864-B0EA-5E2EFC0B5C1D}" = C3400 Series GDI Driver from OKI® Printing Solutions for Windows
"{6A00D155-C954-41E5-82AA-3A934005B4C1}" = Intact Web SMART
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7139C864-6D17-4C2E-97B9-82F25576080D}" = QBFC 8.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8664FCE8-F91A-42BC-927C-AA318185E5EA}" = Sharpdesk
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{901C0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{90890A23-9FE8-4230-BC2E-F6578ACDDF6E}" = IRISCard Anywhere 4
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9583E990-868C-4BE3-98FE-D48043C844BF}" = Cardiris Pro 5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AF08C71F-F822-4416-87A9-2BBF5A8A5F12}" = VMware Server
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1141
"{BCAB141B-694F-4E27-BE14-0D278425AB43}" = Sharp OSA Simulator
"{C06C5E34-308C-481A-8CA3-0EA2BF2E4D64}" = Intact SMART Server
"{C62538F0-66AB-4BCE-BDD2-A556547AD9BE}" = pcProx
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D06E61A3-6443-4B6D-8D58-D586367481EF}" = Remark Office OMR 7.0.2
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2F28E39-9813-41D3-8EC9-BAADA38C426D}" = VMware Remote Console Plug-in
"{D391CD6B-92BB-449D-99C0-B2242AD0F57E}" = Compass Opportunity Manager
"{D3EA8D81-AE81-4025-9A55-2BD3511FA4EA}" = Intact Books SMART for Quickbooks
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D9E2A69F-7313-4B47-ADEF-BD7EB7CD5001}" = iMPS Enterprise
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E327C2A5-E236-44C4-A410-B899403A49A9}" = ES3640e MFP Series PS Driver from OKI® Printing Solutions for Windows Vista x64 Edition & Windows Vista
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F088B95F-4DB5-4AA5-B685-656F2F4F26E1}" = OMD
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F62F729E-8325-42B5-89AB-0C4C09B88AA7}" = Intact Sample Database
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.10.18.02
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveTouchMeetingClient" = WebEx
"avast" = avast! Free Antivirus
"Equitrac Reader Maintainer_is1" = Equitrac Reader Maintainer 1.05.01
"hMailServer_is1" = hMailServer 5.3.3-B1879
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{BCAB141B-694F-4E27-BE14-0D278425AB43}" = Sharp OSA Simulator
"InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"InstallShield_{D06E61A3-6443-4B6D-8D58-D586367481EF}" = Remark Office OMR 7.0.2
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Lenovo Welcome_is1" = Lenovo Welcome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NetLib Encryptionizer DE Distribution-2008.6.22.0" = NetLib Encryptionizer DE Distribution
"RealVNC_is1" = VNC Free Edition 4.1.3
"SHARP MX-M283 M363 M423 M453 M503 Series PC-Fax Driver" = SHARP MX-B,M Series PC-Fax Driver
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.2
"WorkgroupShareClient" = WorkgroupShare Client

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.8.0.723

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/27/2011 4:09:06 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = MSSQL$INTACT | ID = 17187
Description = SQL Server is not ready to accept new client connections. Wait a few
minutes before trying again. If you have access to the error log, look for the
informational message that indicates that SQL Server is ready before trying to connect
again. [CLIENT: <local machine>]

Error - 11/27/2011 4:09:06 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = MSSQL$INTACT | ID = 17187
Description = SQL Server is not ready to accept new client connections. Wait a few
minutes before trying again. If you have access to the error log, look for the
informational message that indicates that SQL Server is ready before trying to connect
again. [CLIENT: <local machine>]

Error - 11/27/2011 4:09:08 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = MSSQL$INTACT | ID = 17187
Description = SQL Server is not ready to accept new client connections. Wait a few
minutes before trying again. If you have access to the error log, look for the
informational message that indicates that SQL Server is ready before trying to connect
again. [CLIENT: <local machine>]

Error - 11/27/2011 4:09:08 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = MSSQL$INTACT | ID = 17187
Description = SQL Server is not ready to accept new client connections. Wait a few
minutes before trying again. If you have access to the error log, look for the
informational message that indicates that SQL Server is ready before trying to connect
again. [CLIENT: <local machine>]

Error - 11/27/2011 4:09:08 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = IntactActionService | ID = 0
Description = Service cannot be started. Intact.BusinessLayer.IntactException: Intact
Execption ---> System.Data.SqlClient.SqlException: A connection was successfully
established with the server, but then an error occurred during the login process.
(provider: Shared Memory Provider, error: 0 - No process is on the other end of
the pipe.) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) at System.Data.SqlClient.TdsParserStateObject.ReadSniError(TdsParserStateObject
stateObj, UInt32 error) at System.Data.SqlClient.TdsParserStateObject.ReadSni(DbAsyncResult
asyncResult, TdsParserStateObject stateObj) at System.Data.SqlClient.TdsParserStateObject.ReadNetworkPacket()

at System.Data.SqlClient.TdsParserStateObject.ReadBuffer() at System.Data.SqlClient.TdsParserStateObject.ReadByte()

at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler,
SqlDataRea...

Error - 11/27/2011 4:09:16 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = WinMgmt | ID = 10
Description =

Error - 11/27/2011 4:09:20 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: C:\Virtual Machines\Windows XP\Windows XP.vmx



Error - 11/27/2011 4:09:21 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: C:\Virtual Machines\2008Server_1\2008Server.vmx



Error - 11/27/2011 4:09:22 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: C:\Virtual Machines\2003Server\2003Server.vmx



Error - 11/27/2011 4:09:23 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: C:\Virtual Machines\2008Server-32\2008Server-32.vmx



[ Intact Action Service Log Events ]
Error - 6/28/2011 5:18:20 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description =

Error - 6/28/2011 5:18:25 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description =

Error - 6/28/2011 5:18:30 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description =

Error - 7/13/2011 6:49:58 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description = System.Exception: Intact.BusinessLayer.IntactException: Intact Execption
---> System.Data.SqlClient.SqlException: A transport-level error has occurred when
sending the request to the server. (provider: TCP Provider, error: 0 - An existing
connection was forcibly closed by the remote host.) at System.Data.SqlClient.SqlConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) at System.Data.SqlClient.TdsParserStateObject.WriteSni() at System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte
flushMode) at System.Data.SqlClient.TdsParserStateObject.ExecuteFlush() at
System.Data.SqlClient.TdsParser.TdsExecuteRPC(_SqlRPC[] rpcArray, Int32 timeout,
Boolean inSchema, SqlNotificationRequest notificationRequest, TdsParserStateObject
stateObj, Boolean isCommandProc) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior
cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) at
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)

at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior
behavior, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader()
at Intact.BusinessLayer.cLocation.LoadDefaultLocation() --- End of inner exception
stack trace --- at Intact.BusinessLayer.cLocation.LoadDefaultLocation() at
Intact.Services.HotFolder.HotFolderProcess.ProcessFolders() at Intact.Services.HotFolder.HotFolderService.ExecuteService()


at Intact.Services.svc_PreProcessor.startProcessing(IPreProcessor aoPP)

Error - 7/28/2011 7:07:58 AM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description = System.Exception: Intact.BusinessLayer.IntactException: Intact Execption
---> System.Data.SqlClient.SqlException: A transport-level error has occurred when
sending the request to the server. (provider: TCP Provider, error: 0 - An existing
connection was forcibly closed by the remote host.) at System.Data.SqlClient.SqlConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) at System.Data.SqlClient.TdsParserStateObject.WriteSni() at System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte
flushMode) at System.Data.SqlClient.TdsParserStateObject.ExecuteFlush() at
System.Data.SqlClient.TdsParser.TdsExecuteRPC(_SqlRPC[] rpcArray, Int32 timeout,
Boolean inSchema, SqlNotificationRequest notificationRequest, TdsParserStateObject
stateObj, Boolean isCommandProc) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior
cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) at
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)

at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior
behavior, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader()
at Intact.BusinessLayer.cLocation.LoadDefaultLocation() --- End of inner exception
stack trace --- at Intact.BusinessLayer.cLocation.LoadDefaultLocation() at
Intact.Services.HotFolder.HotFolderProcess.ProcessFolders() at Intact.Services.HotFolder.HotFolderService.ExecuteService()


at Intact.Services.svc_PreProcessor.startProcessing(IPreProcessor aoPP)

Error - 8/24/2011 9:36:28 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description = System.Exception: Intact.BusinessLayer.IntactException: Intact Execption
---> System.Data.SqlClient.SqlException: A transport-level error has occurred when
sending the request to the server. (provider: TCP Provider, error: 0 - An existing
connection was forcibly closed by the remote host.) at System.Data.SqlClient.SqlConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) at System.Data.SqlClient.TdsParserStateObject.WriteSni() at System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte
flushMode) at System.Data.SqlClient.TdsParserStateObject.ExecuteFlush() at
System.Data.SqlClient.TdsParser.TdsExecuteRPC(_SqlRPC[] rpcArray, Int32 timeout,
Boolean inSchema, SqlNotificationRequest notificationRequest, TdsParserStateObject
stateObj, Boolean isCommandProc) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior
cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) at
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)

at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior
behavior, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader()
at Intact.BusinessLayer.cLocation.LoadDefaultLocation() --- End of inner exception
stack trace --- at Intact.BusinessLayer.cLocation.LoadDefaultLocation() at
Intact.Services.HotFolder.HotFolderProcess.ProcessFolders() at Intact.Services.HotFolder.HotFolderService.ExecuteService()


at Intact.Services.svc_PreProcessor.startProcessing(IPreProcessor aoPP)

Error - 8/24/2011 9:36:28 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description = System.Exception: Intact.BusinessLayer.IntactException: Intact Execption
---> System.Data.SqlClient.SqlException: A transport-level error has occurred when
sending the request to the server. (provider: TCP Provider, error: 0 - An existing
connection was forcibly closed by the remote host.) at System.Data.SqlClient.SqlConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) at System.Data.SqlClient.TdsParserStateObject.WriteSni() at System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte
flushMode) at System.Data.SqlClient.TdsParserStateObject.ExecuteFlush() at
System.Data.SqlClient.TdsParser.TdsExecuteRPC(_SqlRPC[] rpcArray, Int32 timeout,
Boolean inSchema, SqlNotificationRequest notificationRequest, TdsParserStateObject
stateObj, Boolean isCommandProc) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior
cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) at
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)

at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior
behavior, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader()
at Intact.BusinessLayer.cLocation.LoadDefaultLocation() --- End of inner exception
stack trace --- at Intact.BusinessLayer.cLocation.LoadDefaultLocation() at
Intact.Services.HotFolder.HotFolderProcess.ProcessFolders() at Intact.Services.HotFolder.HotFolderService.ExecuteService()


at Intact.Services.svc_PreProcessor.startProcessing(IPreProcessor aoPP)

Error - 8/25/2011 7:13:40 AM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description = GE: System.ObjectDisposedException: Cannot access a disposed object.
Object
name: 'Timer'. at System.Timers.Timer.set_Enabled(Boolean value) at System.Timers.Timer.Start()

at Intact.Services.svc_PreProcessor.AdjustTimers(Timer currentTime)

Error - 10/6/2011 8:03:30 AM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description = GE: System.ObjectDisposedException: Cannot access a disposed object.
Object
name: 'Timer'. at System.Timers.Timer.set_Enabled(Boolean value) at System.Timers.Timer.Start()

at Intact.Services.svc_PreProcessor.AdjustTimers(Timer currentTime)

Error - 10/6/2011 8:03:30 AM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description = GE: System.ObjectDisposedException: Cannot access a disposed object.
Object
name: 'Timer'. at System.Timers.Timer.set_Enabled(Boolean value) at System.Timers.Timer.Start()

at Intact.Services.svc_PreProcessor.AdjustTimers(Timer currentTime)

[ Lenovo-Message Center Plus/Admin Events ]
Error - 7/31/2011 9:30:09 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
does not have a Lenovo Digital Signature. The file will be deleted

[ System Events ]
Error - 11/27/2011 4:08:57 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain MANNING due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 11/27/2011 4:08:56 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Service Control Manager | ID = 7000
Description = The Windows Firewall Authorization Driver service failed to start
due to the following error: %%183

Error - 11/27/2011 4:08:56 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Service Control Manager | ID = 7001
Description = The Windows Firewall service depends on the Windows Firewall Authorization
Driver service which failed to start because of the following error: %%183

Error - 11/27/2011 4:08:58 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Microsoft-Windows-GroupPolicy | ID = 1055
Description = The processing of Group Policy failed. Windows could not resolve the
computer name. This could be caused by one of more of the following: a) Name Resolution
failure on the current domain controller. b) Active Directory Replication Latency
(an account created on another domain controller has not replicated to the current
domain controller).

Error - 11/27/2011 4:09:01 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 11/27/2011 4:09:04 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 11/27/2011 4:09:08 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 11/27/2011 4:09:15 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Service Control Manager | ID = 7034
Description = The HyperW7 Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/27/2011 4:09:59 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 11/27/2011 4:11:19 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Uninstall Symantec (save the product license key in case you decide to reinstall it:http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US)

Run the Norton Removal tool.

Reboot



Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

Try TDSSKiller and aswMBR again. Remember to right click on each and Run As Admin.

Ron
  • 0

#5
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi Ron,

No luck running the programs. I don't think Norton even ran. I did right click and run as administrator. i double-checked and sandbox was not checked and i shut off all the avast shields.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Right click on each exe file and check Properties. Make sure it doesn't say the file is blocked. If it does try to unblock it.

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it by right clicking and Run As Administrator. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Ron
  • 0

#7
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi Ron,

They were blocked - i unblocked but still won't run. I downloaded and tried to run MBRCheck and it tells me that "It found non-standard or infected MBR" Two options: Enter y for more options or n to exit. If i select Y i get the following options:
1) Dump the MBR of a physical disk to file
2) Restore the MBR of a physical disk with a standard boot code
3) Exit

Edited by dl9796, 27 November 2011 - 03:44 PM.

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Reset your Security settings for the Internet zone to the default level. Go to "Control Panel -> Internet Options" (or use "Start -> Run -> inetcpl.cpl -> OK" to open "Internet Properties") then click the Security tab, select the Internet zone and click "Default level"

Close Your browser and reopen it. Then try to download files again.

Ron
  • 0

#9
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
I changed the level from custom back to default. I have both programs on my desktop. I right click and run as administrator - both won't start. Strange - Norton finally poppped up and let me remove.

Thanks...

Edited by dl9796, 27 November 2011 - 03:57 PM.

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Turn off UAC per method 1
http://www.mydigital...c-in-windows-7/

Then download Combofix again but this time save it as george.exe. See if it will run now.

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
A text version of the report should be at C:\ProgramData\Alwil Software\Avast5\report\aswboot.txt so you can copy and paste it if it finds anything.
  • 0

Advertisements


#11
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
ok - i will run a boot scan. UAC was turned off. I was able to get Combo to run, i wasn't able to get TDSSKiller and aswMBR to run. So i will:

1) Run Combo again and save log
2) Run a boot scan

Thanks
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
With UAC turned off there is usually no need to right click and Run as Admin. A simple double click will do.
  • 0

#13
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
ok - but you do want me to run Combo and then a boot scan?
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Yes. I want to see what has changed in Combofix since you removed Norton.
  • 0

#15
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Here are the Combo Log and Avast Boot Scan Log:

ComboFix 11-11-27.02 - dloomis 11/27/2011 18:44:33.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8079.5493 [GMT -5:00]
Running from: c:\users\dloomis\Desktop\george.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5849\AddOnDownloaded\96963609-8feb-4f10-b100-425cef18a0db.dll
c:\programdata\PCDr\5849\AddOnDownloaded\a2010314-d0e4-41be-bfeb-ca5bf837f119.dll
c:\users\dloomis\AppData\Local\fmd.exe
c:\users\dloomis\AppData\Local\ndf.exe
c:\users\dloomis\AppData\Local\wif.exe
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))
.
.
2011-11-28 00:21 . 2011-11-28 00:21 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2011-11-28 00:21 . 2011-11-28 00:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-28 00:21 . 2011-11-28 00:21 -------- d-----w- c:\users\Dave\AppData\Local\temp
2011-11-28 00:21 . 2011-11-28 00:21 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2011-11-28 00:21 . 2011-11-28 00:21 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-28 00:21 . 2011-11-28 00:21 -------- d-----w- c:\users\Administrator.DL-ITDEPT\AppData\Local\temp
2011-11-27 14:43 . 2011-11-27 14:43 388096 ----a-r- c:\users\dloomis\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-27 14:43 . 2011-11-27 14:43 -------- d-----w- c:\program files (x86)\Trend Micro
2011-11-27 14:24 . 2011-11-27 14:24 -------- d-----w- c:\users\Dave\AppData\Roaming\Malwarebytes
2011-11-27 14:13 . 2011-11-27 14:13 -------- d-----w- c:\users\test
2011-11-27 14:01 . 2011-11-27 14:03 -------- d-----w- c:\users\dloomis\AppData\Local\CrashDumps
2011-11-27 13:55 . 2011-11-27 14:33 -------- d-----w- C:\sh4ldr
2011-11-27 13:55 . 2011-11-27 13:55 -------- d-----w- c:\program files\Enigma Software Group
2011-11-27 13:54 . 2011-11-27 13:54 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-11-27 13:19 . 2009-10-20 19:23 65072 ----a-w- c:\windows\system32\drivers\vmci.sys
2011-11-27 13:19 . 2009-10-20 19:22 38448 ----a-w- c:\windows\system32\drivers\hcmon.sys
2011-11-27 13:19 . 2009-10-20 19:23 76336 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-11-27 13:19 . 2009-10-20 19:21 326192 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2011-11-27 13:19 . 2009-10-20 19:22 399920 ----a-w- c:\windows\SysWow64\vmnat.exe
2011-11-27 13:19 . 2009-10-20 19:23 30256 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-11-27 13:18 . 2009-10-20 19:22 920112 ----a-w- c:\windows\system32\vnetlib64.dll
2011-11-27 05:43 . 2010-08-21 04:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-11-27 05:40 . 2011-11-27 14:22 -------- d-----w- c:\programdata\Norton
2011-11-27 05:32 . 2011-11-27 13:22 -------- d-----w- c:\users\dloomis\AppData\Local\ID Vault
2011-11-27 05:32 . 2011-11-27 05:32 -------- d-----w- c:\programdata\IsolatedStorage
2011-11-27 05:31 . 2011-11-27 13:22 -------- d-----w- c:\users\dloomis\AppData\Roaming\ID Vault
2011-11-27 05:30 . 2011-11-27 14:22 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2011-11-27 05:30 . 2011-11-27 05:30 -------- d-----w- c:\programdata\White Sky, Inc
2011-11-27 05:22 . 2011-11-27 05:22 -------- d-----w- c:\users\dloomis\DoctorWeb
2011-11-27 03:35 . 2011-11-27 03:35 -------- d-----w- c:\users\dloomis\AppData\Roaming\qualys
2011-11-27 03:24 . 2011-11-27 03:25 -------- d-----w- c:\users\dloomis\AppData\Local\Google
2011-11-27 00:21 . 2011-11-26 02:26 532132088 ----a-w- C:\VMware-server-2.0.2-203138.exe
2011-11-27 00:13 . 2011-11-27 00:13 -------- d-----w- c:\program files (x86)\Common Files\VMware
2011-11-26 23:24 . 2011-11-26 23:24 -------- d-----w- c:\users\Public\ABBYY FineReader Engine 9.0
2011-11-26 23:24 . 2011-11-26 23:24 -------- d-----w- c:\users\dloomis\AppData\Roaming\ABBYY FineReader Engine 9.0
2011-11-26 23:24 . 2011-11-26 23:24 -------- d-----w- c:\users\dloomis\AppData\Local\ABBYY FineReader Engine 9.0
2011-11-26 22:59 . 2011-11-26 22:59 -------- d-----w- c:\program files (x86)\Common Files\Business Objects
2011-11-26 22:05 . 2011-11-26 22:05 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-26 22:05 . 2011-11-26 22:05 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-11-26 22:05 . 2011-11-26 22:05 -------- d-----w- c:\programdata\Hitman Pro
2011-11-26 20:35 . 2011-11-26 20:35 -------- d-----w- C:\Copy of VMware
2011-11-26 17:07 . 2011-11-26 17:07 -------- d-----w- c:\users\Dave\AppData\Roaming\qualys
2011-11-26 17:01 . 2011-11-26 17:01 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-26 16:42 . 2011-11-26 16:43 -------- d-----w- c:\users\Dave\AppData\Local\Google
2011-11-26 15:53 . 2011-11-26 22:46 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-11-26 15:53 . 2011-11-26 22:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-26 04:00 . 2011-11-26 04:00 -------- d-----w- c:\users\dloomis\AppData\Roaming\Malwarebytes
2011-11-26 04:00 . 2011-11-26 04:00 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 04:00 . 2011-11-27 19:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-26 02:17 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4C596EE-FE75-4251-99DA-3F2FBEFFA23C}\mpengine.dll
2011-11-09 13:28 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 13:28 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 13:28 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 13:28 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 13:55 . 2011-11-07 13:55 -------- d-----w- c:\program files (x86)\Equitrac
2011-10-30 22:41 . 2011-11-26 02:03 -------- d-----w- c:\program files\iTunes
2011-10-30 22:41 . 2011-11-26 02:02 -------- d-----w- c:\program files (x86)\iTunes
2011-10-30 22:41 . 2011-11-26 01:47 -------- d-----w- c:\program files\iPod
2011-10-30 22:39 . 2011-11-26 02:06 -------- d-----w- c:\program files\Bonjour
2011-10-30 22:39 . 2011-11-26 02:06 -------- d-----w- c:\program files (x86)\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 14:07 . 2011-06-10 20:22 1890 --sha-w- c:\programdata\KGyGaAvL.sys
2011-11-19 23:01 . 2011-06-16 23:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 09:06 . 2011-06-15 12:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-06 20:45 . 2011-06-10 00:48 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-06-10 00:48 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-06 20:45 . 2011-06-10 00:48 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-06-10 00:48 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:38 . 2011-06-10 00:48 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-06-10 00:48 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-06-10 00:48 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-06-10 00:48 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2011-06-10 00:48 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-01 05:24 . 2011-10-12 16:37 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 16:37 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 16:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 16:37 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 16:37 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 16:37 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
((((((((((((((((((((((((((((( [email protected]_07.16.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-27 05:32 . 2011-11-27 23:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-11-27 05:32 . 2011-11-27 05:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-11-27 22:28 . 2011-11-27 22:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2011-11-27 23:24 . 2011-11-27 23:24 79089 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Adobe\Acrobat\9.0\UserCache.bin
+ 2011-11-27 19:53 . 2011-11-27 23:24 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011112720111128\index.dat
+ 2011-11-27 19:43 . 2011-11-27 19:43 49120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2011-11-27 19:43 . 2011-11-27 23:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:09 . 2011-11-27 21:10 79220 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-28 00:29 43756 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-09 23:48 . 2011-11-27 21:10 10150 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2421173305-923280183-2936765214-1127_UserData.bin
- 2009-07-14 05:30 . 2011-11-27 00:52 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-11-27 13:19 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-13 23:31 . 2009-07-14 01:39 54272 c:\windows\system32\consrv.dll
- 2011-06-09 17:17 . 2011-11-27 05:42 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-09 17:17 . 2011-11-27 21:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-27 15:31 . 2011-11-27 21:07 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-27 05:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-27 21:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-27 23:31 . 2011-11-27 23:31 3135 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZWM2I7LV\blinkxremote55[1].exe
+ 2011-07-02 15:06 . 2011-11-27 18:48 5922 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3029194478-1851183931-3144514420-1000_UserData.bin
- 2011-11-27 05:52 . 2011-11-27 05:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-28 00:24 . 2011-11-28 00:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-28 00:24 . 2011-11-28 00:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-27 05:52 . 2011-11-27 05:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2011-11-28 00:25 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-09 18:05 . 2011-11-27 12:55 303266 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-11-27 06:02 771534 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-27 21:16 771534 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-27 21:16 160578 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-27 06:02 160578 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2011-11-27 13:19 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-11-27 00:52 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-11-27 13:19 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-11-27 00:51 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:12 . 2011-07-14 23:16 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-11-27 21:07 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:46 . 2011-11-27 14:07 119000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2011-11-27 05:51 415536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-28 00:24 415536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-27 19:33 . 2011-11-27 21:07 223744 c:\windows\assembly\temp\kwrd.dll
+ 2009-07-14 04:54 . 2011-11-28 00:25 3735552 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-28 00:25 6176768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-04 12:44 . 2011-11-27 05:51 8480328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-04 12:44 . 2011-11-28 00:24 8480328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-11-27 20:07 . 2011-11-28 00:24 6267480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2011-11-27 14:43 . 2011-11-27 14:43 1402880 c:\windows\Installer\e3d7f.msi
+ 2011-07-08 02:29 . 2011-11-27 19:32 13805032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3029194478-1851183931-3144514420-1000-12288.dat
- 2011-07-08 02:29 . 2011-11-27 03:03 13805032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3029194478-1851183931-3144514420-1000-12288.dat
+ 2011-07-07 03:10 . 2011-11-28 00:24 32749868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2421173305-923280183-2936765214-1127-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 910208]
"GoToMeeting"="c:\program files (x86)\Citrix\GoToMeeting\723\g2mstart.exe" [2011-06-15 39816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-02-03 1543016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\users\dloomis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\dloomis\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]
R2 IntactActionService;IntactActionService;c:\program files (x86)\InfoDynamics\IntactActionService\IntactActionService.exe [2010-09-02 16896]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-02-03 155496]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 OKI OPHG DCS Loader;OKI OPHG DCS Loader;c:\windows\system32\spool\DRIVERS\x64\3\OPHGLDCS.EXE [2007-05-29 20480]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-02-03 79208]
R3 Remark FTP Utility;Remark FTP Utility;c:\program files (x86)\Common Files\Gravic\RemarkFTPUtility12.exe [2009-09-04 65024]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 nlem64nt;nlem64nt; [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
S2 DocumentIndexingService;Document Indexing Service;c:\program files (x86)\InfoDynamics\Indexer\DocumentIndexingService.exe [2010-07-01 10752]
S2 Engine9DongleManagerService;FineReader Engine 9.0 Network License Server;c:\program files (x86)\InfoDynamics\License Server\EngineDongleManager.exe \service [x]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 hMailServer;hMailServer;c:\program files (x86)\hMailServer\Bin\hMailServer.exe RunAsService [x]
S2 IDM_DCPC_SNMP;MWA Intelligence DCPC Service;c:\program files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IDM_DCPC_SNMP.exe [2011-03-30 135168]
S2 IMPSDiscoveryEngine;IMPSDiscoveryEngine;c:\program files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IMPSDiscoveryEngine.exe [2011-03-30 160768]
S2 IMPSUpdateEngine;IMPSUpdateEngine;c:\program files (x86)\MWA Intelligence\iMPS Enterprise\IMPSUpdateEngine.exe [2011-03-30 46080]
S2 IntactFTPServer;IntactFTPServer;c:\program files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactFTPServer.exe [2009-03-12 36864]
S2 IntactWebServer;IntactWebServer;c:\program files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactWebServer.exe [2009-02-25 49152]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-02-26 40808]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-02-26 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 MSSQL$INTACT;SQL Server (INTACT);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 MWAServiceMonitor;MWAServiceMonitor;c:\program files (x86)\MWA Intelligence\iMPS Enterprise\DCPC Watchdog Service.exe [2011-03-24 10240]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMwareHostd;VMware Host Agent;c:\program files (x86)\VMware\VMware Server\vmware-hostd.exe [2009-10-20 322096]
S2 VMwareServerWebAccess;VMware Server Web Access;c:\program files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe [2009-10-20 57344]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127Core.job
- c:\users\dloomis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-27 03:24]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127UA.job
- c:\users\dloomis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-27 03:24]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000Core.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 16:42]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000UA.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 16:42]
.
2011-11-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2011-11-27 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\george\CF27271.3XE" [2010-11-21 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\VMware\VMware Server\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{25061D1D-6EF0-4AA5-9098-2491B61CC892}: NameServer = 132.145.80.89
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
FF - ProfilePath - c:\users\dloomis\AppData\Roaming\Mozilla\Firefox\Profiles\jbxhww7e.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.032"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.abr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.amr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ani"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.apd"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.arw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bay"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bmp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bwf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cel"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cr2"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.crw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cs1"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cur"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcx"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dib"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djv"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djvu"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dng"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.emf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.eps"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.erf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fff"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.flc"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fli"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fpx"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.gif"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.hdr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icl"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icn"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iff"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ilbm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.int"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.inta"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iw4"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2c"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2k"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jbr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jfif"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jif"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jp2"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpc"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpe"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpeg"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpg"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpk"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpx"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.kar"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.kdc"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.lbm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.m15"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.m1a"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.m2a"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.m75"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mef"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mos"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mpv"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mrw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nef"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nrw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.orf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcd"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pct"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcx"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pef"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pgm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pic"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pics"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pict"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pix"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.png"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ppm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psd"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspbrush"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspimage"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.qcp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.qtpf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ras"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgb"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgba"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rle"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rsb"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rw2"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rwl"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sdv"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sfil"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sgi"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.smf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.smi"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.smil"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sml"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sr2"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.srf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.swa"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tga"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.thm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tif"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tiff"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttc"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ulw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.vfw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbmp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wmf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xbm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xif"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xmp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xpm"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\InfoDynamics\License Server\EngineDongleManager.exe
c:\program files (x86)\hMailServer\Bin\hMailServer.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Server\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Citrix\GoToMeeting\723\g2mcomm.exe
c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files (x86)\Citrix\GoToMeeting\723\g2mlauncher.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-11-27 19:50:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-28 00:50
ComboFix2.txt 2011-11-27 07:39
.
Pre-Run: 337,321,529,344 bytes free
Post-Run: 337,395,531,776 bytes free
.
- - End Of File - - 25B0A699310A9103EA1042153EBEB421


11/26/2011 07:42
Scan of all local drives

File C:\$Recycle.Bin\S-1-5-21-2421173305-923280183-2936765214-1127\$RARICUC.exe|>\Disk1\data2.cab Error 42127 {CAB archive is corrupted.}
File C:\$Recycle.Bin\S-1-5-21-2421173305-923280183-2936765214-1127\$RZWT4AC.partial|>30050WINDOWS\data1.cab Error 42125 {ZIP archive is corrupted.}
File C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6287589a-70072e28|>report\FWriter.class is infected by Java:Agent-YX [Expl], Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6287589a-70072e28|>report\Generator.class is infected by Java:Agent-YT [Expl], Moved to chest
File C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6287589a-70072e28|>report\SmartyPointer.class is infected by Java:Agent-YU [Expl], Moved to chest
File C:\Users\dloomis\AppData\Local\Downloaded Installations\{8141400F-16CC-49A5-AECB-61CDB442B76F}\Intact SMART.msi|>Data1.cab|>logquery.exe is infected by Win32:Malware-gen, Move to chest: Error 42111 {The operation is not supported for this type of archive.}, Repair: Error 42060 {The file was not repaired.}, Move to chest: Error 42111 {The operation is not supported for this type of archive.}, Delete: Error 42111 {The operation is not supported for this type of archive.}, Delete: Error 42111 {The operation is not supported for this type of archive.}, Delete: Error 42111 {The operation is not supported for this type of archive.}, Move to chest: Error 42111 {The operation is not supported for this type of archive.}, Move to chest: Error 42111 {The operation is not supported for this type of archive.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}
File C:\Users\dloomis\Desktop\Desktop\Shortcuts_ Programs\AMMYY_Admin.exe is infected by Win32:PUP-gen [PUP], Repair: Error 42060 {The file was not repaired.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Deleted
File C:\Users\dloomis\Desktop\Microsoft Programs\Visio_Premium_2010_W32_English_1_Std_Pro_Prem_X16-33056.exe|>setup.exe Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Desktop\Programs\AMMYY_Admin.exe is infected by Win32:PUP-gen [PUP], Repair: Error 42060 {The file was not repaired.}, Deleted
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01File Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01_Validation Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM|>System.Web_dll_5_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe Error 42125 {ZIP archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01File Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01_Validation Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM|>System.Web_dll_5_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe Error 42125 {ZIP archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01File Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01_Validation Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM|>System.Web_dll_5_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe Error 42125 {ZIP archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\Installs\x64\Data1.cab|>dcewedp_plugin_0_2.dll Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01File Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01_Validation Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM|>System.Web_dll_5_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe Error 42125 {ZIP archive is corrupted.}
File C:\Windows\Installer\258468b.msi|>Data1.cab|>logquery.exe is infected by Win32:Malware-gen, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Move to chest: Error 42111 {The operation is not supported for this type of archive.}, Delete: Error 42111 {The operation is not supported for this type of archive.}
File C:\Windows\SoftwareDistribution\Download\6bf69e623ae77ce45ee143eaadd6fa5a\BITD77D.tmp|>6 Error 42127 {CAB archive is corrupted.}
File C:\Windows\SoftwareDistribution\Download\abda12ec477fe771732b0b74a1a0998d\BITDA15.tmp|>visio-x-none.msp Error 42127 {CAB archive is corrupted.}
File C:\Windows\SoftwareDistribution\Download\b91f19cb7db3eda85cd65d86b8eaf3a1\BITD8D9.tmp|>mrt.exe._p Error 42127 {CAB archive is corrupted.}
Number of searched folders: 34953
Number of tested files: 1473845
Number of infected files: 7

----------------------------------------
11/26/2011 23:02
Scan of all local drives

File C:\Program Files (x86)\InfoDynamics, Inc\Intact Document Solution\LogQuery.exe is infected by Win32:Malware-gen, Deleted
File C:\Users\dloomis\AppData\Local\Downloaded Installations\{8141400F-16CC-49A5-AECB-61CDB442B76F}\Intact SMART.msi|>Data1.cab|>logquery.exe is infected by Win32:Malware-gen, Repair: Error 42060 {The file was not repaired.}, Delete: Error 42111 {The operation is not supported for this type of archive.}, Move to chest: Error 42111 {The operation is not supported for this type of archive.}
File C:\Users\dloomis\Desktop\Microsoft Programs\Visio_Premium_2010_W32_English_1_Std_Pro_Prem_X16-33056.exe|>setup.exe Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01File Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01_Validation Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM|>System.Web_dll_5_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe Error 42125 {ZIP archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01File Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01_Validation Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM|>System.Web_dll_5_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe Error 42125 {ZIP archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01File Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01_Validation Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM|>System.Web_dll_5_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe Error 42125 {ZIP archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\Installs\x64\Data1.cab|>dcewedp_plugin_0_2.dll Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01File Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01_Validation Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM|>System.Web_dll_5_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe Error 42125 {ZIP archive is corrupted.}
File C:\Windows\Installer\258468b.msi|>Data1.cab|>logquery.exe is infected by Win32:Malware-gen, Delete: Error 42111 {The operation is not supported for this type of archive.}, Move to chest: Error 42111 {The operation is not supported for this type of archive.}, Repair: Error 42060 {The file was not repaired.}
File C:\Windows\SoftwareDistribution\Download\6bf69e623ae77ce45ee143eaadd6fa5a\BITD77D.tmp|>6 Error 42127 {CAB archive is corrupted.}
File C:\Windows\SoftwareDistribution\Download\abda12ec477fe771732b0b74a1a0998d\BITDA15.tmp|>visio-x-none.msp Error 42127 {CAB archive is corrupted.}
File C:\Windows\SoftwareDistribution\Download\b91f19cb7db3eda85cd65d86b8eaf3a1\BITD8D9.tmp|>mrt.exe._p Error 42127 {CAB archive is corrupted.}
Number of searched folders: 35002
Number of tested files: 1410650
Number of infected files: 3

----------------------------------------
11/27/2011 19:56
Scan of all local drives

Scanning aborted

Number of searched folders: 0
Number of tested files: 1
Number of infected files: 0

----------------------------------------
11/27/2011 19:59
Scan of all local drives

File C:\Users\dloomis\AppData\Local\Downloaded Installations\{8141400F-16CC-49A5-AECB-61CDB442B76F}\Intact SMART.msi|>Data1.cab|>logquery.exe is infected by Win32:Malware-gen, Delete: Error 42111 {The operation is not supported for this type of archive.}
File C:\Users\dloomis\Desktop\Microsoft Programs\Visio_Premium_2010_W32_English_1_Std_Pro_Prem_X16-33056.exe|>setup.exe Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01File Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01_Validation Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM|>System.Web_dll_5_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe Error 42125 {ZIP archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01File Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01_Validation Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM|>System.Web_dll_5_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe Error 42125 {ZIP archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01File Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01_Validation Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM|>System.Web_dll_5_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe|>netfx.msi Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\CD.zip|>dotnet\dotnetfx.exe Error 42125 {ZIP archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958\Installs\x64\Data1.cab|>dcewedp_plugin_0_2.dll Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01File Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>01_Validation Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM|>System.Web_dll_5_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi|>_13017_URTM_STD_ENU_X86_IXP.MSM Error 42144 {OLE archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe|>netfx.msi Error 42127 {CAB archive is corrupted.}
File C:\Users\dloomis\Documents\Work Folder\Sharp OSA_Partners\Equitrac\Equitrac Files version 4.2\EE Install CD\810-0003 v03 EquitracExpress4.2.0.3958.zip|>CD.zip|>dotnet\dotnetfx.exe Error 42125 {ZIP archive is corrupted.}
File C:\Windows\assembly\GAC_64\Desktop.ini is infected by Win32:Malware-gen, Repair: Error 42060 {The file was not repaired.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Deleted
File C:\Windows\assembly\temp\kwrd.dll|>[UPX] is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Windows\assembly\temp\U\[email protected]|>[Embedded_R#00290]|>[UPX] is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Windows\assembly\temp\U\[email protected] is infected by Win32:DNSChanger-VJ [Trj], Moved to chest
File C:\Windows\Installer\258468b.msi|>Data1.cab|>logquery.exe is infected by Win32:Malware-gen, Move to chest: Error 42111 {The operation is not supported for this type of archive.}
File C:\Windows\SoftwareDistribution\Download\6bf69e623ae77ce45ee143eaadd6fa5a\BITD77D.tmp|>6 Error 42127 {CAB archive is corrupted.}
File C:\Windows\SoftwareDistribution\Download\abda12ec477fe771732b0b74a1a0998d\BITDA15.tmp|>visio-x-none.msp Error 42127 {CAB archive is corrupted.}
File C:\Windows\SoftwareDistribution\Download\b91f19cb7db3eda85cd65d86b8eaf3a1\BITD8D9.tmp|>mrt.exe._p Error 42127 {CAB archive is corrupted.}
File C:\Windows\System32\consrv.dll|>[Embedded_I#1ac7] is infected by Win32:Malware-gen, Moved to chest
File C:\Windows\System32\consrv.dll is infected by Win32:Malware-gen, Moved to chest
Number of searched folders: 35170
Number of tested files: 1379817
Number of infected files: 8
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP