Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Mevio Redirect


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:files
c:\users\dloomis\AppData\Local\*.exe
c:\windows\system32\consrv.dll
mkdir c:\windows\system32\consrv.dll /c
     
:Commands
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.
  • 0

Advertisements


#17
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Here are the (3) Logs: Boot Log is first

========== PROCESSES ==========
All processes killed
========== FILES ==========
File\Folder c:\users\dloomis\AppData\Local\*.exe not found.
File\Folder c:\windows\system32\consrv.dll not found.
< mkdir c:\windows\system32\consrv.dll /c >
C:\Users\dloomis\Desktop\geeks\cmd.bat deleted successfully.
C:\Users\dloomis\Desktop\geeks\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 11272011_223845

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL logfile created on: 11/27/2011 10:45:33 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\dloomis\Desktop\geeks
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.89 Gb Total Physical Memory | 5.61 Gb Available Physical Memory | 71.12% Memory free
15.78 Gb Paging File | 13.18 Gb Available in Paging File | 83.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.96 Gb Total Space | 309.95 Gb Free Space | 69.04% Space Free | Partition Type: NTFS
Drive O: | 448.96 Gb Total Space | 309.95 Gb Free Space | 69.04% Space Free | Partition Type: CSC-CACHE
Drive Q: | 15.62 Gb Total Space | 6.73 Gb Free Space | 43.08% Space Free | Partition Type: NTFS

Computer Name: DL-ITDEPT | User Name: dloomis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/27 10:54:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\dloomis\Desktop\geeks\OTL.exe
PRC - [2011/09/06 15:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/09/01 19:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\dloomis\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/06/15 12:28:18 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe
PRC - [2011/06/15 12:28:18 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mlauncher.exe
PRC - [2011/06/15 12:28:18 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mcomm.exe
PRC - [2011/03/30 15:24:26 | 000,135,168 | ---- | M] (MWA Intelligence) -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IDM_DCPC_SNMP.exe
PRC - [2011/03/30 08:58:30 | 000,160,768 | ---- | M] (MWA Intelligence) -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IMPSDiscoveryEngine.exe
PRC - [2011/03/30 08:57:32 | 000,046,080 | ---- | M] (MWA Intelligence) -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\IMPSUpdateEngine.exe
PRC - [2011/03/24 14:01:18 | 000,010,240 | ---- | M] (MWA Intelligence) -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\DCPC Watchdog Service.exe
PRC - [2011/03/14 19:04:14 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2011/02/25 20:46:30 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011/02/25 20:46:14 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/03 13:45:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/01/16 20:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/01/16 20:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/29 01:18:32 | 000,137,656 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2010/12/29 01:18:14 | 000,259,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2010/12/14 16:07:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2010/12/01 22:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/11/29 14:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010/11/24 02:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/11/20 22:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/07/01 05:05:32 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\InfoDynamics\Indexer\DocumentIndexingService.exe
PRC - [2010/06/07 06:39:36 | 005,395,968 | ---- | M] (hMailServer) -- C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe
PRC - [2010/04/07 00:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010/04/01 00:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010/03/11 16:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/02/15 17:23:30 | 000,595,208 | ---- | M] (ABBYY) -- C:\Program Files (x86)\InfoDynamics\License Server\EngineDongleManager.exe
PRC - [2009/10/20 16:27:34 | 000,057,344 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\tomcat6.exe
PRC - [2009/10/20 14:22:06 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2009/10/20 14:21:56 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2009/10/20 14:21:20 | 000,322,096 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe
PRC - [2009/10/20 14:21:20 | 000,121,392 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe
PRC - [2009/03/12 15:11:00 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactFTPServer.exe
PRC - [2009/02/25 09:52:50 | 000,049,152 | ---- | M] (InfoDynamics, Inc) -- C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactWebServer.exe
PRC - [2008/01/10 14:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/02/25 20:46:30 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2011/02/25 20:46:14 | 000,040,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011/01/26 06:38:11 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2010/12/18 17:50:36 | 000,962,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/12/17 16:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/17 16:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/12/17 07:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010/12/15 18:46:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/12/03 15:01:54 | 000,116,072 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV:64bit: - [2010/12/02 21:00:56 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2010/12/01 22:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2010/11/24 02:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2010/11/20 22:24:51 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010/11/20 22:24:38 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2010/11/12 04:48:50 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/07 00:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2009/11/05 11:24:00 | 001,044,992 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\LMabcoms.exe -- (lmab_device)
SRV:64bit: - [2009/07/13 20:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 20:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
SRV:64bit: - [2009/07/13 20:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2007/05/29 18:48:04 | 000,020,480 | ---- | M] (Oki Data Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\OPHGLDCS.EXE -- (OKI OPHG DCS Loader)
SRV - [2011/03/30 15:24:26 | 000,135,168 | ---- | M] (MWA Intelligence) [Auto | Running] -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IDM_DCPC_SNMP.exe -- (IDM_DCPC_SNMP)
SRV - [2011/03/30 08:58:30 | 000,160,768 | ---- | M] (MWA Intelligence) [Auto | Running] -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IMPSDiscoveryEngine.exe -- (IMPSDiscoveryEngine)
SRV - [2011/03/30 08:57:32 | 000,046,080 | ---- | M] (MWA Intelligence) [Auto | Running] -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\IMPSUpdateEngine.exe -- (IMPSUpdateEngine)
SRV - [2011/03/24 14:01:18 | 000,010,240 | ---- | M] (MWA Intelligence) [Auto | Running] -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\DCPC Watchdog Service.exe -- (MWAServiceMonitor)
SRV - [2011/03/14 19:04:14 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/03 13:45:00 | 000,155,496 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2011/02/03 13:45:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011/01/16 20:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/01/16 20:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/12/14 16:07:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010/11/29 14:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel®
SRV - [2010/11/20 22:25:10 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/11/20 22:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 22:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 22:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/09/02 13:06:38 | 000,016,896 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\InfoDynamics\IntactActionService\IntactActionService.exe -- (IntactActionService)
SRV - [2010/07/01 05:05:32 | 000,010,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\InfoDynamics\Indexer\DocumentIndexingService.exe -- (DocumentIndexingService)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/06/07 06:39:36 | 005,395,968 | ---- | M] (hMailServer) [Auto | Running] -- C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe -- (hMailServer)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 16:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/15 17:23:30 | 000,595,208 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\InfoDynamics\License Server\EngineDongleManager.exe -- (Engine9DongleManagerService)
SRV - [2009/11/05 11:24:00 | 000,593,920 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\LMabcoms.exe -- (lmab_device)
SRV - [2009/10/20 16:27:34 | 000,057,344 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe -- (VMwareServerWebAccess)
SRV - [2009/10/20 14:22:06 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/20 14:21:56 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/20 14:21:20 | 000,322,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe -- (VMwareHostd)
SRV - [2009/10/20 14:21:20 | 000,121,392 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/09/03 21:22:46 | 000,065,024 | ---- | M] (Gravic) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Gravic\RemarkFTPUtility12.exe -- (Remark FTP Utility)
SRV - [2009/07/13 20:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/23 14:49:56 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/03/12 15:11:00 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactFTPServer.exe -- (IntactFTPServer)
SRV - [2009/02/25 09:52:50 | 000,049,152 | ---- | M] (InfoDynamics, Inc) [Auto | Running] -- C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactWebServer.exe -- (IntactWebServer)
SRV - [2008/01/10 14:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2007/05/24 06:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 15:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 15:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 15:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 15:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 15:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 15:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/06/04 07:28:54 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 22:10:38 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2011/03/10 22:10:30 | 012,264,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/02/17 05:25:02 | 001,419,824 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/02/09 13:48:56 | 001,577,600 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/03 13:45:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2011/02/03 13:45:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2010/12/23 14:55:44 | 000,166,528 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010/12/21 11:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/12/20 11:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®
DRV:64bit: - [2010/12/18 02:58:00 | 000,425,000 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010/12/18 02:57:34 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/12/18 02:57:34 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/12/18 02:57:32 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/12/18 02:57:32 | 000,145,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/12/15 18:45:16 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2010/12/15 18:43:00 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010/12/14 21:12:00 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2010/12/03 15:01:58 | 000,031,592 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 08:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 06:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/12 04:48:30 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2010/11/05 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/09/07 00:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/08/20 23:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/12/02 02:33:30 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/10/20 14:23:48 | 000,076,336 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2009/10/20 14:23:44 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2009/10/20 14:23:36 | 000,065,072 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2009/10/20 14:22:54 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2009/10/20 14:21:10 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2009/10/20 14:21:10 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009/09/24 06:58:38 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2009/09/09 12:38:24 | 000,072,736 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\nlem64nt.sys -- (nlem64nt)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\dloomis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\dloomis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/25 21:07:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/14 17:44:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/06/14 17:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dloomis\AppData\Roaming\mozilla\Extensions
[2011/11/27 08:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/15 07:18:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/25 21:07:14 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\dloomis\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\dloomis\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\dloomis\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\dloomis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\dloomis\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Qualys BrowserCheck = C:\Users\dloomis\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekpjhkjhpbabigpoojijebfpficekjp\1.3.23.1_0\

O1 HOSTS File: ([2011/11/27 19:28:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - Startup: C:\Users\dloomis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\dloomis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll (VMware, Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} https://browsercheck....com/qbc_ax.cab (Qualys BrowserCheck)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} http://75.147.67.38:...dows-i586-p.exe (Java Plug-in)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://lexmark-even...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MANNING.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D1B0F2F-6668-45DA-ABF9-F27D23542FD6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25061D1D-6EF0-4AA5-9098-2491B61CC892}: NameServer = 132.145.80.89
O18:64bit: - Protocol\Handler\intu-help-qb1 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\sds - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\sds {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files (x86)\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/27 08:55:49 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/27 22:38:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\consrv.dll
[2011/11/27 22:38:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/27 19:57:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/27 18:36:39 | 000,000,000 | ---D | C] -- C:\george
[2011/11/27 18:16:45 | 004,309,802 | R--- | C] (Swearware) -- C:\Users\dloomis\Desktop\george.exe
[2011/11/27 15:03:19 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\geeks
[2011/11/27 15:02:48 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\dloomis\Desktop\aswMBR.exe
[2011/11/27 14:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/27 10:03:34 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\GooredFix Backups
[2011/11/27 09:43:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/11/27 09:43:56 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/27 09:01:52 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Local\CrashDumps
[2011/11/27 08:55:37 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/11/27 08:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/11/27 08:54:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/11/27 08:31:31 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\dloomis\Desktop\tdsskiller.exe
[2011/11/27 08:19:55 | 000,065,072 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmci.sys
[2011/11/27 08:19:51 | 000,038,448 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2011/11/27 08:19:49 | 000,076,336 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2011/11/27 08:19:10 | 000,326,192 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2011/11/27 08:19:06 | 000,399,920 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2011/11/27 08:19:05 | 000,030,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2011/11/27 08:18:58 | 000,920,112 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2011/11/27 01:21:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/27 01:21:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/27 01:21:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/27 01:20:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/27 01:14:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/27 00:43:05 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/11/27 00:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/11/27 00:42:25 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Documents\Symantec
[2011/11/27 00:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/11/27 00:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2011/11/27 00:32:35 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Local\ID Vault
[2011/11/27 00:31:18 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\ID Vault
[2011/11/27 00:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Constant Guard Protection Suite
[2011/11/27 00:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\White Sky, Inc
[2011/11/27 00:22:46 | 000,000,000 | ---D | C] -- C:\Users\dloomis\DoctorWeb
[2011/11/26 22:35:49 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\qualys
[2011/11/26 22:25:12 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/11/26 22:24:34 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Local\Google
[2011/11/26 19:51:03 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware
[2011/11/26 19:21:20 | 532,132,088 | ---- | C] (VMware, Inc.) -- C:\VMware-server-2.0.2-203138.exe
[2011/11/26 19:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2011/11/26 18:24:13 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\ABBYY FineReader Engine 9.0
[2011/11/26 18:24:13 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Local\ABBYY FineReader Engine 9.0
[2011/11/26 18:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sherpa
[2011/11/26 17:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Business Objects
[2011/11/26 17:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/11/26 17:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/11/26 15:35:20 | 000,000,000 | ---D | C] -- C:\Copy of VMware
[2011/11/26 12:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/11/26 10:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/11/26 10:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/11/25 23:00:36 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\Malwarebytes
[2011/11/25 23:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/25 23:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/25 21:21:30 | 532,132,088 | ---- | C] (VMware, Inc.) -- C:\Users\dloomis\Desktop\VMware-server-2.0.2-203138.exe
[2011/11/21 09:08:55 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\OMD
[2011/11/08 14:03:46 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\Panasonic
[2011/11/07 09:31:53 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\6420-1055_equitrac_medusa_1_12_08
[2011/11/07 08:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Equitrac
[2011/11/07 08:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Equitrac
[2011/10/30 17:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/30 17:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/30 17:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/30 17:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/30 17:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/30 17:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/08/30 20:48:53 | 001,040,384 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabserv.dll
[2011/08/30 20:48:53 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcomc.dll
[2011/08/30 20:48:53 | 000,593,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcoms.exe
[2011/08/30 20:48:53 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcomm.dll
[2011/08/30 20:48:53 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabhcp.dll

========== Files - Modified Within 30 Days ==========

[2011/11/27 22:47:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000UA.job
[2011/11/27 22:40:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/27 22:39:44 | 2058,801,151 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/27 22:29:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127UA.job
[2011/11/27 22:29:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127Core.job
[2011/11/27 21:35:29 | 000,931,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/27 21:35:29 | 000,771,534 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/27 21:35:29 | 000,160,578 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/27 21:35:29 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 21:35:29 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 19:28:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/27 16:35:38 | 000,080,384 | ---- | M] () -- C:\Users\dloomis\Desktop\MBRCheck.exe
[2011/11/27 15:58:10 | 000,920,384 | ---- | M] () -- C:\Users\dloomis\Desktop\Norton_Removal_Tool.exe
[2011/11/27 15:02:49 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\dloomis\Desktop\aswMBR.exe
[2011/11/27 15:02:12 | 004,309,802 | R--- | M] (Swearware) -- C:\Users\dloomis\Desktop\george.exe
[2011/11/27 14:31:17 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/27 12:54:12 | 000,007,470 | -HS- | M] () -- C:\Users\dloomis\AppData\Local\041730n6j756f472t653x1hmb4g0
[2011/11/27 12:54:12 | 000,007,470 | -HS- | M] () -- C:\ProgramData\041730n6j756f472t653x1hmb4g0
[2011/11/27 10:26:22 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/11/27 08:55:49 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/11/27 08:31:31 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\dloomis\Desktop\tdsskiller.exe
[2011/11/26 18:14:45 | 000,001,899 | ---- | M] () -- C:\Users\dloomis\Desktop\Compass Sherpa.lnk
[2011/11/26 17:05:44 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/11/26 11:47:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000Core.job
[2011/11/25 21:26:07 | 532,132,088 | ---- | M] (VMware, Inc.) -- C:\VMware-server-2.0.2-203138.exe
[2011/11/25 21:26:07 | 532,132,088 | ---- | M] (VMware, Inc.) -- C:\Users\dloomis\Desktop\VMware-server-2.0.2-203138.exe
[2011/11/25 21:11:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/25 16:14:15 | 000,000,336 | ---- | M] () -- C:\ProgramData\IoohtsDmVFndjq
[2011/11/23 13:19:25 | 000,002,008 | -H-- | M] () -- C:\Users\dloomis\Documents\Default.rdp
[2011/11/23 12:15:21 | 000,000,441 | ---- | M] () -- C:\Users\dloomis\Documents\ChatLog Print Submission Webinar 2011_11_23 12_15.rtf
[2011/11/22 16:30:09 | 003,409,919 | ---- | M] () -- C:\Users\dloomis\Desktop\websubmission.pdf
[2011/11/21 09:07:47 | 000,001,890 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/11/21 09:07:04 | 000,007,597 | ---- | M] () -- C:\Users\dloomis\AppData\Local\Resmon.ResmonCfg
[2011/11/19 18:01:36 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/16 11:28:59 | 000,383,432 | ---- | M] () -- C:\Users\dloomis\Desktop\OCM Comments.pdf
[2011/11/14 19:14:42 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/11/10 15:01:00 | 000,456,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/09 11:35:17 | 000,965,838 | ---- | M] () -- C:\Users\dloomis\Desktop\Faxcore_ PO.pdf
[2011/11/09 09:50:41 | 000,071,125 | ---- | M] () -- C:\Users\dloomis\Desktop\GroupReport.pdf
[2011/11/04 22:09:48 | 000,018,281 | ---- | M] () -- C:\Users\dloomis\Desktop\success.csv
[2011/11/03 11:41:34 | 004,493,312 | ---- | M] () -- C:\Users\dloomis\Documents\OCM Call Tracker.accdb

========== Files Created - No Company Name ==========

[2011/11/27 16:35:38 | 000,080,384 | ---- | C] () -- C:\Users\dloomis\Desktop\MBRCheck.exe
[2011/11/27 15:58:10 | 000,920,384 | ---- | C] () -- C:\Users\dloomis\Desktop\Norton_Removal_Tool.exe
[2011/11/27 14:31:17 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/27 12:43:19 | 000,007,470 | -HS- | C] () -- C:\Users\dloomis\AppData\Local\041730n6j756f472t653x1hmb4g0
[2011/11/27 12:43:19 | 000,007,470 | -HS- | C] () -- C:\ProgramData\041730n6j756f472t653x1hmb4g0
[2011/11/27 08:55:49 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/11/27 01:21:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/27 01:21:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/27 01:21:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/27 01:21:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/27 01:21:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/26 22:24:37 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127UA.job
[2011/11/26 22:24:35 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127Core.job
[2011/11/26 18:14:45 | 000,001,899 | ---- | C] () -- C:\Users\dloomis\Desktop\Compass Sherpa.lnk
[2011/11/26 18:00:07 | 000,002,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compass Sherpa.lnk
[2011/11/26 17:05:44 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/11/26 11:42:48 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000UA.job
[2011/11/26 11:42:47 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000Core.job
[2011/11/25 16:14:15 | 000,000,336 | ---- | C] () -- C:\ProgramData\IoohtsDmVFndjq
[2011/11/23 12:15:21 | 000,000,441 | ---- | C] () -- C:\Users\dloomis\Documents\ChatLog Print Submission Webinar 2011_11_23 12_15.rtf
[2011/11/22 16:30:09 | 003,409,919 | ---- | C] () -- C:\Users\dloomis\Desktop\websubmission.pdf
[2011/11/21 09:07:04 | 000,007,597 | ---- | C] () -- C:\Users\dloomis\AppData\Local\Resmon.ResmonCfg
[2011/11/16 11:28:59 | 000,383,432 | ---- | C] () -- C:\Users\dloomis\Desktop\OCM Comments.pdf
[2011/11/09 11:35:17 | 000,965,838 | ---- | C] () -- C:\Users\dloomis\Desktop\Faxcore_ PO.pdf
[2011/11/09 09:50:41 | 000,071,125 | ---- | C] () -- C:\Users\dloomis\Desktop\GroupReport.pdf
[2011/11/04 22:09:48 | 000,018,281 | ---- | C] () -- C:\Users\dloomis\Desktop\success.csv
[2011/08/30 08:13:19 | 000,024,052 | ---- | C] () -- C:\Windows\net32.bin
[2011/08/15 09:54:03 | 000,159,836 | ---- | C] () -- C:\Windows\_isusr32.dll
[2011/08/15 09:54:03 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\_isusr2k.dll
[2011/08/06 11:10:29 | 000,026,427 | ---- | C] () -- C:\Windows\CSTBox.INI
[2011/07/12 19:27:10 | 000,000,088 | -HS- | C] () -- C:\ProgramData\763428A7D1.sys
[2011/06/14 17:09:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/06/13 12:06:59 | 000,000,244 | ---- | C] () -- C:\Windows\omd.ini
[2011/06/10 22:01:56 | 000,884,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/10 15:22:39 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/06/09 12:53:11 | 000,002,820 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/06/04 07:34:14 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/06/04 07:34:14 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/06/04 07:34:13 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/06/04 07:16:54 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/09/09 10:45:18 | 000,039,800 | ---- | C] () -- C:\Windows\SysWow64\secbuild.dll
[2009/09/09 10:45:10 | 000,030,072 | ---- | C] () -- C:\Windows\SysWow64\sectools.dll
[2009/09/09 10:44:56 | 000,055,160 | ---- | C] () -- C:\Windows\SysWow64\nlem32nt.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/12 12:35:00 | 000,857,307 | ---- | C] () -- C:\Windows\SysWow64\SSCProt.dll
[2007/10/29 23:26:30 | 000,516,096 | ---- | C] () -- C:\Windows\SysWow64\IntactResources.dll
[2006/01/13 10:19:06 | 000,000,837 | ---- | C] () -- C:\Windows\SysWow64\noise.dat
[2005/06/03 14:54:06 | 000,002,545 | ---- | C] () -- C:\Windows\SysWow64\stemming.dat
[2002/04/16 08:14:44 | 001,683,456 | R--- | C] () -- C:\Windows\SysWow64\Ltclr13n.dll
[2002/04/16 08:14:44 | 000,118,784 | R--- | C] () -- C:\Windows\SysWow64\Lfkodak.dll
[2002/04/16 08:14:42 | 000,338,944 | R--- | C] () -- C:\Windows\SysWow64\Lffpx7.dll
[2001/01/19 14:02:46 | 000,003,769 | ---- | C] () -- C:\Windows\SysWow64\OPTIONS.DAT

< End of report >


OTL Extras logfile created on: 11/27/2011 10:45:33 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\dloomis\Desktop\geeks
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.89 Gb Total Physical Memory | 5.61 Gb Available Physical Memory | 71.12% Memory free
15.78 Gb Paging File | 13.18 Gb Available in Paging File | 83.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.96 Gb Total Space | 309.95 Gb Free Space | 69.04% Space Free | Partition Type: NTFS
Drive O: | 448.96 Gb Total Space | 309.95 Gb Free Space | 69.04% Space Free | Partition Type: CSC-CACHE
Drive Q: | 15.62 Gb Total Space | 6.73 Gb Free Space | 43.08% Space Free | Partition Type: NTFS

Computer Name: DL-ITDEPT | User Name: dloomis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- "%1" %*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel® PROSet/Wireless WiFi Software
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.VISIOR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0409-1000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.VISIOR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.VISIOR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows Driver Package - Intel System (09/10/2010 9.2.0.1011)
"466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)
"6D23A494E9A245843FB8584D9307D3E328DF8613" = Windows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0)
"77A943AB876C131591E0EA5DB6AB08D89EE2EA9E" = Windows Driver Package - Synaptics (SynTP) Mouse (02/17/2011 15.2.14.0)
"90FD26A77B849AE03FF5F07A1CDA7F950406A8D8" = Windows Driver Package - Intel (MEIx64) System (10/19/2010 7.0.0.1144)
"A513FC5E5A08D4EF27F234E91E0E942A0234210B" = Windows Driver Package - Intel System (09/10/2010 9.2.0.1011)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"D97688B8E3830BF9820E15EB8D9552DCBF988CFD" = Windows Driver Package - Intel USB (09/16/2010 9.2.0.1013)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"FE1BEBFD475BB832AAF104F5C63348E98A9286DF" = Windows Driver Package - Intel System (10/04/2010 9.2.0.1015)
"HitmanPro35" = Hitman Pro 3.5
"Intact Printer_is1" = Intact Printer (novaPDF OEM 7.3 printer)
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Lexmark_HostCD" = Lexmark Software Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BA0F407-4A89-469C-9BED-6F0405686BF9}" = Compass Sherpa
"{0dff3440-a901-11dc-8314-0800200c9a66}" = Inter-Tel Collaboration Client 2.0
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{151746D8-8BAB-4111-9411-0C8886C66CCF}" = Intact Books SMART Server
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (INTACT)
"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel® Identity Protection Technology 1.0.71.0
"{3172C1B0-8275-479D-9FE3-B3B448B983ED}" = Intact SMART Office 2010
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3F9D4E76-4035-43CC-8C27-2942533F7B76}" = Intact Infusion
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47034EC8-418F-43C0-A6A9-D7342EA7BD64}" = Intact OSA 3
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{594F633A-1CC2-432A-ACCA-5B49594A6490}" = Intact Work SMART Server
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5F4877C6-E074-4AB1-AFF7-27F0B23A7572}" = Intact SMART
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C73CCC-DBC3-4864-B0EA-5E2EFC0B5C1D}" = C3400 Series GDI Driver from OKI® Printing Solutions for Windows
"{6A00D155-C954-41E5-82AA-3A934005B4C1}" = Intact Web SMART
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7139C864-6D17-4C2E-97B9-82F25576080D}" = QBFC 8.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8664FCE8-F91A-42BC-927C-AA318185E5EA}" = Sharpdesk
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{901C0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{90890A23-9FE8-4230-BC2E-F6578ACDDF6E}" = IRISCard Anywhere 4
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9583E990-868C-4BE3-98FE-D48043C844BF}" = Cardiris Pro 5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AF08C71F-F822-4416-87A9-2BBF5A8A5F12}" = VMware Server
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1141
"{BCAB141B-694F-4E27-BE14-0D278425AB43}" = Sharp OSA Simulator
"{C06C5E34-308C-481A-8CA3-0EA2BF2E4D64}" = Intact SMART Server
"{C62538F0-66AB-4BCE-BDD2-A556547AD9BE}" = pcProx
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D06E61A3-6443-4B6D-8D58-D586367481EF}" = Remark Office OMR 7.0.2
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2F28E39-9813-41D3-8EC9-BAADA38C426D}" = VMware Remote Console Plug-in
"{D391CD6B-92BB-449D-99C0-B2242AD0F57E}" = Compass Opportunity Manager
"{D3EA8D81-AE81-4025-9A55-2BD3511FA4EA}" = Intact Books SMART for Quickbooks
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D9E2A69F-7313-4B47-ADEF-BD7EB7CD5001}" = iMPS Enterprise
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E327C2A5-E236-44C4-A410-B899403A49A9}" = ES3640e MFP Series PS Driver from OKI® Printing Solutions for Windows Vista x64 Edition & Windows Vista
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F088B95F-4DB5-4AA5-B685-656F2F4F26E1}" = OMD
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F62F729E-8325-42B5-89AB-0C4C09B88AA7}" = Intact Sample Database
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.10.18.02
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveTouchMeetingClient" = WebEx
"avast" = avast! Free Antivirus
"Equitrac Reader Maintainer_is1" = Equitrac Reader Maintainer 1.05.01
"hMailServer_is1" = hMailServer 5.3.3-B1879
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{BCAB141B-694F-4E27-BE14-0D278425AB43}" = Sharp OSA Simulator
"InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"InstallShield_{D06E61A3-6443-4B6D-8D58-D586367481EF}" = Remark Office OMR 7.0.2
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Lenovo Welcome_is1" = Lenovo Welcome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NetLib Encryptionizer DE Distribution-2008.6.22.0" = NetLib Encryptionizer DE Distribution
"RealVNC_is1" = VNC Free Edition 4.1.3
"SHARP MX-M283 M363 M423 M453 M503 Series PC-Fax Driver" = SHARP MX-B,M Series PC-Fax Driver
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.2
"WorkgroupShareClient" = WorkgroupShare Client

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.8.0.723

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/27/2011 10:27:21 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: C:\Virtual Machines\2008Server_1\2008Server.vmx



Error - 11/27/2011 10:27:22 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: C:\Virtual Machines\2003Server\2003Server.vmx



Error - 11/27/2011 10:27:22 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: C:\Virtual Machines\2008Server-32\2008Server-32.vmx



Error - 11/27/2011 11:40:36 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Application Error | ID = 1000
Description = Faulting application name: HyperW7Svc64.exe, version: 1.0.0.1, time
stamp: 0x4cf5de0b Faulting module name: HyperW7Svc64.exe, version: 1.0.0.1, time
stamp: 0x4cf5de0b Exception code: 0xc0000005 Fault offset: 0x000000000000d248 Faulting
process id: 0x3c8 Faulting application start time: 0x01ccad7f7389ee65 Faulting application
path: C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe Faulting module path: C:\Program
Files\Lenovo\RapidBoot\HyperW7Svc64.exe Report Id: bb50d7c2-1972-11e1-90e3-005056c00008

Error - 11/27/2011 11:41:36 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = IntactActionService | ID = 0
Description = Service cannot be started. Intact.BusinessLayer.IntactException: Intact
Execption ---> System.Data.SqlClient.SqlException: A network-related or instance-specific
error occurred while establishing a connection to SQL Server. The server was not
found or was not accessible. Verify that the instance name is correct and that
SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces,
error: 26 - Error Locating Server/Instance Specified) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) at System.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds
connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, Boolean encrypt,
Boolean trustServerCert, Boolean integratedSecurity, SqlConnection owningObject)

at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo
serverInfo, String newPassword, Boolean igno...

Error - 11/27/2011 11:41:55 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = WinMgmt | ID = 10
Description =

Error - 11/27/2011 11:42:09 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: C:\Virtual Machines\Windows XP\Windows XP.vmx



Error - 11/27/2011 11:42:09 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: C:\Virtual Machines\2008Server_1\2008Server.vmx



Error - 11/27/2011 11:42:10 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: C:\Virtual Machines\2003Server\2003Server.vmx



Error - 11/27/2011 11:42:11 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: C:\Virtual Machines\2008Server-32\2008Server-32.vmx



[ Intact Action Service Log Events ]
Error - 6/28/2011 5:18:20 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description =

Error - 6/28/2011 5:18:25 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description =

Error - 6/28/2011 5:18:30 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description =

Error - 7/13/2011 6:49:58 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description = System.Exception: Intact.BusinessLayer.IntactException: Intact Execption
---> System.Data.SqlClient.SqlException: A transport-level error has occurred when
sending the request to the server. (provider: TCP Provider, error: 0 - An existing
connection was forcibly closed by the remote host.) at System.Data.SqlClient.SqlConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) at System.Data.SqlClient.TdsParserStateObject.WriteSni() at System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte
flushMode) at System.Data.SqlClient.TdsParserStateObject.ExecuteFlush() at
System.Data.SqlClient.TdsParser.TdsExecuteRPC(_SqlRPC[] rpcArray, Int32 timeout,
Boolean inSchema, SqlNotificationRequest notificationRequest, TdsParserStateObject
stateObj, Boolean isCommandProc) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior
cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) at
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)

at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior
behavior, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader()
at Intact.BusinessLayer.cLocation.LoadDefaultLocation() --- End of inner exception
stack trace --- at Intact.BusinessLayer.cLocation.LoadDefaultLocation() at
Intact.Services.HotFolder.HotFolderProcess.ProcessFolders() at Intact.Services.HotFolder.HotFolderService.ExecuteService()


at Intact.Services.svc_PreProcessor.startProcessing(IPreProcessor aoPP)

Error - 7/28/2011 7:07:58 AM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description = System.Exception: Intact.BusinessLayer.IntactException: Intact Execption
---> System.Data.SqlClient.SqlException: A transport-level error has occurred when
sending the request to the server. (provider: TCP Provider, error: 0 - An existing
connection was forcibly closed by the remote host.) at System.Data.SqlClient.SqlConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) at System.Data.SqlClient.TdsParserStateObject.WriteSni() at System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte
flushMode) at System.Data.SqlClient.TdsParserStateObject.ExecuteFlush() at
System.Data.SqlClient.TdsParser.TdsExecuteRPC(_SqlRPC[] rpcArray, Int32 timeout,
Boolean inSchema, SqlNotificationRequest notificationRequest, TdsParserStateObject
stateObj, Boolean isCommandProc) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior
cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) at
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)

at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior
behavior, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader()
at Intact.BusinessLayer.cLocation.LoadDefaultLocation() --- End of inner exception
stack trace --- at Intact.BusinessLayer.cLocation.LoadDefaultLocation() at
Intact.Services.HotFolder.HotFolderProcess.ProcessFolders() at Intact.Services.HotFolder.HotFolderService.ExecuteService()


at Intact.Services.svc_PreProcessor.startProcessing(IPreProcessor aoPP)

Error - 8/24/2011 9:36:28 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description = System.Exception: Intact.BusinessLayer.IntactException: Intact Execption
---> System.Data.SqlClient.SqlException: A transport-level error has occurred when
sending the request to the server. (provider: TCP Provider, error: 0 - An existing
connection was forcibly closed by the remote host.) at System.Data.SqlClient.SqlConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) at System.Data.SqlClient.TdsParserStateObject.WriteSni() at System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte
flushMode) at System.Data.SqlClient.TdsParserStateObject.ExecuteFlush() at
System.Data.SqlClient.TdsParser.TdsExecuteRPC(_SqlRPC[] rpcArray, Int32 timeout,
Boolean inSchema, SqlNotificationRequest notificationRequest, TdsParserStateObject
stateObj, Boolean isCommandProc) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior
cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) at
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)

at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior
behavior, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader()
at Intact.BusinessLayer.cLocation.LoadDefaultLocation() --- End of inner exception
stack trace --- at Intact.BusinessLayer.cLocation.LoadDefaultLocation() at
Intact.Services.HotFolder.HotFolderProcess.ProcessFolders() at Intact.Services.HotFolder.HotFolderService.ExecuteService()


at Intact.Services.svc_PreProcessor.startProcessing(IPreProcessor aoPP)

Error - 8/24/2011 9:36:28 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description = System.Exception: Intact.BusinessLayer.IntactException: Intact Execption
---> System.Data.SqlClient.SqlException: A transport-level error has occurred when
sending the request to the server. (provider: TCP Provider, error: 0 - An existing
connection was forcibly closed by the remote host.) at System.Data.SqlClient.SqlConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) at System.Data.SqlClient.TdsParserStateObject.WriteSni() at System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte
flushMode) at System.Data.SqlClient.TdsParserStateObject.ExecuteFlush() at
System.Data.SqlClient.TdsParser.TdsExecuteRPC(_SqlRPC[] rpcArray, Int32 timeout,
Boolean inSchema, SqlNotificationRequest notificationRequest, TdsParserStateObject
stateObj, Boolean isCommandProc) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior
cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) at
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)

at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior,
RunBehavior runBehavior, Boolean returnStream, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior
behavior, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader()
at Intact.BusinessLayer.cLocation.LoadDefaultLocation() --- End of inner exception
stack trace --- at Intact.BusinessLayer.cLocation.LoadDefaultLocation() at
Intact.Services.HotFolder.HotFolderProcess.ProcessFolders() at Intact.Services.HotFolder.HotFolderService.ExecuteService()


at Intact.Services.svc_PreProcessor.startProcessing(IPreProcessor aoPP)

Error - 8/25/2011 7:13:40 AM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description = GE: System.ObjectDisposedException: Cannot access a disposed object.
Object
name: 'Timer'. at System.Timers.Timer.set_Enabled(Boolean value) at System.Timers.Timer.Start()

at Intact.Services.svc_PreProcessor.AdjustTimers(Timer currentTime)

Error - 10/6/2011 8:03:30 AM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description = GE: System.ObjectDisposedException: Cannot access a disposed object.
Object
name: 'Timer'. at System.Timers.Timer.set_Enabled(Boolean value) at System.Timers.Timer.Start()

at Intact.Services.svc_PreProcessor.AdjustTimers(Timer currentTime)

Error - 10/6/2011 8:03:30 AM | Computer Name = DL-ITDEPT.MANNING.local | Source = Intact Action Service | ID = 0
Description = GE: System.ObjectDisposedException: Cannot access a disposed object.
Object
name: 'Timer'. at System.Timers.Timer.set_Enabled(Boolean value) at System.Timers.Timer.Start()

at Intact.Services.svc_PreProcessor.AdjustTimers(Timer currentTime)

[ Lenovo-Message Center Plus/Admin Events ]
Error - 7/31/2011 9:30:09 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
does not have a Lenovo Digital Signature. The file will be deleted

[ System Events ]
Error - 11/27/2011 10:26:56 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 11/27/2011 10:27:54 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 11/27/2011 11:39:04 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = DCOM | ID = 10005
Description =

Error - 11/27/2011 11:39:04 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%1352 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 11/27/2011 11:39:04 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1069

Error - 11/27/2011 11:41:02 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain MANNING due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 11/27/2011 11:41:03 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Microsoft-Windows-GroupPolicy | ID = 1055
Description = The processing of Group Policy failed. Windows could not resolve the
computer name. This could be caused by one of more of the following: a) Name Resolution
failure on the current domain controller. b) Active Directory Replication Latency
(an account created on another domain controller has not replicated to the current
domain controller).

Error - 11/27/2011 11:41:37 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 11/27/2011 11:41:54 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Service Control Manager | ID = 7034
Description = The HyperW7 Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/27/2011 11:42:44 PM | Computer Name = DL-ITDEPT.MANNING.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.


< End of report >
  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Some stuff that was hiding is now visible so we are making progress


Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
[2011/06/15 07:18:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/27 12:54:12 | 000,007,470 | -HS- | M] () -- C:\Users\dloomis\AppData\Local\041730n6j756f472t653x1hmb4g0
[2011/11/27 12:54:12 | 000,007,470 | -HS- | M] () -- C:\ProgramData\041730n6j756f472t653x1hmb4g0
[2011/11/27 10:26:22 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/11/25 16:14:15 | 000,000,336 | ---- | M] () -- C:\ProgramData\IoohtsDmVFndjq

:files
type C:\Windows\SysWow64\config.nt /c
type C:\autoexec.bat /c
    
:Commands
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


Delete your old TDSSKiller and aswMBR files and redownload them. See if they will run now.

Ron
  • 0

#19
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hello,

Here is the latest log - still unable to run the new downloads of TDSSKiller and aswMBR,

***** i just changed the name of aswMBR and it looks like it is going to let me run*** - i will update shortly

**** After i changed the name of aswMBR it allowed me to run - still won't let me run TDSSKiller - After i ran
aswMBR the Fix button was still greyed out when i saved the log - the FIX MBR was enabled ****


========== PROCESSES ==========
All processes killed
========== OTL ==========
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
C:\Users\dloomis\AppData\Local\041730n6j756f472t653x1hmb4g0 moved successfully.
C:\ProgramData\041730n6j756f472t653x1hmb4g0 moved successfully.
C:\Windows\Tasks\SystemToolsDailyTest.job moved successfully.
C:\ProgramData\IoohtsDmVFndjq moved successfully.
========== FILES ==========
< type C:\Windows\SysWow64\config.nt /c >
C:\Users\dloomis\Desktop\geeks\cmd.bat deleted successfully.
C:\Users\dloomis\Desktop\geeks\cmd.txt deleted successfully.
< type C:\autoexec.bat /c >
C:\Users\dloomis\Desktop\geeks\cmd.bat deleted successfully.
C:\Users\dloomis\Desktop\geeks\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: Administrator.DL-ITDEPT

User: All Users

User: Classic .NET AppPool

User: Dave
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: DefaultAppPool

User: dloomis
->Java cache emptied: 17693 bytes

User: Public

User: test

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11272011_232652

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


========== PROCESSES ==========
All processes killed
========== OTL ==========
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
C:\Users\dloomis\AppData\Local\041730n6j756f472t653x1hmb4g0 moved successfully.
C:\ProgramData\041730n6j756f472t653x1hmb4g0 moved successfully.
C:\Windows\Tasks\SystemToolsDailyTest.job moved successfully.
C:\ProgramData\IoohtsDmVFndjq moved successfully.
========== FILES ==========
< type C:\Windows\SysWow64\config.nt /c >
C:\Users\dloomis\Desktop\geeks\cmd.bat deleted successfully.
C:\Users\dloomis\Desktop\geeks\cmd.txt deleted successfully.
< type C:\autoexec.bat /c >
C:\Users\dloomis\Desktop\geeks\cmd.bat deleted successfully.
C:\Users\dloomis\Desktop\geeks\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: Administrator.DL-ITDEPT

User: All Users

User: Classic .NET AppPool

User: Dave
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: DefaultAppPool

User: dloomis
->Java cache emptied: 17693 bytes

User: Public

User: test

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11272011_232652

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Edited by dl9796, 27 November 2011 - 10:49 PM.

  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Did you get a log from aswMBR?

Let's try ESET:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

Ron
  • 0

#21
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
i will try these programs - is this the log you are looking for?

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-27 23:37:15
-----------------------------
23:37:15.075 OS Version: Windows x64 6.1.7601 Service Pack 1
23:37:15.075 Number of processors: 4 586 0x2A07
23:37:15.075 ComputerName: DL-ITDEPT UserName: dloomis
23:37:19.724 Initialize success
23:37:19.802 AVAST engine defs: 11112701
23:40:26.753 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:40:26.769 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
23:40:26.816 Disk 0 MBR read successfully
23:40:26.816 Disk 0 MBR scan
23:40:26.816 Disk 0 unknown MBR code
23:40:26.816 Service scanning
23:40:27.798 Modules scanning
23:40:27.798 Scan finished successfully
23:44:29.942 Disk 0 MBR has been saved successfully to "C:\Users\dloomis\Desktop\geeks\MBR.dat"
23:44:29.942 The log file has been saved successfully to "C:\Users\dloomis\Desktop\geeks\aswMBR.txt"
  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Yes. Submit the file "C:\Users\dloomis\Desktop\geeks\MBR.dat to http://www.virustotal.com and let's see if they give it a 0/42 (last number may vary). If first number is not 0 then get the report and copy and paste it.
  • 0

#23
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
ok - i will submit - here is the quickscan report - the other scan is at 31%

i will update shortly

Thanks


QuickScan 32-bit v0.9.9.100
---------------------------
Scan date: Mon Nov 28 00:16:35 2011
Machine ID: 7E40CC55



No infection found.
-------------------



Processes
---------
Auto Scroll 3444 C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
Auto Scroll 5364 C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
avast! Antivirus 1488 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
avast! Antivirus 6536 C:\Program Files\AVAST Software\Avast\AvastUI.exe
Bing Bar 444 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
DocumentIndexingService 2240 C:\Program Files (x86)\InfoDynamics\Indexer\DocumentIndexingService.exe
Dropbox 6384 C:\Users\dloomis\AppData\Roaming\Dropbox\bin\Dropbox.exe
FineReader 2312 C:\Program Files (x86)\InfoDynamics\License Server\EngineDongleManager.exe
GoToMeeting 6732 C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mcomm.exe
GoToMeeting 6868 C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mlauncher.exe
GoToMeeting 6364 C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe
hMailServer 2636 C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe
IDM_DCPC_SNMP 2664 C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IDM_DCPC_SNMP.exe
IMPSDiscoveryEngine.Properties 2732 C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IMPSDiscoveryEngine.exe
IMPSUpdateEngine 2764 C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\IMPSUpdateEngine.exe
IntactFTPServer 3040 C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactFTPServer.exe
IntactWebServer 3104 C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactWebServer.exe
Intel® Active Management Technology L 4420 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
Intel® Management and Security Applic 1364 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
Intel® Identity Protection Technology 3332 C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
Message Center Plus 7896 C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
Microsoft SQL Server 3828 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
Microsoft SQL Server 3528 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
Microsoft® Windows® Operating System 6508 C:\Windows\SysWOW64\rundll32.exe
MobileDeviceService 740 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MWAServiceMonitor 3652 C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\DCPC Watchdog Service.exe
On screen display 3388 C:\Program Files\Lenovo\HOTKEY\micmute.exe
On screen display 1892 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
On screen display 5644 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
OnlineCmdLineScanner.exe 4996 C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PsiService System Service 3844 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
ScheduledTask 6892 C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
Service Runner 4276 C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\tomcat6.exe
SmartAudio Service Application 4060 C:\Windows\SysWOW64\SASrv.exe
ThinkPad UltraZoom 3052 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
ThinkVantage Communications Utility 3364 C:\Program Files\Lenovo\Communications Utility\CamMute.exe
ThinkVantage Communications Utility 3416 C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
ThinkVantage System Update Service 5968 C:\Program Files (x86)\Lenovo\System Update\SUService.exe
Ulead Systems ULCDRSvr 4184 C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
VMware Server 4544 C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe
VMware Server 4224 C:\Windows\SysWOW64\vmnat.exe
VMware Server 4652 C:\Windows\SysWOW64\vmnetdhcp.exe
vmware-hostd.exe 4760 C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe
Windows® Internet Explorer 7792 C:\Program Files (x86)\Internet Explorer\iexplore.exe


Network activity
----------------
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 199.47.216.149
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 199.47.216.149
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 63.140.35.28
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 74.125.226.105
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 69.171.242.14
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 74.125.226.105
Process iexplore.exe (7792) connected on port 443 (HTTP over SSL) --> 72.14.204.95

Process EngineDongleManager.exe (2312) listens on ports: 3826
Process hMailServer.exe (2636) listens on ports: 25 (SMTP), 110 (POP3), 143 (IMAP4)
Process IntactFTPServer.exe (3040) listens on ports: 1990
Process IntactWebServer.exe (3104) listens on ports: 1989
Process sqlservr.exe (3528) listens on ports: 55624
Process tomcat6.exe (4276) listens on ports: 8009, 8308
Process LMS.exe (4420) listens on ports: 623, 16992
Process vmware-authd.exe (4544) listens on ports: 902 (VMware Server), 912
Process vmware-hostd.exe (4760) listens on ports: 8222, 8333
Process Dropbox.exe (6384) listens on ports: 17500


Autoruns and critical files
---------------------------
avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastUI.exe
GoToMeeting C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
PC-Doctor for Windows C:\Program Files\PC-Doctor\uaclauncher.exe
ThinkPad Power Manager C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL
Windows® Internet Explorer c:\windows\syswow64\webcheck.dll
(verified) Google Update C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe
(verified) Google Update C:\Users\dloomis\AppData\Local\Google\Update\GoogleUpdate.exe


Browser plugins
---------------
AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
Akamai Download Manager ActiveX Control C:\Windows\Downloaded Program Files\DownloadManagerV2.ocx
Akamai Download Manager ActiveX Control C:\Windows\Downloaded Program Files\Manager.exe
avast! WebRep c:\program files\avast software\avast\aswwebrepie.dll
BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Google Update C:\Users\dloomis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
InstallShield Update Service C:\Windows\Downloaded Program Files\isusweb.dll
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
Microsoft® Windows® Operating System C:\Windows\system32\wshbth.dll
npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
Qualys BrowserCheck C:\Users\dloomis\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekpjhkjhpbabigpoojijebfpficekjp\1.3.23.1_0\qbc_sa.dll
Qualys BrowserCheck C:\Windows\Downloaded Program Files\qbc_ax.dll
Qualys BrowserCheck C:\Windows\Downloaded Program Files\qbc_sa.dll
Qualys BrowserCheck Plugin C:\Users\dloomis\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekpjhkjhpbabigpoojijebfpficekjp\1.3.23.1_0\npqbc.dll
QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
VMware Server C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll
VMware Server C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll
WebEx Download Module C:\Windows\Downloaded Program Files\ieatgpc.dll
Windows Activation Technologies C:\Windows\system32\Wat\npWatWeb.dll
Windows Live™ Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll


Missing files
-------------
File not found: "c:\program files (x86)\microsoft\bingbar\bingext.dll"
--> HKLM\Software\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\InprocServer32\"(default)"
--> HKLM\Software\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\InprocServer32\"(default)"


Scan
----
MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
MD5: 76691a9f50adb45f9162aa62bd5eeaa3 C:\Program Files (x86)\Citrix\GoToMeeting\723\g2m.dll
MD5: 2498acd594ce9a945f4ce9f0a0c66e01 C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mcomm.exe
MD5: 7388f146a20dfa33e72c4c7b17729944 C:\Program Files (x86)\Citrix\GoToMeeting\723\G2MIMessenger.dll
MD5: 2498acd594ce9a945f4ce9f0a0c66e01 C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mlauncher.exe
MD5: b1b55907f4362cc29fb53389a25b9f6a C:\Program Files (x86)\Citrix\GoToMeeting\723\G2MOutlookAddin.dll
MD5: 3f7e3c302c153fdc10f1465aaa66d9a5 C:\Program Files (x86)\Citrix\GoToMeeting\723\G2MResource_en.dll
MD5: 2498acd594ce9a945f4ce9f0a0c66e01 C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe
MD5: 203a74767eb81f96a5166b1933db46d0 c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: 848bc9a0bb2361e549fd4c22d7548fb8 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll
MD5: 37cf2461cb5e40c4cfab82c8fc79a2bc C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
MD5: fc33cbbb9cadcec307da010fe763d04c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
MD5: 054b87c872292a960b9b8a834b34dfa7 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
MD5: 250bf888ddbe88d61eb19a9d4957c794 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 5a963c340de1a01ba6e24945ce05d16a C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
MD5: f4bc62990e7e5c29799a895b80fc3177 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
MD5: 73862ff693168369a90f046e7f227b83 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MD5: 794950db77aa590c2964eca0a5874a09 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
MD5: 152f8772d5a5cd7883305c3b8d28470e C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
MD5: 8ba9851e671e8b5e49e303748ffd530c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: 8b22cf51b907e3a221267cf1e502993a C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.DLL
MD5: 2e14406e05789f91c9282ae7cfca3a07 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: d8e18021f91ad79ca8491cb5a5da22d4 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: 500bbc336e6273a3035ced554acb1ef6 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
MD5: c440345a38fda337afb7333863cc8533 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll
MD5: fec28be7ce8a94794deebc8c46886a33 C:\Program Files (x86)\Common Files\Gravic\RemarkFTPUtility12.exe
MD5: bab30d2799754f6ea22f0b9076311793 C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
MD5: 175494c00a40925ceb6f71514734e8f2 C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
MD5: e9901a7e569c4156fda69f5c9356b8ed C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MD5: 6bf01e200063d7274f3af06d226671f5 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
MD5: da579734b4375740efee86ffdfed57a7 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL
MD5: 9d4a1690af93f233e15380398bec7431 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: f036cfb275d0c55f4e45fbbf5f98b3c8 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
MD5: ca9dca108124558eed6f3b5cdb76f7e8 C:\Program Files (x86)\Common Files\System\ado\msado15.dll
MD5: 17ad6a5e8a3e68d3f77894b02b88bf92 C:\Program Files (x86)\Common Files\System\ado\msadrh15.dll
MD5: e2095c5cbe19cb17f8c6b07a5805b784 C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll
MD5: be788a747457e6916586c410ec0111e7 C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
MD5: a95760bba94e2c9775f5a214c828bfc6 C:\Program Files (x86)\ESET\ESET Online Scanner\esets_apiW_a.DLL
MD5: 355c4a751883ef73850f74d7ef97fbcb C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
MD5: 751ee920d6811584e5b1f0b153a5a4e2 C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScanner.ocx
MD5: 950ce8c2f30bccf02fac3669709bec91 C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe
MD5: 9c58fdb7e1f7729978172e9418f5e84f C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactFTPServer.exe
MD5: bbfccf642fe8d74a8ac82b3c8130a1b3 C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactWebServer.exe
MD5: 8027ca6f632598579787e393f4bce9f7 C:\Program Files (x86)\InfoDynamics\Indexer\bus_DocumentIndexing.dll
MD5: 7558d89439319c4d1675fa307e44a55d C:\Program Files (x86)\InfoDynamics\Indexer\BusinessLogic.dll
MD5: d075b85e549f0fed5c0893ec5101ebb9 C:\Program Files (x86)\InfoDynamics\Indexer\DocumentIndexingService.exe
MD5: c9e6b75f51935cdce90dce22c27cb0d3 C:\Program Files (x86)\InfoDynamics\Indexer\Impersonator.dll
MD5: 15a3b56a5fa11bc6506e4ecdc84cdea8 C:\Program Files (x86)\InfoDynamics\Indexer\Intact.Common.Logging.dll
MD5: 7cbdf11c630458de0e191196de66b453 C:\Program Files (x86)\InfoDynamics\Indexer\Intact.Common.Settings.dll
MD5: 5008fe9f32e9d5df767062e546e376c9 C:\Program Files (x86)\InfoDynamics\IntactActionService\IntactActionService.exe
MD5: a2e847e2d181f2fd5a98f4bc1162b474 C:\Program Files (x86)\InfoDynamics\License Server\EngineDongleManager.exe
MD5: 1463fc3c95d4bfe6dfa8daad08bf1372 C:\Program Files (x86)\InfoDynamics\License Server\FineNet.dll
MD5: 5f8abfa2c162842541162fd0dab00b1d C:\Program Files (x86)\InfoDynamics\License Server\FineObj.dll
MD5: 97f9eaac985a663394cd8f54dcd3e73a C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
MD5: d480c9220bfe667de65a46cde80ea7e9 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\StatusStrings.dll
MD5: a69cd6bdb82872999d2e46f9324ada83 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
MD5: 122f89e0905fc656d56f65cd7a2e9b4d C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\xerces-c_2_7.dll
MD5: 3b794ca0de73790420deba3c759f1502 C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MD5: d9d5b8876afaef641fa71cf40ebfa4f2 C:\Program Files (x86)\Internet Explorer\IEShims.dll
MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files (x86)\Internet Explorer\iexplore.exe
MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
MD5: ef900ef15f71bb7ac415bd5cef90b56d C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
MD5: 3b376496187ab240fac6ecd7bd1251f6 C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
MD5: 266d6be20b40b7dc0949f5108e838b5e C:\Program Files (x86)\Lenovo\System Update\SUService.exe
MD5: db6a88ba1fcf21d93e523f40bf161a9a C:\Program Files (x86)\Lenovo\System Update\TvsuServiceCommon.dll
MD5: 676ccc08d9e9a3f4ca39cb04e97048df C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MD5: fb8c6a46eaf7585d2ca8583c4c9a8edf C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
MD5: 47fc5a4a45e883a36aff884b3e6073b1 C:\Program Files (x86)\Microsoft Office\Office14\MSOHEV.DLL
MD5: a5d08b86e8a437aa6deaf7a187bf6ca5 C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
MD5: ce6db25ffa35fd051c503f11db745862 c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
MD5: 0be914c883471e9f728e9e690d51bdec C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sqlceer35EN.DLL
MD5: 063aa78559ccd459e8613a727ee1cbe4 C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sqlceme35.dll
MD5: 600e3ffdf25fc92c064e5225ff0d3b96 C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sqlceoledb35.dll
MD5: 30b8190c119ee82a2fea935c82f90bf8 C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sqlceqp35.dll
MD5: f400387a9f86ca917d89e53d46deb02e C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sqlcese35.dll
MD5: 1d89eb4e2a99cabd4e81225f4f4c4b25 c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
MD5: 86ebd8b1f23e743aad21f4d5b4d40985 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
MD5: e111ced19d6a9ff9bba5c219d0c5a3ce c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\opends60.dll
MD5: 247fe8defbb95a4319c7b4b215f92891 c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\Resources\1033\sqlevn70.RLL
MD5: d6d4130c0bbc0d18c2da703cc38260a9 c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlos.dll
MD5: 837608240884733792ddae81e50b802a C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
MD5: 93ee7d9c35ae7e9ffda148d7805f1421 C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
MD5: 78c3c413e736dbf4b0fb97d6af563357 C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
MD5: 1b23409d62a7d88df6669cedcc7ee2f2 C:\Program Files (x86)\Microsoft\BingBar\DefMgr.DLL
MD5: cc781378e7eda615d2cdca3b17829fa4 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
MD5: b559228cf4ca5c5273083a090cc1696b C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IDM_DCPC_SNMP.exe
MD5: 9ab26a13d3baca8eb0f665aec1b2cff9 C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IDMSDK_NETWORK.dll
MD5: 39ae9ecec8cd3bc62dd9f818fc855c71 C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IDMSDKApi_NETWORK.dll
MD5: 59668c94095323cc305ecfe14c0bb78f C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IDMSDKWrapper_NETWORK.dll
MD5: e50a66dddf3a504b7e75efb437c224c5 C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IMPSCompactDatalayer.dll
MD5: 99996b6e4a1fd5ab4aed33fe6896e1d9 C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IMPSCoreLib.dll
MD5: c03e935fbdf907f83e0b9abc30f67145 C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IMPSDiscoveryEngine.exe
MD5: 19a800d84da1c9ed3cbe4397104ffd66 C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\DCPC Watchdog Service.exe
MD5: 2fb59239c18f1c3712701019a51a8fda C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\IMPSUpdateEngine.exe
MD5: e6c840b5a90a1373694ead590ea46147 C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
MD5: 082488afdce9f13b4507d86b1fd217e8 C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
MD5: 1aa7cbf8a9e60d23e7b1129e5fecf4c3 C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL
MD5: 5c3a41edd6f1d449e998326e85d72ce9 C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
MD5: 9a578aff834e3b09714511c1823855fe C:\Program Files (x86)\VMware\VMware Server\common.dll
MD5: 4e49c6cb5e16bd0ddbfe9abd65f54683 C:\Program Files (x86)\VMware\VMware Server\diskLibWrapper.dll
MD5: caeccd39fd387344728a43e9f4de4539 C:\Program Files (x86)\VMware\VMware Server\hostsvc.dll
MD5: 7a1178892f7552cf27b23c7cde48f243 C:\Program Files (x86)\VMware\VMware Server\iconv.dll
MD5: d14b75b235d2342431fadaa1f2195f42 C:\Program Files (x86)\VMware\VMware Server\internalsvc.dll
MD5: b59e44712e37c54419137c06f4e84a46 C:\Program Files (x86)\VMware\VMware Server\jre\bin\client\jvm.dll
MD5: 7914cd5497b3ae29399aadbaac916caa C:\Program Files (x86)\VMware\VMware Server\jre\bin\hpi.dll
MD5: c0233b762446ba3517a06b5c03fc105c C:\Program Files (x86)\VMware\VMware Server\jre\bin\java.dll
MD5: f6b00f73a428eadd31625b3bdc5945b6 C:\Program Files (x86)\VMware\VMware Server\jre\bin\net.dll
MD5: bd25b17fc34a6b4b6b397a7db647a8a6 C:\Program Files (x86)\VMware\VMware Server\jre\bin\verify.dll
MD5: 280dfd6d296d4af3641c1e175a0ebc44 C:\Program Files (x86)\VMware\VMware Server\jre\bin\zip.dll
MD5: 14020506f4620972db2c9d97c434bd01 C:\Program Files (x86)\VMware\VMware Server\libeay32.dll
MD5: c14ddaaf672436a61c2735161a909b63 C:\Program Files (x86)\VMware\VMware Server\libxml2.dll
MD5: 9ab40012ec7649dd3fef625e92fc9840 C:\Program Files (x86)\VMware\VMware Server\nfcsvc.dll
MD5: 0138cbd0f5f4dccd504a3abef4ae5490 C:\Program Files (x86)\VMware\VMware Server\platform.dll
MD5: 31e6eb4479cde3d4129c02026a7c9ed0 C:\Program Files (x86)\VMware\VMware Server\proxysvc.dll
MD5: d0d6a4e355e403b180126c864141ba6f C:\Program Files (x86)\VMware\VMware Server\solo.dll
MD5: 85c81f8c30da4c671a7f09d6bc4bab5a C:\Program Files (x86)\VMware\VMware Server\ssleay32.dll
MD5: 78c97d5365d3fe7414dfda98c54dbfd1 C:\Program Files (x86)\VMware\VMware Server\statssvc.dll
MD5: 68bfdd72611975cb9e280a8411a53f97 C:\Program Files (x86)\VMware\VMware Server\supportsvc.dll
MD5: 6a3c0505eeeba32ecf7ebac24d6bbf81 C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\tomcat6.exe
MD5: bc58da04203458caaa25fd928f103648 C:\Program Files (x86)\VMware\VMware Server\types.dll
MD5: 8100befc5030a96e20d1a9bd1d850bd2 C:\Program Files (x86)\VMware\VMware Server\vcsvc.dll
MD5: bd1de59b90d3492489e722dd6bf16b51 C:\Program Files (x86)\VMware\VMware Server\vimsvc.dll
MD5: 8f8ac51b4f6468fdf3dce9217877e519 C:\Program Files (x86)\VMware\VMware Server\vmacore.dll
MD5: 97732042111fc7702faf0f313ca5c849 C:\Program Files (x86)\VMware\VMware Server\vmnetMgr.dll
MD5: 2e0969d7d8b5a2712ee90a238686a961 C:\Program Files (x86)\VMware\VMware Server\vmomi.dll
MD5: 3f6374350c71b0930a469f1bfdccdd1d C:\Program Files (x86)\VMware\VMware Server\vmsvc.dll
MD5: 2adb5aa0cee70782f19deecd544405b5 C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe
MD5: 84fe6a8a8c14a01f9b20ece6d7c42521 C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe
MD5: 4e922bb68cf67ac5712afa2f9585d6e2 C:\Program Files (x86)\VMware\VMware Server\vmwarebase.DLL
MD5: 4745cc01e8825c182028c231fc7afa61 C:\Program Files (x86)\VMware\VMware Server\VNETLIB.dll
MD5: e8849f6a781edc774ae77e27dca69f37 C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll
MD5: 8696446e24e3cef75eaefa064dac6076 C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll
MD5: 14a6eee8b363f56ceaaca8deb10d4534 C:\Program Files (x86)\VMware\VMware Server\zlib1.dll
MD5: ac421a44de902f2627f1e63793ed89cd C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
MD5: b60f58f175de20a6739194e85b035178 C:\Program Files (x86)\WinPcap\rpcapd.exe
MD5: dbbb63fe48c45f441f0165ffaa9a0ead C:\Program Files\AVAST Software\Avast\1033\Base.dll
MD5: e5a781e810109d38069e73659028c008 C:\Program Files\AVAST Software\Avast\1033\UILangRes.dll
MD5: 66e311cd6a9fba55aaf6d26e8199bffa C:\Program Files\AVAST Software\Avast\Aavm4h.dll
MD5: a718f0be9356554342ce7ba1d18fff5c C:\Program Files\AVAST Software\Avast\AavmRpch.dll
MD5: 6c82672611e42577b2b07a49e72985bb C:\Program Files\AVAST Software\Avast\AhResBhv.dll
MD5: 981982e3a175f931dc60107ef74f54e3 C:\Program Files\AVAST Software\Avast\AhResJs.dll
MD5: dab8f3fce714a6d675e3d036e69cf373 C:\Program Files\AVAST Software\Avast\AhResMai.dll
MD5: 1eebea23ace1889d6ba1c1c7d37cd11b C:\Program Files\AVAST Software\Avast\AhResMes.dll
MD5: 7aa9d8c998a267ce5caa4e903caed4d0 C:\Program Files\AVAST Software\Avast\AhResNS.dll
MD5: 8a88089916efdd23157dbb4a9e79dd1b C:\Program Files\AVAST Software\Avast\AhResP2P.dll
MD5: c5cc2862c4f081efe0e8c1a81f1f6125 C:\Program Files\AVAST Software\Avast\AhResStd.dll
MD5: 8bd3aa83d4b9dbb922cf1655ae388d09 C:\Program Files\AVAST Software\Avast\AhResWS.dll
MD5: a33de5c0c163d77b0c8ca6eb02b82f12 C:\Program Files\AVAST Software\Avast\ashBase.dll
MD5: 1a8e2109eec95e3f721cca31e472eab0 C:\Program Files\AVAST Software\Avast\ashMaiSv.dll
MD5: 17154c42a5456364fa347e3ead7a6d2c C:\Program Files\AVAST Software\Avast\ashServ.dll
MD5: 2be6e4e89ec6427d714452310ba85c60 C:\Program Files\AVAST Software\Avast\ashTask.dll
MD5: 3d1aeb7286494687b1c8c0f8bd8f2970 C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
MD5: d1ab297ac3b2e8e7331be1431a6c91e3 C:\Program Files\AVAST Software\Avast\ashWebSv.dll
MD5: bd55cc542e83a1b269b83ee852303d23 C:\Program Files\AVAST Software\Avast\ashWsFtr.dll
MD5: d7c07dbbbfb79da44c1e48ee9b1e8114 C:\Program Files\AVAST Software\Avast\aswAux.dll
MD5: 9cc01ae4fa1b79199ad6ad3c6b1c0a7b C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
MD5: 5219f4819c46e3b19ae7d60b03266db4 C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
MD5: 2dad4523a6374bd027b1788840e44c26 C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
MD5: 2ef0199d5ea4b05cbd7bf5b33ab624d0 C:\Program Files\AVAST Software\Avast\aswData.dll
MD5: b5f186d148edd7a29d9169b8fcff281e C:\Program Files\AVAST Software\Avast\aswDld.dll
MD5: ec2b57d3be2a5fa938d50bf9d5c52f0b C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
MD5: 8e3c04cb60d582ee0bb95245afbfc986 C:\Program Files\AVAST Software\Avast\aswIdle.dll
MD5: 586faeeee2dbd8364f174254bf5d65fe C:\Program Files\AVAST Software\Avast\aswLog.dll
MD5: 302eda53097b7e1d56b221485ea63ac5 C:\Program Files\AVAST Software\Avast\aswProperty.dll
MD5: 3eafd8472ac9802260dd206569eeebd9 C:\Program Files\AVAST Software\Avast\aswSqLt.dll
MD5: 067232b48472353aa5391f696b53f521 C:\Program Files\AVAST Software\Avast\aswStrm.dll
MD5: 76315880bb6688e840b4d93e134a6765 C:\Program Files\AVAST Software\Avast\aswUtil.dll
MD5: 5bda46ace462ab52f79a3ea45f513cf8 c:\program files\avast software\avast\aswwebrepie.dll
MD5: c76769f246250edad34a5581419e9d60 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
MD5: e2b4488830b9f047930bb5fe0e4fd71b C:\Program Files\AVAST Software\Avast\AvastUI.exe
MD5: ec8ef68b248c17218e6060d5837a45e4 C:\Program Files\AVAST Software\Avast\CommonRes.dll
MD5: 37e2d1dc9a70dfeb2b9a77a6a9d0d09a C:\Program Files\AVAST Software\Avast\defs\11112701\algo.dll
MD5: a9e62f68160afe709ccac0c3f9c9a54a C:\Program Files\AVAST Software\Avast\defs\11112701\aswCmnBS.dll
MD5: 263e2a45b9313f1d4a1434780010e111 C:\Program Files\AVAST Software\Avast\defs\11112701\aswCmnIS.dll
MD5: b0c0a065a956809805108cd8ea201b17 C:\Program Files\AVAST Software\Avast\defs\11112701\aswCmnOS.dll
MD5: cd83b3f9f8f9f695622e88f67b0865eb C:\Program Files\AVAST Software\Avast\defs\11112701\aswEngin.dll
MD5: f1978479d77fadf09428f6b027c0fff4 C:\Program Files\AVAST Software\Avast\defs\11112701\aswFiDb.dll
MD5: 46a507fc82e5d24c3765414435c528a7 C:\Program Files\AVAST Software\Avast\defs\11112701\aswRep.dll
MD5: c9aca8cbbde87af5a9c301e5689a29f0 C:\Program Files\AVAST Software\Avast\defs\11112701\aswScan.dll
MD5: 49d990f2f10244c19a5bb5a050f87cbb C:\Program Files\AVAST Software\Avast\defs\11112701\uiExt.dll
MD5: 7b809dac75fe322aa789c5d0dc3f6a34 C:\Program Files\AVAST Software\Avast\snxhk.dll
MD5: f9d908de6b166dac9b89bf62fa291ce8 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: ebbcd5dfbb1de70e8f4af8fa59e401fd C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 189c5a8d2098e0aa14fd157a954b34fc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
MD5: 28ad5e311996a34025cfb07e131058dd C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 7e47c328fc4768cb8beafbcfafa70362 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
MD5: 8b6c9924b0d333dbf76086b8258a0891 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
MD5: 3c0d4b3e80fc4854ca325dd123cc4ded C:\Program Files\iPod\bin\iPodService.exe
MD5: 45675fff153adb349b74d1d5878bd33a C:\Program Files\Lenovo\Communications Utility\CamMute.exe
MD5: 25d2aaff167f435227148aaa77a79863 C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
MD5: fce735941da27929dbfc1918f286ffd8 C:\Program Files\Lenovo\HOTKEY\micmute.exe
MD5: 9883f853e33f97f47aa7852b318a50f1 C:\Program Files\LENOVO\HOTKEY\micmute6.dll
MD5: 63626012e44caaa162677b57b6dcb542 C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
MD5: 9e6e4a9789f76593cc5a6a5af8fc5929 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
MD5: 04a3bc80c000bab671e4146f6c651cd1 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
MD5: 9149907ff8681ad6475607eebf62dd2f C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
MD5: 18eea095af22ac5fa16fc27fb98c82d3 C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
MD5: 6f2cc57eb5836d2ac9bd37f3554d55f8 C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
MD5: 6e5e3c98a40d873fab931d8c79717be4 C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
MD5: 8c0f448c6a1825bee29afef76c3d6bf3 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
MD5: 4219b4ec2ad8445d9a3ba4dc8b171721 C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
MD5: c41fd77284f761aece2cfe69498c3657 C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
MD5: 3c432a96363097870995e2a3c8b66abd c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
MD5: 63ad43453681881ada8a238a303ddac2 C:\Program Files\PC-Doctor\uaclauncher.exe
MD5: eb4afe08fb39bb444f221d7d501e0915 C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
MD5: 06c8fa1cf39de6a735b54d906ba791c6 C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
MD5: a9f3bfc9345f49614d5859ec95b9e994 C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: 7d76f4063e4b3dab8a77b9bc55da0eb3 C:\Users\dloomis\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekpjhkjhpbabigpoojijebfpficekjp\1.3.23.1_0\npqbc.dll
MD5: e060adffd6a433ca9d5f30c9d1cef4c1 C:\Users\dloomis\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekpjhkjhpbabigpoojijebfpficekjp\1.3.23.1_0\qbc_sa.dll
MD5: 8c2044169be2224c8a7cb8e81e7581af C:\Users\dloomis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
MD5: 05a72e267523163acdb753a6ec36ce2f C:\Users\dloomis\AppData\Roaming\Dropbox\bin\Dropbox.exe
MD5: 6d74290856347cf8682277a54b433d4b C:\Users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
MD5: 0b02d9aa67eea2c5524943b69418512e C:\Users\dloomis\AppData\Roaming\Dropbox\bin\PYTHON25.DLL
MD5: 9c17dcd6ddfeb1a012544faf4f2789f6 C:\Windows\AppPatch\AcGenral.DLL
MD5: 368b2bee3f88bfb883d2c74a258de6f6 C:\Windows\AppPatch\AcLayers.DLL
MD5: 6d7de520d8aa80a243347becd401eb54 C:\Windows\AppPatch\AcWow64.DLL
MD5: 35cab7cf3754c41aeb69dce1d5aca5a4 C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MD5: ee63be840c77aa9dddd5bf66bcf98f87 C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
MD5: 638f45c6397c911828d2a478729b23aa C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MD5: 3967e309bd3c1de0574cdd5a2c06cfc4 C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6294f61f25c953212b92b7e13a0fd9c1\SMDiagnostics.ni.dll
MD5: 3e80e0995b343504acdc380a6e485193 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MD5: 2b0372f5812cb15ad3b8bde8f84be4a1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MD5: 20d0106aad6110b0c81b625c1b41b0bf C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\c523aa7f545394a1ed7f9a6358cf18e3\System.Data.DataSetExtensions.ni.dll
MD5: 59a227126a73cd6eb3331f99bfd037ee C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MD5: ae6ed044b086de628d79456baf2acf36 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MD5: e36799de6ca1a8d4787273d20a6f30cc C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll
MD5: 3da097922954e10b426b39080d9218d7 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\92422bb40324d57ccd11c1cd9d50d8cf\System.IdentityModel.ni.dll
MD5: 536f6963798ce038090fa047a9026949 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\76692f411b404f1db0c95d81dd537c37\System.Runtime.Serialization.ni.dll
MD5: ccc62376578b3af99d961fd1bea91aa7 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\01a1449b79d76e7cf39438cdd55cefbf\System.ServiceModel.Web.ni.dll
MD5: e15ff0fd41e998a7ce27af1f1cf8dca3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\64ef7169e1266b6a98131b82bddd234b\System.ServiceModel.ni.dll
MD5: 0b8a02326aaa52df2878ead4b3faf2d5 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
MD5: 184ff46fb1d3f6af12c443d07a67fa6b C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll
MD5: 51366f2498b4513303419df670fedc9c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a512243ee9900e621fb8cd990a9c679d\System.Web.Services.ni.dll
MD5: c53291a27182148d28f47cfc2bdadff5 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MD5: a59af86f303b943da25724ef1a9060f6 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MD5: ab9f92ad696b4f7f65f3103f938289b5 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\613ca3fba5bbcf6e9346170c9c2e4e65\System.WorkflowServices.ni.dll
MD5: a2fbad05e30d830e9208b6e8dfb409f6 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MD5: c1ef78195dee2d5c6175b4bc1f4d69a0 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MD5: c8cae88631528d91440e7993762743cd C:\Windows\Downloaded Program Files\DownloadManagerV2.ocx
MD5: d656d4e13542e65ba43462f41c144b0f C:\Windows\Downloaded Program Files\ieatgpc.dll
MD5: 1245e33c050e61191059eaa33d9ce6c9 C:\Windows\Downloaded Program Files\isusweb.dll
MD5: a7e770b48cb0b6eb979fa6c518b1b518 C:\Windows\Downloaded Program Files\Manager.exe
MD5: f35d6c67267b33e15f71479e24ffcd43 C:\Windows\Downloaded Program Files\qbc_ax.dll
MD5: e060adffd6a433ca9d5f30c9d1cef4c1 C:\Windows\Downloaded Program Files\qbc_sa.dll
MD5: 1fa2274532e71bc48bbcc0046a5d4c4a C:\Windows\Downloaded Program Files\qsax.dll
MD5: c4002b6b41975f057d98c439030cea07 C:\Windows\ehome\ehRecvr.exe
MD5: 332feab1435662fc6c672e25beb37be3 C:\Windows\Explorer.exe
MD5: 1838f16e9ce03b993fc500703b711dab C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe
MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: 7b46a076184b73aedc1a66a71d9131e8 C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
MD5: 59d16fd61802739988728790bf1232b3 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: 96076b8fcdff3c6db4ccfbf7fe3a9b28 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MD5: 773212b2aaa24c1e31f10246b15b276c C:\Windows\servicing\TrustedInstaller.exe
MD5: 521b748a7f9923302ca18b7e6aa2eeae C:\Windows\system32\ACTIVEDS.dll
MD5: 37ce7a79d901235504f9add99a7ac177 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 7a044b0746d957bfd7aae18cfd8422c5 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: cb4863f2bd46aa02d954b86b56a149da C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: 2cae4ed96aa903578452b85e5383940c C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: e96170a923a69711b4d08e885f05d889 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 15df9eb8daba744e4d0e9b117f760f49 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: a2385b02cb492131af6f79959a42a93f C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 88dc1714e38d4eb41a4378aab98e753b C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: b302a1630e5aea2d830b76bbcd761d72 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: 22f767bb3b704f79363999bd4a49e68e C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 00b83152f99e846fefb139c574cd4a96 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 50035c36acee069d0c209288208626d9 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: cdf677ad479fa99f2e4d9766b83ef53c C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: 12c34c7325b74e8347e8db75279a8f3f C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 96324ed3218133a13fff82055afac733 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: a7bdf88a46bcc218b73e383e6547ba5f C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 573c70d7076f2f101752a727db7c2280 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 0cc90316b34118e3b8af760d92c262a4 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: 6f399c3e562c4e69df96039743a7aa26 C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: f3b94e04053c2483a6fecf953d6661d6 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: c6942a18444bfffc3cceca69a7e1879c C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: f47e08b025ae376ef1342fc9ecfecdf1 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\Windows\system32\apphelp.dll
MD5: c940f2f5c60b3727c5f18840735b229c C:\Windows\system32\AUDIOSES.DLL
MD5: 45760eecc8b74b251171be4f247f17cb C:\Windows\system32\BROWCLI.DLL
MD5: 7a6986dd659b96398a11af5173892715 C:\Windows\system32\Cabinet.dll
MD5: ad7b9c14083b52bc532fba5948342b98 C:\Windows\system32\cmd.exe
MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\Windows\system32\credssp.dll
MD5: 454e292861a4ef1d72f43f42bbaf6917 C:\Windows\system32\CRYPT32.DLL
MD5: a585bebf7d054bd9618eda0922d5484a C:\Windows\system32\cryptsvc.dll
MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:\Windows\system32\cscapi.dll
MD5: 35cede6439ff0d8903223a0817ffe46c C:\Windows\system32\d2d1.dll
MD5: 2de90400a63818fa38c4c5c9adb166bf C:\Windows\system32\d3d10_1.dll
MD5: 9c36a3ca80f9b204c670336d344f5df8 C:\Windows\system32\d3d10_1core.dll
MD5: 6ef5f3f18413c367195f06e503ab86a6 C:\Windows\system32\d3d9.dll
MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C:\Windows\system32\dbghelp.dll
MD5: 162d247e995eaebf3ef4289069e1111c C:\Windows\system32\DEVRTL.dll
MD5: e9e01eb683c132f7fa27cd607b8a2b63 C:\Windows\system32\dhcpcore.dll
MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\system32\DNSAPI.dll
MD5: 062373995eae5f0eac9eaa9192136bfb C:\Windows\system32\dnssd.dll
MD5: 0a5c7253183a6f956d10a3a4bbc96288 C:\Windows\system32\DWrite.dll
MD5: 0411b7958c524bb2e91ee1b3035fe321 C:\Windows\system32\dxgi.dll
MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\Windows\system32\Explorer.exe
MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\Windows\system32\explorerframe.dll
MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\Windows\System32\fwpuclnt.dll
MD5: ed6f6fbbcdec95483b7351e23f4fcdf6 C:\Windows\system32\IEADVPACK.DLL
MD5: f0f079a8a947fcfbf8275be7ec1a35ae C:\Windows\system32\IEFRAME.dll
MD5: 83424cf46ffef33736df95c6db52f4bb C:\Windows\system32\IEUI.dll
MD5: b9f3b0cc249c2e00d19a5e2000a21aec C:\Windows\system32\igd10umd32.dll
MD5: 79564d36fefbaed9ec2ce951d2ae6d4c C:\Windows\system32\igdumd32.dll
MD5: 2d31ca6ce58fc999c6603339ab3aaff2 C:\Windows\system32\igdumdx32.dll
MD5: 68563ac389f92ee79f1c714288ba1dce C:\Windows\system32\ImgUtil.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\system32\IMM32.DLL
MD5: d1af38fbac0dc7e6d796b0ed01707ee0 C:\Windows\system32\inetsrv\apphostsvc.dll
MD5: 57c8c20bfa5bef6bd851ebac67a8ced0 C:\Windows\system32\inetsrv\iisw3adm.dll
MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\system32\IPHLPAPI.DLL
MD5: 47beaa841455fbefbad547a3d2adde10 C:\Windows\system32\LMabcoms.exe
MD5: 8ea53101ff2b15bdff934b62a8fb326d C:\Windows\system32\LOGONCLI.DLL
MD5: 243974ec02f7ae49e4179c54624143ab C:\Windows\System32\MMDevApi.dll
MD5: d4191efab91e00fc09257aa5ebaf503b C:\Windows\system32\MPRAPI.dll
MD5: 7f8678c59f188528d60104e697c2361e C:\Windows\system32\mscms.dll
MD5: d83947a58613e9091b4c9cc0f1546a8d C:\Windows\SYSTEM32\MSCOREE.DLL
MD5: 7069aab8536f29ed7323140973a2894b C:\Windows\system32\msdmo.dll
MD5: 04e0cd31a63dfc0d73725a3d1768fb5a C:\Windows\system32\MSHTML.dll
MD5: eee470f2a771fc0b543bdeef74fceca0 C:\Windows\system32\msiexec.exe
MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll
MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\Windows\system32\mswsock.dll
MD5: 4205ca4cd43e725db9ff02b0a588a8c6 C:\Windows\System32\msxml3.dll
MD5: 269d867585cda04d3972a39f3694e7df C:\Windows\System32\msxml6.dll
MD5: 8b57a1ad493653bb57f281fe75dd175b C:\Windows\System32\NaturalLanguage6.dll
MD5: 8ce1a6d16b9077e91e192499eb611c5f C:\Windows\system32\NetApi32.dll
MD5: 20b3934db73eaba2b49b7177873cb81f C:\Windows\system32\netutils.dll
MD5: 104a1070e90f1c530328e69b49718841 C:\Windows\System32\nlaapi.dll
MD5: eb77db354791a5932ca559b6f6374e95 C:\Windows\system32\ntshrui.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\system32\OLEACC.dll
MD5: 487f44b08efeaf5ad087878357b9403d C:\Windows\system32\pdh.dll
MD5: edd2ad141debd425d74a52a4d7be6ac4 C:\Windows\System32\Perfctrs.dll
MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\Windows\system32\pla.dll
MD5: 12c45e3cb6d65f73209549e2d02eca7a C:\Windows\System32\PROPSYS.dll
MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\Windows\system32\provsvc.dll
MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\system32\RpcRtRemote.dll
MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\Windows\system32\rtutils.dll
MD5: 68ecca523ed760aafc03c5d587569859 C:\Windows\system32\SAMCLI.DLL
MD5: 236f286e103fd44bd85fdd93097fd5dd C:\Windows\system32\SearchIndexer.exe
MD5: a8ce0c7f1d37e0b8082608a148b6b976 C:\Windows\system32\secur32.dll
MD5: 4ae380f39a0032eab7dd953030b26d28 C:\Windows\system32\sessenv.dll
MD5: be247ae996a9fde007a27b51413a6c79 C:\Windows\System32\shdocvw.dll
MD5: 414da952a35bf5d50192e28263b40577 C:\Windows\System32\shsvcs.dll
MD5: 8f5171c837e64ff0ac48f0a29dd9e180 C:\Windows\System32\snmp.exe
MD5: 4b9e4ce667df26ada061aa81e9aa841d C:\Windows\system32\SPFILEQ.dll
MD5: 26e8b61be3826318587ce66b37fd9e48 C:\Windows\system32\spool\DRIVERS\x64\3\OPHGLDCS.EXE
MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\Windows\system32\srvcli.dll
MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\system32\SXS.DLL
MD5: 613bf4820361543956909043a265c6ac C:\Windows\System32\tapisrv.dll
MD5: f5aaa8cdda25b6387af590d676d25bad C:\Windows\System32\tcpsvcs.exe
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\system32\USERENV.dll
MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 c:\windows\system32\userinit.exe
MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\system32\wbem\fastprox.dll
MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\system32\wbemcomn.dll
MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\Windows\System32\wcncsvc.dll
MD5: d205c24a9d069049fe2df2a1b38726a7 C:\Windows\system32\wdmaud.drv
MD5: a9d880f97530d5b8fee278923349929d C:\Windows\System32\webclnt.dll
MD5: 02c61d8ad469417f5508225c75de3236 C:\Windows\system32\webio.dll
MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\Windows\system32\windowscodecs.dll
MD5: ca9f7888b524d8100b977c81f44c3234 C:\Windows\system32\WINHTTP.dll
MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\system32\WINMM.dll
MD5: 9419abf3163b6f0e3ad3dd2b381c879f C:\Windows\system32\WinSCard.dll
MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\system32\WINSPOOL.DRV
MD5: 418e881201583a3039d81f43e39e6c78 C:\Windows\system32\WINSTA.dll
MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\Windows\system32\wkscli.dll
MD5: a8cdf3768604ff95b54669e20053d569 C:\Windows\system32\WSCAPI.dll
MD5: ac122407b29378ff9646f03404ac7c54 C:\Windows\system32\wshbth.dll
MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\Windows\system32\WsmSvc.dll
MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\system32\WTSAPI32.dll
MD5: edf2a5e96bec469da3f64e9bdd386111 C:\Windows\system32\xmllite.dll
MD5: d2958325c1ae1ae37a83334c6229e3bc C:\Windows\SysWOW64\actxprxy.dll
MD5: 95e2376b3323f062eb562b8586d0f14a C:\Windows\syswow64\ADVAPI32.dll
MD5: f436e847fa799ecd75ad8c313673f450 C:\Windows\syswow64\CFGMGR32.dll
MD5: d1de1eafde97be41cf6585027ff3e732 C:\Windows\syswow64\COMDLG32.dll
MD5: 454e292861a4ef1d72f43f42bbaf6917 C:\Windows\syswow64\CRYPT32.dll
MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C:\Windows\syswow64\DEVOBJ.dll
MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\SysWOW64\DNSAPI.dll
MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll
MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll
MD5: d6d3ad7bf1d6f6ce9547613ed5e170a2 C:\Windows\syswow64\GDI32.dll
MD5: ee9d715af1b928982f417238b9914484 C:\Windows\SysWOW64\ieapfltr.dll
MD5: f0f079a8a947fcfbf8275be7ec1a35ae c:\windows\syswow64\ieframe.dll
MD5: 217557259182c86a6d3ade11bc42b74a C:\Windows\syswow64\iertutil.dll
MD5: b2fd31e20b423335fe3273b4bf95813c C:\Windows\syswow64\imagehlp.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\syswow64\IMM32.dll
MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\SysWOW64\IPHLPAPI.DLL
MD5: 3be120ba72475250fa6bfcb3bee6a7f7 C:\Windows\SysWOW64\jscript9.dll
MD5: 2f4348dc0d06a0eba5f5c4cb435790c1 C:\Windows\SysWOW64\Kerberos.DLL
MD5: 99c3f8e9cc59d95666eb8d8a8b4c2beb C:\Windows\syswow64\kernel32.dll
MD5: 5c2d21c9b6b6175b89bc5d7e3cb979e1 C:\Windows\syswow64\KERNELBASE.dll
MD5: e9f427ef46965d33e878a507a2f5ccb6 C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx
MD5: 3306893c1944eaa156e9173c5a1a080e C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MD5: 938f39b50bafe13d6f58c7790682c010 C:\Windows\syswow64\MSASN1.dll
MD5: 4c1e16b9a53102c8d6fba587cbcb95de C:\Windows\SysWOW64\msv1_0.DLL
MD5: d124f55b9393c976963407dff51ffa79 C:\Windows\SysWOW64\ntdll.dll
MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\syswow64\ole32.dll
MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\Windows\syswow64\OLEAUT32.dll
MD5: c5ad8083cf94201f1f8084ecc696a8b7 C:\Windows\syswow64\RPCRT4.dll
MD5: cc5a2ca76b2e32bb2448ca57c80fe4be C:\Windows\SysWOW64\SASrv.exe
MD5: 135f7ac9be35ab1df727faf2e60e92f8 C:\Windows\SysWOW64\schannel.dll
MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\syswow64\SETUPAPI.dll
MD5: 16ab4bd2acc52109f43739bf0e89e18f C:\Windows\syswow64\SHELL32.dll
MD5: 8cc3c111d653e96f3ea1590891491d71 C:\Windows\syswow64\SHLWAPI.dll
MD5: 7224d964a6d657374c551c878eb2c386 C:\Windows\syswow64\SspiCli.dll
MD5: 3bf5881cb3d3402ade70be9e96e18c67 C:\Windows\syswow64\urlmon.dll
MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C:\Windows\syswow64\USER32.dll
MD5: cc19a4ae696c2191e965a9835f1e6399 C:\Windows\syswow64\USP10.dll
MD5: 5e7a2cf7719161c5e6c0e47d67ad45ae C:\Windows\SysWOW64\vbscript.dll
MD5: 3cd6f255e41172d08235cc40eecb625d C:\Windows\SysWOW64\vmnat.exe
MD5: 933b5a7b9338d7ea23011a1cdfee937a C:\Windows\SysWOW64\vmnetdhcp.exe
MD5: a16195753e7c603fb732c53fe08c64bf C:\Windows\SysWOW64\wbem\WmiPerfInst.dll
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\syswow64\webcheck.dll
MD5: d3788d91530cfa005bd516189a4c676e C:\Windows\syswow64\WININET.dll
MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\SysWOW64\WINMM.dll
MD5: 2d0d2da87bea7144f2a17f19d0d17e4c C:\Windows\syswow64\WINTRUST.dll
MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\Windows\syswow64\WLDAP32.dll
MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\syswow64\WS2_32.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: 1f5afd468eb5e09e9ed75a087529eab5 C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
MD5: 28a09777d2d952122567a8a82f1a2c7b C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
MD5: 58a14c45a5cd2528f10a889e7b0c3fc2 C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.DLL
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32.dll
MD5: 352b3dc62a0d259a82a052238425c872 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MD5: 0029eba325f2fc9b6ba46bee33f32a09 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

The following file(s) must be uploaded for server-side scanning:
C:\Program Files (x86)\InfoDynamics\Indexer\bus_DocumentIndexing.dll
C:\Program Files (x86)\InfoDynamics\Indexer\Impersonator.dll
C:\Program Files (x86)\InfoDynamics\IntactActionService\IntactActionService.exe
C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactWebServer.exe
C:\Program Files (x86)\Common Files\Gravic\RemarkFTPUtility12.exe
C:\Program Files (x86)\InfoDynamics\Indexer\Intact.Common.Logging.dll
C:\Program Files (x86)\InfoDynamics\Indexer\DocumentIndexingService.exe
C:\Program Files (x86)\InfoDynamics\Indexer\Intact.Common.Settings.dll
C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactFTPServer.exe
C:\Program Files (x86)\InfoDynamics\Indexer\BusinessLogic.dll

Upload started - 10 file(s)
DocumentIndexingService.exe (10752)
IntactActionService.exe (16896)
IntactFTPServer.exe (36864)
IntactWebServer.exe (49152)
RemarkFTPUtility12.exe (65024)
Intact.Common.Logging.dll (6656)
Impersonator.dll (9728)
Intact.Common.Settings.dll (21504)
bus_DocumentIndexing.dll (29696)
BusinessLogic.dll (303616)
Upload speed - 44 KB/s
Upload finished - 10 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 13 sec
Total traffic - 0.57 MB sent, 1.45 KB recvd
Scanned 586 files and modules - 43 seconds

==============================================================================
  • 0

#24
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
File came back fine:


Date first seen:

2011-11-28 05:13:59 (UTC)



Date last seen:

2011-11-28 05:13:59 (UTC)



Detection ratio:

0/43


ESET Scan finished with no errors.

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ece172d3c6df3749b12363bef7284a18
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-28 06:47:27
# local_time=2011-11-28 01:47:27 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 66 94 0 74000479 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=203581
# found=0
# cleaned=0
# scan_time=5818

Edited by dl9796, 28 November 2011 - 05:43 AM.

  • 0

#25
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hello Ron:

I just wanted to summarize:

1) EST finished with no errors
2) Quick Scan with no errors
3) The file you had me scan came back with no infections

TDSSKiller still doesn't allow me to run but aswMBR did. I believe i have posted all logs.

Thanks Again
  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Uninstall PC-Doctor and then try TDSSKiller again. If it still doesn't run then let's see if we can get avp to run:

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

Ron
  • 0

#27
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi Ron,

I don't see PC Doctor in the Program List or the Add\Remove Program in the Control Panel. Any suggestions?

I was able to download and start Kaspersky AVP now. I will post the log when finished.

Should i try TDSSkiller after this scan or wait for your instructions?

Thanks

Edited by dl9796, 28 November 2011 - 11:51 AM.

  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Looks like it has been renamed by Lenovo:

"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox

I don't think AVP does much in the removal department until I tell it to so I doubt it will suddenly let TDSSKiller run but give it a try especially after you have removed PC_Doctor. What exactly happens when you try to run it? Do you get an error or does it just ignore you?
  • 0

#29
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi Ron,

When i tried to uninstall PC Doctor is said it was already installed and removed it from the list. When i try and run TDSSKiller i get no errors the program just never opens. The Virus removal tool is running (20% with no errors). Should i let this to continue to run? The update you with a log.

Thanks
  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
OK. I'll take out PC Doctor remnants next time.

First let's see if AVP finds anything interesting.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP