Hi Ron,
Here are the logs from Malwarebytes, Combo and OTL. The other two programs don't start- TDSSKiller and aswMBR. Thank you for your help. I'll stand by for your reply:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8253
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
11/27/2011 2:59:02 PM
mbam-log-2011-11-27 (14-59-02).txt
Scan type: Quick scan
Objects scanned: 272904
Time elapsed: 1 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
_________________________________________
ComboFix 11-11-26.04 - dloomis 11/27/2011 1:32.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8079.5335 [GMT -5:00]
Running from: c:\users\dloomis\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\contacts.bin
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\hr3
c:\programdata\AMMYY\settings.bin
c:\programdata\AMMYY\settings3.bin
c:\programdata\PCDr\5849\AddOnDownloaded\96963609-8feb-4f10-b100-425cef18a0db.dll
c:\programdata\PCDr\5849\AddOnDownloaded\a2010314-d0e4-41be-bfeb-ca5bf837f119.dll
c:\programdata\Roaming
c:\users\dloomis\g2mdlhlpx.exe
c:\users\dloomis\GoToAssistDownloadHelper.exe
c:\windows\system32\Thumbs.db
c:\windows\SysWow64\regobj.dll
Q:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-27 07:14 . 2011-11-27 07:14 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2011-11-27 07:14 . 2011-11-27 07:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-27 07:14 . 2011-11-27 07:14 -------- d-----w- c:\users\Dave\AppData\Local\temp
2011-11-27 07:14 . 2011-11-27 07:14 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2011-11-27 07:14 . 2011-11-27 07:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-27 07:14 . 2011-11-27 07:14 -------- d-----w- c:\users\Administrator.DL-ITDEPT\AppData\Local\temp
2011-11-27 05:45 . 2011-11-27 05:45 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-11-27 05:43 . 2010-08-21 04:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-11-27 05:42 . 2011-11-27 05:42 174640 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-11-27 05:42 . 2011-11-27 05:42 -------- d-----w- c:\program files\Symantec
2011-11-27 05:42 . 2011-11-27 05:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-11-27 05:42 . 2011-11-27 05:42 -------- d-----w- c:\windows\system32\drivers\N360x64
2011-11-27 05:42 . 2011-11-27 05:42 -------- d-----w- c:\program files (x86)\Norton Security Suite
2011-11-27 05:42 . 2011-11-27 05:42 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-11-27 05:40 . 2011-11-27 05:42 -------- d-----w- c:\programdata\Norton
2011-11-27 05:32 . 2011-11-27 05:33 -------- d-----w- c:\users\dloomis\AppData\Local\ID Vault
2011-11-27 05:32 . 2011-11-27 05:32 -------- d-----w- c:\programdata\IsolatedStorage
2011-11-27 05:31 . 2011-11-18 21:37 91720 ----a-w- c:\program files (x86)\Mozilla Firefox\IdVaultCore.XmlSerializers.dll
2011-11-27 05:31 . 2011-11-18 21:37 1642056 ----a-w- c:\program files (x86)\Mozilla Firefox\IdVaultCore.dll
2011-11-27 05:30 . 2011-11-27 05:30 -------- d-----w- c:\programdata\White Sky, Inc
2011-11-27 05:22 . 2011-11-27 05:22 -------- d-----w- c:\users\dloomis\DoctorWeb
2011-11-27 03:35 . 2011-11-27 03:35 -------- d-----w- c:\users\dloomis\AppData\Roaming\qualys
2011-11-27 03:24 . 2011-11-27 03:25 -------- d-----w- c:\users\dloomis\AppData\Local\Google
2011-11-27 03:22 . 2011-11-27 03:22 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-11-27 00:52 . 2009-10-20 19:23 65072 ----a-w- c:\windows\system32\drivers\vmci.sys
2011-11-27 00:52 . 2009-10-20 19:22 38448 ----a-w- c:\windows\system32\drivers\hcmon.sys
2011-11-27 00:52 . 2009-10-20 19:23 76336 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-11-27 00:51 . 2009-10-20 19:21 326192 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2011-11-27 00:51 . 2009-10-20 19:22 399920 ----a-w- c:\windows\SysWow64\vmnat.exe
2011-11-27 00:51 . 2009-10-20 19:23 30256 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-11-27 00:51 . 2009-10-20 19:22 920112 ----a-w- c:\windows\system32\vnetlib64.dll
2011-11-27 00:21 . 2011-11-26 02:26 532132088 ----a-w- C:\VMware-server-2.0.2-203138.exe
2011-11-27 00:13 . 2011-11-27 00:13 -------- d-----w- c:\program files (x86)\Common Files\VMware
2011-11-26 23:24 . 2011-11-26 23:24 -------- d-----w- c:\users\Public\ABBYY FineReader Engine 9.0
2011-11-26 23:24 . 2011-11-26 23:24 -------- d-----w- c:\users\dloomis\AppData\Roaming\ABBYY FineReader Engine 9.0
2011-11-26 23:24 . 2011-11-26 23:24 -------- d-----w- c:\users\dloomis\AppData\Local\ABBYY FineReader Engine 9.0
2011-11-26 22:59 . 2011-11-26 22:59 -------- d-----w- c:\program files (x86)\Common Files\Business Objects
2011-11-26 22:05 . 2011-11-26 22:05 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-26 22:05 . 2011-11-26 22:05 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-11-26 22:05 . 2011-11-26 22:05 -------- d-----w- c:\programdata\Hitman Pro
2011-11-26 20:35 . 2011-11-26 20:35 -------- d-----w- C:\Copy of VMware
2011-11-26 17:07 . 2011-11-26 17:07 -------- d-----w- c:\users\Dave\AppData\Roaming\qualys
2011-11-26 17:01 . 2011-11-26 17:01 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-26 16:42 . 2011-11-26 16:43 -------- d-----w- c:\users\Dave\AppData\Local\Google
2011-11-26 15:53 . 2011-11-26 22:46 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-11-26 15:53 . 2011-11-26 22:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-26 04:00 . 2011-11-26 04:00 -------- d-----w- c:\users\dloomis\AppData\Roaming\Malwarebytes
2011-11-26 04:00 . 2011-11-26 04:00 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 04:00 . 2011-11-26 04:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-26 02:17 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4C596EE-FE75-4251-99DA-3F2FBEFFA23C}\mpengine.dll
2011-11-09 13:28 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 13:28 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 13:28 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 13:28 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 13:55 . 2011-11-07 13:55 -------- d-----w- c:\program files (x86)\Equitrac
2011-10-30 22:41 . 2011-11-26 02:03 -------- d-----w- c:\program files\iTunes
2011-10-30 22:41 . 2011-11-26 02:02 -------- d-----w- c:\program files (x86)\iTunes
2011-10-30 22:41 . 2011-11-26 01:47 -------- d-----w- c:\program files\iPod
2011-10-30 22:39 . 2011-11-26 02:06 -------- d-----w- c:\program files\Bonjour
2011-10-30 22:39 . 2011-11-26 02:06 -------- d-----w- c:\program files (x86)\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 14:07 . 2011-06-10 20:22 1890 --sha-w- c:\programdata\KGyGaAvL.sys
2011-11-19 23:01 . 2011-06-16 23:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 09:06 . 2011-06-15 12:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-06 20:45 . 2011-06-10 00:48 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-06-10 00:48 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-06 20:45 . 2011-06-10 00:48 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-06-10 00:48 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:38 . 2011-06-10 00:48 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-06-10 00:48 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-06-10 00:48 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-06-10 00:48 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2011-06-10 00:48 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-01 05:24 . 2011-10-12 16:37 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 16:37 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 16:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 16:37 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 16:37 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 16:37 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 910208]
"GoToMeeting"="c:\program files (x86)\Citrix\GoToMeeting\723\g2mstart.exe" [2011-06-15 39816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-02-03 1543016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"SharpTray.exe"="c:\program files (x86)\Sharp\Sharpdesk\SharpTray.exe" [2010-03-08 131584]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"IndexTray.exe"="c:\program files (x86)\Sharp\Sharpdesk\IndexTray.exe" [2010-03-08 395264]
"FtpServer.exe"="c:\program files (x86)\Sharp\Sharpdesk\FtpServer.exe" [2010-02-22 819712]
.
c:\users\dloomis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\dloomis\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-18 1202976]
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2011-11-18 4680264]
Intact Printer.lnk - c:\program files (x86)\InfoDynamics, Inc\Intact Document Solution\IntactPrinter.Net.exe [2011-4-28 75776]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-4-24 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]
R2 IntactActionService;IntactActionService;c:\program files (x86)\InfoDynamics\IntactActionService\IntactActionService.exe [2010-09-02 16896]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-02-03 155496]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 OKI OPHG DCS Loader;OKI OPHG DCS Loader;c:\windows\system32\spool\DRIVERS\x64\3\OPHGLDCS.EXE [2007-05-29 20480]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-02-03 79208]
R3 Remark FTP Utility;Remark FTP Utility;c:\program files (x86)\Common Files\Gravic\RemarkFTPUtility12.exe [2009-09-04 65024]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 nlem64nt;nlem64nt; [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0500000.07D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0500000.07D\SYMEFA64.SYS [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-23 953904]
S1 GIDv2;GIDv2; [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSVia64.sys [2010-11-11 476792]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0500000.07D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0500000.07D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
S2 DocumentIndexingService;Document Indexing Service;c:\program files (x86)\InfoDynamics\Indexer\DocumentIndexingService.exe [2010-07-01 10752]
S2 Engine9DongleManagerService;FineReader Engine 9.0 Network License Server;c:\program files (x86)\InfoDynamics\License Server\EngineDongleManager.exe \service [x]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 hMailServer;hMailServer;c:\program files (x86)\hMailServer\Bin\hMailServer.exe RunAsService [x]
S2 IDM_DCPC_SNMP;MWA Intelligence DCPC Service;c:\program files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IDM_DCPC_SNMP.exe [2011-03-30 135168]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2011-11-18 63048]
S2 IMPSDiscoveryEngine;IMPSDiscoveryEngine;c:\program files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IMPSDiscoveryEngine.exe [2011-03-30 160768]
S2 IMPSUpdateEngine;IMPSUpdateEngine;c:\program files (x86)\MWA Intelligence\iMPS Enterprise\IMPSUpdateEngine.exe [2011-03-30 46080]
S2 IntactFTPServer;IntactFTPServer;c:\program files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactFTPServer.exe [2009-03-12 36864]
S2 IntactWebServer;IntactWebServer;c:\program files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactWebServer.exe [2009-02-25 49152]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-02-26 40808]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-02-26 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 MSSQL$INTACT;SQL Server (INTACT);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 MWAServiceMonitor;MWAServiceMonitor;c:\program files (x86)\MWA Intelligence\iMPS Enterprise\DCPC Watchdog Service.exe [2011-03-24 10240]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.0.0.125\ccSvcHst.exe [2010-11-24 130000]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMwareHostd;VMware Host Agent;c:\program files (x86)\VMware\VMware Server\vmware-hostd.exe [2009-10-20 322096]
S2 VMwareServerWebAccess;VMware Server Web Access;c:\program files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe [2009-10-20 57344]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-25 138360]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ERASERUTILREBOOTDRV
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 15:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127Core.job
- c:\users\dloomis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-27 03:24]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127UA.job
- c:\users\dloomis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-27 03:24]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000Core.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 16:42]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000UA.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 16:42]
.
2011-11-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2011-11-26 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2010-12-09 380776]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-02-26 41320]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2010-12-17 281448]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-15 316032]
"SR0XRCV"="c:\windows\system32\spool\drivers\x64\3\SR0XRCV.exe" [2006-10-23 102400]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\VMware\VMware Server\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{25061D1D-6EF0-4AA5-9098-2491B61CC892}: NameServer = 132.145.80.89
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
FF - ProfilePath - c:\users\dloomis\AppData\Roaming\Mozilla\Firefox\Profiles\jbxhww7e.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.0.0.125\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.032"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.abr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.amr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ani"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.apd"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.arw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bay"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bmp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bwf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cel"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cr2"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.crw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cs1"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cur"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcx"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dib"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djv"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djvu"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dng"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.emf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.eps"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.erf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fff"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.flc"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fli"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fpx"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.gif"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.hdr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icl"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icn"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iff"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ilbm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.int"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.inta"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iw4"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2c"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2k"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jbr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jfif"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jif"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jp2"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpc"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpe"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpeg"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpg"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpk"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpx"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.kar"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.kdc"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.lbm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.m15"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.m1a"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.m2a"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.m75"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mef"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mos"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mpv"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mrw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nef"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nrw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.orf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcd"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pct"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcx"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pef"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pgm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pic"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pics"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pict"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pix"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.png"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ppm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psd"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspbrush"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspimage"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.qcp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.qtpf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ras"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgb"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgba"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rle"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rsb"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rw2"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rwl"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sdv"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sfil"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sgi"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.smf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.smi"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.smil"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sml"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sr2"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.srf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.swa"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tga"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.thm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tif"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tiff"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttc"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ulw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.vfw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbmp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wmf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xbm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xif"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xmp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xpm"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-27 02:38:57
ComboFix-quarantined-files.txt 2011-11-27 07:38
.
Pre-Run: 336,165,302,272 bytes free
Post-Run: 335,749,832,704 bytes free
.
- - End Of File - - 60CD58388E7469476357F12FFDFD6D84
_______________________________________________________-
OTL logfile created on: 11/27/2011 3:29:39 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\dloomis\Desktop\geeks
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.89 Gb Total Physical Memory | 4.79 Gb Available Physical Memory | 60.74% Memory free
15.78 Gb Paging File | 12.44 Gb Available in Paging File | 78.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.96 Gb Total Space | 313.57 Gb Free Space | 69.84% Space Free | Partition Type: NTFS
Drive E: | 3.62 Gb Total Space | 3.24 Gb Free Space | 89.53% Space Free | Partition Type: FAT32
Drive O: | 448.96 Gb Total Space | 313.57 Gb Free Space | 69.84% Space Free | Partition Type: CSC-CACHE
Drive Q: | 15.62 Gb Total Space | 6.73 Gb Free Space | 43.08% Space Free | Partition Type: NTFS
Computer Name: DL-ITDEPT | User Name: dloomis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/11/27 10:54:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\dloomis\Desktop\geeks\OTL.exe
PRC - [2011/09/06 15:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/15 12:28:18 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe
PRC - [2011/06/15 12:28:18 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mlauncher.exe
PRC - [2011/06/15 12:28:18 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mcomm.exe
PRC - [2011/03/30 15:24:26 | 000,135,168 | ---- | M] (MWA Intelligence) -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IDM_DCPC_SNMP.exe
PRC - [2011/03/30 08:58:30 | 000,160,768 | ---- | M] (MWA Intelligence) -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IMPSDiscoveryEngine.exe
PRC - [2011/03/30 08:57:32 | 000,046,080 | ---- | M] (MWA Intelligence) -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\IMPSUpdateEngine.exe
PRC - [2011/03/24 14:01:18 | 000,010,240 | ---- | M] (MWA Intelligence) -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\DCPC Watchdog Service.exe
PRC - [2011/03/14 19:04:14 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2011/02/25 20:46:30 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011/02/25 20:46:14 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/16 20:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/01/16 20:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/29 01:18:32 | 000,137,656 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2010/12/29 01:18:14 | 000,259,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2010/12/14 16:07:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2010/12/01 22:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/11/29 14:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010/11/24 02:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/11/20 22:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/07/01 05:05:32 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\InfoDynamics\Indexer\DocumentIndexingService.exe
PRC - [2010/06/07 06:39:36 | 005,395,968 | ---- | M] (hMailServer) -- C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe
PRC - [2010/04/07 00:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010/04/01 00:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010/03/11 16:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/02/15 17:23:30 | 000,595,208 | ---- | M] (ABBYY) -- C:\Program Files (x86)\InfoDynamics\License Server\EngineDongleManager.exe
PRC - [2009/10/20 16:27:34 | 000,057,344 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\tomcat6.exe
PRC - [2009/10/20 14:22:06 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2009/10/20 14:21:56 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2009/10/20 14:21:20 | 000,322,096 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe
PRC - [2009/10/20 14:21:20 | 000,121,392 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe
PRC - [2009/07/13 20:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2009/05/28 00:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/03/12 15:11:00 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactFTPServer.exe
PRC - [2009/02/25 09:52:50 | 000,049,152 | ---- | M] (InfoDynamics, Inc) -- C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactWebServer.exe
PRC - [2008/01/10 14:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
========== Modules (No Company Name) ========== MOD - [2011/03/16 23:11:16 | 004,297,568 | -H-- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/20 22:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 22:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/05/28 00:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
========== Win32 Services (SafeList) ========== SRV:
64bit: - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:
64bit: - [2011/02/25 20:46:30 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:
64bit: - [2011/02/25 20:46:14 | 000,040,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:
64bit: - [2011/01/26 06:38:11 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:
64bit: - [2010/12/18 17:50:36 | 000,962,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:
64bit: - [2010/12/17 16:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:
64bit: - [2010/12/17 16:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:
64bit: - [2010/12/17 07:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:
64bit: - [2010/12/15 18:46:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:
64bit: - [2010/12/03 15:01:54 | 000,116,072 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV:
64bit: - [2010/12/02 21:00:56 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:
64bit: - [2010/12/01 22:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:
64bit: - [2010/11/24 02:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:
64bit: - [2010/11/20 22:24:51 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:
64bit: - [2010/11/20 22:24:38 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:
64bit: - [2010/11/12 04:48:50 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:
64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:
64bit: - [2010/04/07 00:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:
64bit: - [2009/11/05 11:24:00 | 001,044,992 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\LMabcoms.exe -- (lmab_device)
SRV:
64bit: - [2009/07/13 20:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
SRV:
64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:
64bit: - [2009/07/13 20:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
SRV:
64bit: - [2009/07/13 20:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:
64bit: - [2007/05/29 18:48:04 | 000,020,480 | ---- | M] (Oki Data Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\OPHGLDCS.EXE -- (OKI OPHG DCS Loader)
SRV - [2011/03/30 15:24:26 | 000,135,168 | ---- | M] (MWA Intelligence) [Auto | Running] -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IDM_DCPC_SNMP.exe -- (IDM_DCPC_SNMP)
SRV - [2011/03/30 08:58:30 | 000,160,768 | ---- | M] (MWA Intelligence) [Auto | Running] -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IMPSDiscoveryEngine.exe -- (IMPSDiscoveryEngine)
SRV - [2011/03/30 08:57:32 | 000,046,080 | ---- | M] (MWA Intelligence) [Auto | Running] -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\IMPSUpdateEngine.exe -- (IMPSUpdateEngine)
SRV - [2011/03/24 14:01:18 | 000,010,240 | ---- | M] (MWA Intelligence) [Auto | Running] -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\DCPC Watchdog Service.exe -- (MWAServiceMonitor)
SRV - [2011/03/14 19:04:14 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/03 13:45:00 | 000,155,496 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2011/02/03 13:45:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011/01/16 20:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/01/16 20:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/12/14 16:07:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010/11/29 14:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel®
SRV - [2010/11/20 22:25:10 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/11/20 22:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 22:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 22:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/09/02 13:06:38 | 000,016,896 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\InfoDynamics\IntactActionService\IntactActionService.exe -- (IntactActionService)
SRV - [2010/07/01 05:05:32 | 000,010,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\InfoDynamics\Indexer\DocumentIndexingService.exe -- (DocumentIndexingService)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/06/07 06:39:36 | 005,395,968 | ---- | M] (hMailServer) [Auto | Running] -- C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe -- (hMailServer)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 16:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/15 17:23:30 | 000,595,208 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\InfoDynamics\License Server\EngineDongleManager.exe -- (Engine9DongleManagerService)
SRV - [2009/11/05 11:24:00 | 000,593,920 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\LMabcoms.exe -- (lmab_device)
SRV - [2009/10/20 16:27:34 | 000,057,344 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe -- (VMwareServerWebAccess)
SRV - [2009/10/20 14:22:06 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/20 14:21:56 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/20 14:21:20 | 000,322,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe -- (VMwareHostd)
SRV - [2009/10/20 14:21:20 | 000,121,392 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/09/03 21:22:46 | 000,065,024 | ---- | M] (Gravic) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Gravic\RemarkFTPUtility12.exe -- (Remark FTP Utility)
SRV - [2009/07/13 20:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/23 14:49:56 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/03/12 15:11:00 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactFTPServer.exe -- (IntactFTPServer)
SRV - [2009/02/25 09:52:50 | 000,049,152 | ---- | M] (InfoDynamics, Inc) [Auto | Running] -- C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactWebServer.exe -- (IntactWebServer)
SRV - [2008/01/10 14:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2007/05/24 06:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2011/09/06 15:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:
64bit: - [2011/09/06 15:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:
64bit: - [2011/09/06 15:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:
64bit: - [2011/09/06 15:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:
64bit: - [2011/09/06 15:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:
64bit: - [2011/09/06 15:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:
64bit: - [2011/06/04 07:28:54 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:
64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:
64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2011/03/10 22:10:38 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:
64bit: - [2011/03/10 22:10:30 | 012,264,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:
64bit: - [2011/02/17 05:25:02 | 001,419,824 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:
64bit: - [2011/02/09 13:48:56 | 001,577,600 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:
64bit: - [2011/02/03 13:45:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:
64bit: - [2011/02/03 13:45:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:
64bit: - [2010/12/23 14:55:44 | 000,166,528 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:
64bit: - [2010/12/21 11:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:
64bit: - [2010/12/20 11:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®
DRV:
64bit: - [2010/12/18 02:58:00 | 000,425,000 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:
64bit: - [2010/12/18 02:57:34 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:
64bit: - [2010/12/18 02:57:34 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:
64bit: - [2010/12/18 02:57:32 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:
64bit: - [2010/12/18 02:57:32 | 000,145,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:
64bit: - [2010/12/15 18:45:16 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:
64bit: - [2010/12/15 18:43:00 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:
64bit: - [2010/12/14 21:12:00 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:
64bit: - [2010/12/03 15:01:58 | 000,031,592 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV:
64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:
64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:
64bit: - [2010/11/20 08:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:
64bit: - [2010/11/20 08:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:
64bit: - [2010/11/20 06:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:
64bit: - [2010/11/20 06:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:
64bit: - [2010/11/12 04:48:30 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:
64bit: - [2010/11/05 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:
64bit: - [2010/10/19 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:
64bit: - [2010/09/07 00:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:
64bit: - [2010/08/20 23:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:
64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:
64bit: - [2009/12/02 02:33:30 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:
64bit: - [2009/10/20 14:23:48 | 000,076,336 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:
64bit: - [2009/10/20 14:23:44 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:
64bit: - [2009/10/20 14:23:36 | 000,065,072 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:
64bit: - [2009/10/20 14:22:54 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:
64bit: - [2009/10/20 14:21:10 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:
64bit: - [2009/10/20 14:21:10 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:
64bit: - [2009/09/24 06:58:38 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:
64bit: - [2009/09/09 12:38:24 | 000,072,736 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\nlem64nt.sys -- (nlem64nt)
DRV:
64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:
64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://lenovo.msn.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://lenovo.msn.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2421173305-923280183-2936765214-1127\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2421173305-923280183-2936765214-1127\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/IE - HKU\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "
http://search.yahoo....type=685749&p="FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF:
64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\dloomis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\dloomis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/25 21:07:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/14 17:44:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011/06/14 17:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dloomis\AppData\Roaming\mozilla\Extensions
[2011/11/27 08:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/15 07:18:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/25 21:07:14 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
========== Chrome ========== CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url =
http://search.yahoo....p={searchTerms}CHR - default_search_provider: suggest_url =
http://ff.search.yah...d={searchTerms}CHR - plugin: Shockwave Flash (Enabled) = C:\Users\dloomis\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\dloomis\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\dloomis\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\dloomis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\dloomis\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Qualys BrowserCheck = C:\Users\dloomis\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekpjhkjhpbabigpoojijebfpficekjp\1.3.23.1_0\
Hosts file not found
O2:
64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:
64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2421173305-923280183-2936765214-1127\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKU\S-1-5-21-2421173305-923280183-2936765214-1127..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - Startup: C:\Users\dloomis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\dloomis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2421173305-923280183-2936765214-1127\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2421173305-923280183-2936765214-1127\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:
64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:
64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:
64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:
64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll (VMware, Inc.)
O15 - HKU\S-1-5-21-2421173305-923280183-2936765214-1127\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
https://browsercheck....com/qbc_ax.cab (Qualys BrowserCheck)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}
http://75.147.67.38:...dows-i586-p.exe (Java Plug-in)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
https://lexmark-even...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MANNING.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D1B0F2F-6668-45DA-ABF9-F27D23542FD6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25061D1D-6EF0-4AA5-9098-2491B61CC892}: NameServer = 132.145.80.89
O18:
64bit: - Protocol\Handler\intu-help-qb1 - No CLSID value found
O18:
64bit: - Protocol\Handler\livecall - No CLSID value found
O18:
64bit: - Protocol\Handler\msnim - No CLSID value found
O18:
64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:
64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:
64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:
64bit: - Protocol\Handler\sds - No CLSID value found
O18:
64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:
64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\sds {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files (x86)\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
O20:
64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:
64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/27 08:55:49 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/11/27 15:23:46 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/27 15:03:19 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\geeks
[2011/11/27 14:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/27 12:54:02 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Users\dloomis\AppData\Local\ndf.exe
[2011/11/27 12:54:02 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Users\dloomis\AppData\Local\fmd.exe
[2011/11/27 12:43:31 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/11/27 12:43:19 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Users\dloomis\AppData\Local\wif.exe
[2011/11/27 10:03:34 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\GooredFix Backups
[2011/11/27 09:43:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/11/27 09:43:56 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/27 09:01:52 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Local\CrashDumps
[2011/11/27 08:55:37 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/11/27 08:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/11/27 08:54:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/11/27 08:49:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/27 08:19:55 | 000,065,072 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmci.sys
[2011/11/27 08:19:51 | 000,038,448 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2011/11/27 08:19:49 | 000,076,336 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2011/11/27 08:19:10 | 000,326,192 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2011/11/27 08:19:06 | 000,399,920 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2011/11/27 08:19:05 | 000,030,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2011/11/27 08:18:58 | 000,920,112 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2011/11/27 01:21:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/27 01:21:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/27 01:21:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/27 01:20:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/27 01:14:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/27 00:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/11/27 00:43:05 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/11/27 00:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/11/27 00:42:25 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Documents\Symantec
[2011/11/27 00:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/11/27 00:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2011/11/27 00:32:35 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Local\ID Vault
[2011/11/27 00:31:18 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\ID Vault
[2011/11/27 00:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Constant Guard Protection Suite
[2011/11/27 00:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\White Sky, Inc
[2011/11/27 00:22:46 | 000,000,000 | ---D | C] -- C:\Users\dloomis\DoctorWeb
[2011/11/26 22:35:49 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\qualys
[2011/11/26 22:25:12 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/11/26 22:24:34 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Local\Google
[2011/11/26 19:51:03 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware
[2011/11/26 19:21:20 | 532,132,088 | ---- | C] (VMware, Inc.) -- C:\VMware-server-2.0.2-203138.exe
[2011/11/26 19:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2011/11/26 18:24:13 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\ABBYY FineReader Engine 9.0
[2011/11/26 18:24:13 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Local\ABBYY FineReader Engine 9.0
[2011/11/26 18:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sherpa
[2011/11/26 17:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Business Objects
[2011/11/26 17:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/11/26 17:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/11/26 15:35:20 | 000,000,000 | ---D | C] -- C:\Copy of VMware
[2011/11/26 12:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/11/26 10:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/11/26 10:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/11/25 23:00:36 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\Malwarebytes
[2011/11/25 23:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/25 23:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/25 21:21:30 | 532,132,088 | ---- | C] (VMware, Inc.) -- C:\Users\dloomis\Desktop\VMware-server-2.0.2-203138.exe
[2011/11/21 09:08:55 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\OMD
[2011/11/08 14:03:46 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\Panasonic
[2011/11/07 09:31:53 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\6420-1055_equitrac_medusa_1_12_08
[2011/11/07 08:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Equitrac
[2011/11/07 08:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Equitrac
[2011/10/30 17:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/30 17:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/30 17:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/30 17:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/30 17:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/30 17:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/08/30 20:48:53 | 001,040,384 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabserv.dll
[2011/08/30 20:48:53 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcomc.dll
[2011/08/30 20:48:53 | 000,593,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcoms.exe
[2011/08/30 20:48:53 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcomm.dll
[2011/08/30 20:48:53 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabhcp.dll
========== Files - Modified Within 30 Days ========== [2011/11/27 15:29:04 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127UA.job
[2011/11/27 15:17:28 | 000,931,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/27 15:17:28 | 000,771,534 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/27 15:17:28 | 000,160,578 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/27 15:16:22 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 15:16:22 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 15:08:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/27 15:08:36 | 2058,801,151 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/27 14:47:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000UA.job
[2011/11/27 14:31:17 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/27 12:54:12 | 000,007,470 | -HS- | M] () -- C:\Users\dloomis\AppData\Local\041730n6j756f472t653x1hmb4g0
[2011/11/27 12:54:12 | 000,007,470 | -HS- | M] () -- C:\ProgramData\041730n6j756f472t653x1hmb4g0
[2011/11/27 12:54:02 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Users\dloomis\AppData\Local\ndf.exe
[2011/11/27 12:54:02 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Users\dloomis\AppData\Local\fmd.exe
[2011/11/27 12:43:19 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Users\dloomis\AppData\Local\wif.exe
[2011/11/27 10:26:22 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/11/27 08:55:49 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/11/26 22:29:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127Core.job
[2011/11/26 18:14:45 | 000,001,899 | ---- | M] () -- C:\Users\dloomis\Desktop\Compass Sherpa.lnk
[2011/11/26 17:05:44 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/11/26 11:47:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000Core.job
[2011/11/25 21:26:07 | 532,132,088 | ---- | M] (VMware, Inc.) -- C:\VMware-server-2.0.2-203138.exe
[2011/11/25 21:26:07 | 532,132,088 | ---- | M] (VMware, Inc.) -- C:\Users\dloomis\Desktop\VMware-server-2.0.2-203138.exe
[2011/11/25 21:11:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/25 16:14:15 | 000,000,336 | ---- | M] () -- C:\ProgramData\IoohtsDmVFndjq
[2011/11/23 13:19:25 | 000,002,008 | -H-- | M] () -- C:\Users\dloomis\Documents\Default.rdp
[2011/11/23 12:15:21 | 000,000,441 | ---- | M] () -- C:\Users\dloomis\Documents\ChatLog Print Submission Webinar 2011_11_23 12_15.rtf
[2011/11/22 16:30:09 | 003,409,919 | ---- | M] () -- C:\Users\dloomis\Desktop\websubmission.pdf
[2011/11/21 09:07:47 | 000,001,890 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/11/21 09:07:04 | 000,007,597 | ---- | M] () -- C:\Users\dloomis\AppData\Local\Resmon.ResmonCfg
[2011/11/19 18:01:36 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/16 11:28:59 | 000,383,432 | ---- | M] () -- C:\Users\dloomis\Desktop\OCM Comments.pdf
[2011/11/14 19:14:42 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/11/10 15:01:00 | 000,456,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/09 11:35:17 | 000,965,838 | ---- | M] () -- C:\Users\dloomis\Desktop\Faxcore_ PO.pdf
[2011/11/09 09:50:41 | 000,071,125 | ---- | M] () -- C:\Users\dloomis\Desktop\GroupReport.pdf
[2011/11/04 22:09:48 | 000,018,281 | ---- | M] () -- C:\Users\dloomis\Desktop\success.csv
[2011/11/03 11:41:34 | 004,493,312 | ---- | M] () -- C:\Users\dloomis\Documents\OCM Call Tracker.accdb
========== Files Created - No Company Name ========== [2011/11/27 14:31:17 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/27 12:43:19 | 000,007,470 | -HS- | C] () -- C:\Users\dloomis\AppData\Local\041730n6j756f472t653x1hmb4g0
[2011/11/27 12:43:19 | 000,007,470 | -HS- | C] () -- C:\ProgramData\041730n6j756f472t653x1hmb4g0
[2011/11/27 08:55:49 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/11/27 01:21:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/27 01:21:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/27 01:21:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/27 01:21:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/27 01:21:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/26 22:24:37 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127UA.job
[2011/11/26 22:24:35 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127Core.job
[2011/11/26 18:14:45 | 000,001,899 | ---- | C] () -- C:\Users\dloomis\Desktop\Compass Sherpa.lnk
[2011/11/26 18:00:07 | 000,002,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compass Sherpa.lnk
[2011/11/26 17:05:44 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/11/26 11:42:48 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000UA.job
[2011/11/26 11:42:47 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000Core.job
[2011/11/25 16:14:15 | 000,000,336 | ---- | C] () -- C:\ProgramData\IoohtsDmVFndjq
[2011/11/23 12:15:21 | 000,000,441 | ---- | C] () -- C:\Users\dloomis\Documents\ChatLog Print Submission Webinar 2011_11_23 12_15.rtf
[2011/11/22 16:30:09 | 003,409,919 | ---- | C] () -- C:\Users\dloomis\Desktop\websubmission.pdf
[2011/11/21 09:07:04 | 000,007,597 | ---- | C] () -- C:\Users\dloomis\AppData\Local\Resmon.ResmonCfg
[2011/11/16 11:28:59 | 000,383,432 | ---- | C] () -- C:\Users\dloomis\Desktop\OCM Comments.pdf
[2011/11/09 11:35:17 | 000,965,838 | ---- | C] () -- C:\Users\dloomis\Desktop\Faxcore_ PO.pdf
[2011/11/09 09:50:41 | 000,071,125 | ---- | C] () -- C:\Users\dloomis\Desktop\GroupReport.pdf
[2011/11/04 22:09:48 | 000,018,281 | ---- | C] () -- C:\Users\dloomis\Desktop\success.csv
[2011/08/30 08:13:19 | 000,024,052 | ---- | C] () -- C:\Windows\net32.bin
[2011/08/15 09:54:03 | 000,159,836 | ---- | C] () -- C:\Windows\_isusr32.dll
[2011/08/15 09:54:03 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\_isusr2k.dll
[2011/08/06 11:10:29 | 000,026,427 | ---- | C] () -- C:\Windows\CSTBox.INI
[2011/07/12 19:27:10 | 000,000,088 | -HS- | C] () -- C:\ProgramData\763428A7D1.sys
[2011/06/14 17:09:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/06/13 12:06:59 | 000,000,244 | ---- | C] () -- C:\Windows\omd.ini
[2011/06/10 22:01:56 | 000,884,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/10 15:22:39 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/06/09 12:53:11 | 000,002,820 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/06/04 07:34:14 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/06/04 07:34:14 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/06/04 07:34:13 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/06/04 07:16:54 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/09/09 10:45:18 | 000,039,800 | ---- | C] () -- C:\Windows\SysWow64\secbuild.dll
[2009/09/09 10:45:10 | 000,030,072 | ---- | C] () -- C:\Windows\SysWow64\sectools.dll
[2009/09/09 10:44:56 | 000,055,160 | ---- | C] () -- C:\Windows\SysWow64\nlem32nt.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/12 12:35:00 | 000,857,307 | ---- | C] () -- C:\Windows\SysWow64\SSCProt.dll
[2007/10/29 23:26:30 | 000,516,096 | ---- | C] () -- C:\Windows\SysWow64\IntactResources.dll
[2006/01/13 10:19:06 | 000,000,837 | ---- | C] () -- C:\Windows\SysWow64\noise.dat
[2005/06/03 14:54:06 | 000,002,545 | ---- | C] () -- C:\Windows\SysWow64\stemming.dat
[2002/04/16 08:14:44 | 001,683,456 | R--- | C] () -- C:\Windows\SysWow64\Ltclr13n.dll
[2002/04/16 08:14:44 | 000,118,784 | R--- | C] () -- C:\Windows\SysWow64\Lfkodak.dll
[2002/04/16 08:14:42 | 000,338,944 | R--- | C] () -- C:\Windows\SysWow64\Lffpx7.dll
[2001/01/19 14:02:46 | 000,003,769 | ---- | C] () -- C:\Windows\SysWow64\OPTIONS.DAT
< End of report >
____________________-
OTL Extras logfile created on: 11/27/2011 3:29:39 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\dloomis\Desktop\geeks
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.89 Gb Total Physical Memory | 4.79 Gb Available Physical Memory | 60.74% Memory free
15.78 Gb Paging File | 12.44 Gb Available in Paging File | 78.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.96 Gb Total Space | 313.57 Gb Free Space | 69.84% Space Free | Partition Type: NTFS
Drive E: | 3.62 Gb Total Space | 3.24 Gb Free Space | 89.53% Space Free | Partition Type: FAT32
Drive O: | 448.96 Gb Total Space | 313.57 Gb Free Space | 69.84% Space Free | Partition Type: CSC-CACHE
Drive Q: | 15.62 Gb Total Space | 6.73 Gb Free Space | 43.08% Space Free | Partition Type: NTFS
Computer Name: DL-ITDEPT | User Name: dloomis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- "%1" %*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel® PROSet/Wireless WiFi Software
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.VISIOR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0409-1000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.VISIOR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.VISIOR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows Driver Package - Intel System (09/10/2010 9.2.0.1011)
"466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)
"6D23A494E9A245843FB8584D9307D3E328DF8613" = Windows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0)
"77A943AB876C131591E0EA5DB6AB08D89EE2EA9E" = Windows Driver Package - Synaptics (SynTP) Mouse (02/17/2011 15.2.14.0)
"90FD26A77B849AE03FF5F07A1CDA7F950406A8D8" = Windows Driver Package - Intel (MEIx64) System (10/19/2010 7.0.0.1144)
"A513FC5E5A08D4EF27F234E91E0E942A0234210B" = Windows Driver Package - Intel System (09/10/2010 9.2.0.1011)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"D97688B8E3830BF9820E15EB8D9552DCBF988CFD" = Windows Driver Package - Intel USB (09/16/2010 9.2.0.1013)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"FE1BEBFD475BB832AAF104F5C63348E98A9286DF" = Windows Driver Package - Intel System (10/04/2010 9.2.0.1015)
"HitmanPro35" = Hitman Pro 3.5
"Intact Printer_is1" = Intact Printer (novaPDF OEM 7.3 printer)
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Lexmark_HostCD" = Lexmark Software Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"WinRAR archiver" = WinRAR 4.01 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BA0F407-4A89-469C-9BED-6F0405686BF9}" = Compass Sherpa
"{0dff3440-a901-11dc-8314-0800200c9a66}" = Inter-Tel Collaboration Client 2.0
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{151746D8-8BAB-4111-9411-0C8886C66CCF}" = Intact Books SMART Server
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (INTACT)
"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel® Identity Protection Technology 1.0.71.0
"{3172C1B0-8275-479D-9FE3-B3B448B983ED}" = Intact SMART Office 2010
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3F9D4E76-4035-43CC-8C27-2942533F7B76}" = Intact Infusion
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47034EC8-418F-43C0-A6A9-D7342EA7BD64}" = Intact OSA 3
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{594F633A-1CC2-432A-ACCA-5B49594A6490}" = Intact Work SMART Server
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5F4877C6-E074-4AB1-AFF7-27F0B23A7572}" = Intact SMART
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C73CCC-DBC3-4864-B0EA-5E2EFC0B5C1D}" = C3400 Series GDI Driver from OKI® Printing Solutions for Windows
"{6A00D155-C954-41E5-82AA-3A934005B4C1}" = Intact Web SMART
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7139C864-6D17-4C2E-97B9-82F25576080D}" = QBFC 8.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8664FCE8-F91A-42BC-927C-AA318185E5EA}" = Sharpdesk
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{901C0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{90890A23-9FE8-4230-BC2E-F6578ACDDF6E}" = IRISCard Anywhere 4
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9583E990-868C-4BE3-98FE-D48043C844BF}" = Cardiris Pro 5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AF08C71F-F822-4416-87A9-2BBF5A8A5F12}" = VMware Server
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1141
"{BCAB141B-694F-4E27-BE14-0D278425AB43}" = Sharp OSA Simulator
"{C06C5E34-308C-481A-8CA3-0EA2BF2E4D64}" = Intact SMART Server
"{C62538F0-66AB-4BCE-BDD2-A556547AD9BE}" = pcProx
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D06E61A3-6443-4B6D-8D58-D586367481EF}" = Remark Office OMR 7.0.2
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2F28E39-9813-41D3-8EC9-BAADA38C426D}" = VMware Remote Console Plug-in
"{D391CD6B-92BB-449D-99C0-B2242AD0F57E}" = Compass Opportunity Manager
"{D3EA8D81-AE81-4025-9A55-2BD3511FA4EA}" = Intact Books SMART for Quickbooks
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D9E2A69F-7313-4B47-ADEF-BD7EB7CD5001}" = iMPS Enterprise
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E327C2A5-E236-44C4-A410-B899403A49A9}" = ES3640e MFP Series PS Driver from OKI® Printing Solutions for Windows Vista x64 Edition & Windows Vista
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F088B95F-4DB5-4AA5-B685-656F2F4F26E1}" = OMD
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F62F729E-8325-42B5-89AB-0C4C09B88AA7}" = Intact Sample Database
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.10.18.02
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveTouchMeetingClient" = WebEx
"avast" = avast! Free Antivirus
"Equitrac Reader Maintainer_is1" = Equitrac Reader Maintainer 1.05.01
"hMailServer_is1" = hMailServer 5.3.3-B1879
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{BCAB141B-694F-4E27-BE14-0D278425AB43}" = Sharp OSA Simulator
"InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"InstallShield_{D06E61A3-6443-4B6D-8D58-D586367481EF}" = Remark Office OMR 7.0.2
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Lenovo Welcome_is1" = Lenovo Welcome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NetLib Encryptionizer DE Distribution-2008.6.22.0" = NetLib Encryptionizer DE Distribution
"RealVNC_is1" = VNC Free Edition 4.1.3
"SHARP MX-M283 M363 M423 M453 M503 Series PC-Fax Driver" = SHARP MX-B,M Series PC-Fax Driver
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.2
"WorkgroupShareClient" = WorkgroupShare Client
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.8.0.723
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 11/27/2011 4:09:06 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = MSSQL$INTACT | ID = 17187
Description = SQL Server is not ready to accept new client connections. Wait a few
minutes before trying again. If you have access to the error log, look for the
informational message that indicates that SQL Server is ready before trying to connect
again. [CLIENT: <local machine>]
Error - 11/27/2011 4:09:06 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = MSSQL$INTACT | ID = 17187
Description = SQL Server is not ready to accept new client connections. Wait a few
minutes before trying again. If you have access to the error log, look for the
informational message that indicates that SQL Server is ready before trying to connect
again. [CLIENT: <local machine>]
Error - 11/27/2011 4:09:08 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = MSSQL$INTACT | ID = 17187
Description = SQL Server is not ready to accept new client connections. Wait a few
minutes before trying again. If you have access to the error log, look for the
informational message that indicates that SQL Server is ready before trying to connect
again. [CLIENT: <local machine>]
Error - 11/27/2011 4:09:08 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = MSSQL$INTACT | ID = 17187
Description = SQL Server is not ready to accept new client connections. Wait a few
minutes before trying again. If you have access to the error log, look for the
informational message that indicates that SQL Server is ready before trying to connect
again. [CLIENT: <local machine>]
Error - 11/27/2011 4:09:08 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = IntactActionService | ID = 0
Description = Service cannot be started. Intact.BusinessLayer.IntactException: Intact
Execption ---> System.Data.SqlClient.SqlException: A connection was successfully
established with the server, but then an error occurred during the login process.
(provider: Shared Memory Provider, error: 0 - No process is on the other end of
the pipe.) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) at System.Data.SqlClient.TdsParserStateObject.ReadSniError(TdsParserStateObject
stateObj, UInt32 error) at System.Data.SqlClient.TdsParserStateObject.ReadSni(DbAsyncResult
asyncResult, TdsParserStateObject stateObj) at System.Data.SqlClient.TdsParserStateObject.ReadNetworkPacket()
at System.Data.SqlClient.TdsParserStateObject.ReadBuffer() at System.Data.SqlClient.TdsParserStateObject.ReadByte()
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler,
SqlDataRea...
Error - 11/27/2011 4:09:16 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = WinMgmt | ID = 10
Description =
Error - 11/27/2011 4:09:20 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: C:\Virtual Machines\Windows XP\Windows XP.vmx
Error - 11/27/2011 4:09:21 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: C:\Virtual Machines\2008Server_1\2008Server.vmx
Error - 11/27/2011 4:09:22 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: C:\Virtual Machines\2003Server\2003Server.vmx
Error - 11/27/2011 4:09:23 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: C:\Virtual Machines\2008Server-32\2008Server-32.vmx
[ Intact Action Service Log Events ]
Error - 6/28/2011 5:18:20 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description =
Error - 6/28/2011 5:18:25 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description =
Error - 6/28/2011 5:18:30 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description =
Error - 7/13/2011 6:49:58 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description = System.Exception: Intact.BusinessLayer.IntactException: Intact Execption
---> System.Data.SqlClient.SqlException: A transport-level error has occurred when
sending the request to the server. (provider: TCP Provider, error: 0 - An existing
connection was forcibly closed by the remote host.) at System.Data.SqlClient.SqlConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) at System.Data.SqlClient.TdsParserStateObject.WriteSni() at System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte
flushMode) at System.Data.SqlClient.TdsParserStateObject.ExecuteFlush() at
System.Data.SqlClient.TdsParser.TdsExecuteRPC(_SqlRPC[] rpcArray, Int32 timeout,
Boolean inSchema, SqlNotificationRequest notificationRequest, TdsParserStateObject
stateObj, Boolean isCommandProc) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior
cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) at
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior
behavior, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader()
at Intact.BusinessLayer.cLocation.LoadDefaultLocation() --- End of inner exception
stack trace --- at Intact.BusinessLayer.cLocation.LoadDefaultLocation() at
Intact.Services.HotFolder.HotFolderProcess.ProcessFolders() at Intact.Services.HotFolder.HotFolderService.ExecuteService()
at Intact.Services.svc_PreProcessor.startProcessing(IPreProcessor aoPP)
Error - 7/28/2011 7:07:58 AM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description = System.Exception: Intact.BusinessLayer.IntactException: Intact Execption
---> System.Data.SqlClient.SqlException: A transport-level error has occurred when
sending the request to the server. (provider: TCP Provider, error: 0 - An existing
connection was forcibly closed by the remote host.) at System.Data.SqlClient.SqlConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) at System.Data.SqlClient.TdsParserStateObject.WriteSni() at System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte
flushMode) at System.Data.SqlClient.TdsParserStateObject.ExecuteFlush() at
System.Data.SqlClient.TdsParser.TdsExecuteRPC(_SqlRPC[] rpcArray, Int32 timeout,
Boolean inSchema, SqlNotificationRequest notificationRequest, TdsParserStateObject
stateObj, Boolean isCommandProc) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior
cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) at
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior
behavior, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader()
at Intact.BusinessLayer.cLocation.LoadDefaultLocation() --- End of inner exception
stack trace --- at Intact.BusinessLayer.cLocation.LoadDefaultLocation() at
Intact.Services.HotFolder.HotFolderProcess.ProcessFolders() at Intact.Services.HotFolder.HotFolderService.ExecuteService()
at Intact.Services.svc_PreProcessor.startProcessing(IPreProcessor aoPP)
Error - 8/24/2011 9:36:28 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description = System.Exception: Intact.BusinessLayer.IntactException: Intact Execption
---> System.Data.SqlClient.SqlException: A transport-level error has occurred when
sending the request to the server. (provider: TCP Provider, error: 0 - An existing
connection was forcibly closed by the remote host.) at System.Data.SqlClient.SqlConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) at System.Data.SqlClient.TdsParserStateObject.WriteSni() at System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte
flushMode) at System.Data.SqlClient.TdsParserStateObject.ExecuteFlush() at
System.Data.SqlClient.TdsParser.TdsExecuteRPC(_SqlRPC[] rpcArray, Int32 timeout,
Boolean inSchema, SqlNotificationRequest notificationRequest, TdsParserStateObject
stateObj, Boolean isCommandProc) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior
cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) at
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior
behavior, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader()
at Intact.BusinessLayer.cLocation.LoadDefaultLocation() --- End of inner exception
stack trace --- at Intact.BusinessLayer.cLocation.LoadDefaultLocation() at
Intact.Services.HotFolder.HotFolderProcess.ProcessFolders() at Intact.Services.HotFolder.HotFolderService.ExecuteService()
at Intact.Services.svc_PreProcessor.startProcessing(IPreProcessor aoPP)
Error - 8/24/2011 9:36:28 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description = System.Exception: Intact.BusinessLayer.IntactException: Intact Execption
---> System.Data.SqlClient.SqlException: A transport-level error has occurred when
sending the request to the server. (provider: TCP Provider, error: 0 - An existing
connection was forcibly closed by the remote host.) at System.Data.SqlClient.SqlConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) at System.Data.SqlClient.TdsParserStateObject.WriteSni() at System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte
flushMode) at System.Data.SqlClient.TdsParserStateObject.ExecuteFlush() at
System.Data.SqlClient.TdsParser.TdsExecuteRPC(_SqlRPC[] rpcArray, Int32 timeout,
Boolean inSchema, SqlNotificationRequest notificationRequest, TdsParserStateObject
stateObj, Boolean isCommandProc) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior
cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) at
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior
behavior, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader()
at Intact.BusinessLayer.cLocation.LoadDefaultLocation() --- End of inner exception
stack trace --- at Intact.BusinessLayer.cLocation.LoadDefaultLocation() at
Intact.Services.HotFolder.HotFolderProcess.ProcessFolders() at Intact.Services.HotFolder.HotFolderService.ExecuteService()
at Intact.Services.svc_PreProcessor.startProcessing(IPreProcessor aoPP)
Error - 8/25/2011 7:13:40 AM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description = GE: System.ObjectDisposedException: Cannot access a disposed object.
Object
name: 'Timer'. at System.Timers.Timer.set_Enabled(Boolean value) at System.Timers.Timer.Start()
at Intact.Services.svc_PreProcessor.AdjustTimers(Timer currentTime)
Error - 10/6/2011 8:03:30 AM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description = GE: System.ObjectDisposedException: Cannot access a disposed object.
Object
name: 'Timer'. at System.Timers.Timer.set_Enabled(Boolean value) at System.Timers.Timer.Start()
at Intact.Services.svc_PreProcessor.AdjustTimers(Timer currentTime)
Error - 10/6/2011 8:03:30 AM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description = GE: System.ObjectDisposedException: Cannot access a disposed object.
Object
name: 'Timer'. at System.Timers.Timer.set_Enabled(Boolean value) at System.Timers.Timer.Start()
at Intact.Services.svc_PreProcessor.AdjustTimers(Timer currentTime)
[ Lenovo-Message Center Plus/Admin Events ]
Error - 7/31/2011 9:30:09 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
does not have a Lenovo Digital Signature. The file will be deleted
[ System Events ]
Error - 11/27/2011 4:08:57 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain MANNING due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.
Error - 11/27/2011 4:08:56 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Service Control Manager | ID = 7000
Description = The Windows Firewall Authorization Driver service failed to start
due to the following error: %%183
Error - 11/27/2011 4:08:56 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Service Control Manager | ID = 7001
Description = The Windows Firewall service depends on the Windows Firewall Authorization
Driver service which failed to start because of the following error: %%183
Error - 11/27/2011 4:08:58 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Microsoft-Windows-GroupPolicy | ID = 1055
Description = The processing of Group Policy failed. Windows could not resolve the
computer name. This could be caused by one of more of the following: a) Name Resolution
failure on the current domain controller. b) Active Directory Replication Latency
(an account created on another domain controller has not replicated to the current
domain controller).
Error - 11/27/2011 4:09:01 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
Error - 11/27/2011 4:09:04 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
Error - 11/27/2011 4:09:08 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Error - 11/27/2011 4:09:15 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Service Control Manager | ID = 7034
Description = The HyperW7 Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 11/27/2011 4:09:59 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.
Error - 11/27/2011 4:11:19 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
< End of report >