Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Repeated bloodhound.pdf.28 infections


  • Please log in to reply

#1
unsmiley

unsmiley

    Member

  • Member
  • PipPip
  • 44 posts
I have had this problem for some time. I enlisted the assistance of another website of devoted helpers to no avail. After going through posting logs, following their directions, etc., the person assisting me declared my computer was clean, and this "problem" was just something unique to Norton, that I should not worry about it and suggested maybe switching my antivirus program to something else. But that wouldn't solve the problem if there is an infection. I have Symantec Endpoint Protection V 11.0.6005.562. Norton is detecting this threat heuristically.

I learned to live with the problem - Norton Endpoint Protection pop up boxes constantly filling with infected files, and me just deleting them, sometimes hundreds at a time. But I cannot take this problem any longer. I cannot do a scan with Malwarebytes or Norton or CCleaner - takes hours if it ever finishes. Same thing if I try to back up my files on an external drive - takes hours. Also now I see my hard drive is filling up, and I shouldn't have a lot of "real" files. Also my Norton often stops working, and I get a message to turn it back on.

All the supposed infected files Norton detects are *tmp files, bloodhound.PDF.28, with file names such as DWH6ACS.tmp. Hopefully someone at Geeks to Go has some insight into this problem. My OTL log is posted below:

OTL logfile created on: 7/2/2013 8:28:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RR\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 0.36 Gb Available Physical Memory | 9.13% Memory free
7.87 Gb Paging File | 3.51 Gb Available in Paging File | 44.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 187.69 Gb Total Space | 16.28 Gb Free Space | 8.67% Space Free | Partition Type: NTFS
Drive D: | 30.25 Gb Total Space | 29.49 Gb Free Space | 97.50% Space Free | Partition Type: NTFS

Computer Name: RR-PC | User Name: RR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/02 20:25:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FP8KPU0I\OTL.exe
PRC - [2013/07/02 20:25:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RR\Downloads\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/04/19 02:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2010/07/12 13:37:34 | 003,122,440 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2010/06/29 15:08:14 | 000,144,896 | ---- | M] (WebInterstate Inc.) -- C:\Program Files (x86)\WebInterstate\radserver\webiRadServerService.exe
PRC - [2010/05/17 17:49:58 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/05/17 17:49:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/05/17 17:49:52 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/05/17 17:49:52 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2010/05/05 02:53:12 | 000,736,312 | ---- | M] (Conexant Systems, Inc) -- C:\Program Files\CONEXANT\SAII\SmartAudio.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/03/18 22:16:48 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\Medweb\Plugin\MWIPCServer.exe
PRC - [2009/07/14 10:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
PRC - [2009/06/15 13:27:08 | 000,020,480 | ---- | M] (PSP Speech Recognition Systems) -- C:\Program Files (x86)\SpeechQ Client\PatcherClient\SQPatcher.Client.exe
PRC - [2009/06/04 15:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 15:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/31 22:45:36 | 000,185,560 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Windows Mobile\PdaNetPC.exe
PRC - [2005/02/16 16:15:20 | 000,581,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/06 23:06:16 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013/06/06 23:05:50 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/06/06 23:05:40 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013/06/06 23:05:28 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/06/06 23:05:20 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/02/14 00:25:58 | 000,240,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll
MOD - [2013/02/14 00:24:27 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll
MOD - [2013/02/14 00:24:25 | 001,374,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\SmartAudio\b553402413fa7b799cf8f2351618916b\SmartAudio.ni.exe
MOD - [2013/01/10 00:25:33 | 000,220,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll
MOD - [2013/01/09 23:52:00 | 000,253,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CxHDAudioAP#\ab7c0d1230766b1ecad8b66fce8a5df5\Interop.CxHDAudioAPILib.ni.dll
MOD - [2013/01/09 16:42:38 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/09 16:42:20 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 16:41:41 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 16:41:17 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 16:41:12 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 16:40:54 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010/12/20 15:04:08 | 001,671,840 | ---- | M] () -- C:\Program Files (x86)\WOT\WOT.dll
MOD - [2010/11/04 21:57:39 | 000,069,120 | ---- | M] () -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/07/12 13:37:34 | 000,492,808 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2008/07/31 22:45:36 | 000,185,560 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Windows Mobile\PdaNetPC.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/04/03 01:44:24 | 008,988,048 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:64bit: - [2010/03/25 05:32:02 | 000,445,496 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\SASrv.exe -- (SAService)
SRV:64bit: - [2009/09/22 14:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV:64bit: - [2009/08/14 10:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/31 21:30:46 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/01/31 21:30:40 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/09/16 14:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2010/06/29 15:08:14 | 000,144,896 | ---- | M] (WebInterstate Inc.) [Auto | Running] -- C:\Program Files (x86)\WebInterstate\radserver\webiRadServerService.exe -- (webiRadServerService)
SRV - [2010/05/17 17:49:58 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/05/17 17:49:58 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/05/17 17:49:54 | 003,218,880 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/05/17 17:49:54 | 000,419,656 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2010/05/17 17:49:52 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 22:16:48 | 000,038,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Medweb\Plugin\MWIPCServer.exe -- (MWIPCServer)
SRV - [2010/02/17 13:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/15 23:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
SRV - [2009/07/14 10:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/14 10:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
SRV - [2009/06/15 13:27:08 | 000,020,480 | ---- | M] (PSP Speech Recognition Systems) [Auto | Running] -- C:\Program Files (x86)\SpeechQ Client\PatcherClient\SQPatcher.Client.exe -- (SpeechClientUpdateService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 15:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/07/24 17:11:12 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\PortProxyService\PortProxyService.exe -- (PortProxyService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/10 07:02:16 | 000,044,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DisplayLinkUsbIo_x64_7.2.47157.0.sys -- (DisplayLinkUsbIo_x64)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/04/03 01:46:20 | 000,388,912 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd)
DRV:64bit: - [2013/04/03 01:46:20 | 000,015,664 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV:64bit: - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 21:31:08 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011/09/16 14:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 14:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/09 16:28:24 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/09/07 02:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PcaSp60.sys -- (PcaSp60)
DRV:64bit: - [2010/09/01 04:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/12 13:36:54 | 000,058,896 | ---- | M] () [Kernel | System | Running] -- C:\windows\SysNative\drivers\funfrm.sys -- (funfrm)
DRV:64bit: - [2010/05/31 02:29:58 | 000,077,312 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ax88772.sys -- (AX88772)
DRV:64bit: - [2010/05/17 17:49:58 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2010/05/17 17:49:58 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/05/17 17:49:58 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/04/22 00:11:42 | 000,260,216 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010/01/18 05:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/10/16 14:37:34 | 000,197,376 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMIksdrv.sys -- (usbsmi)
DRV:64bit: - [2009/07/21 10:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/16 07:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)
DRV:64bit: - [2009/07/15 23:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/07 13:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/02 21:42:08 | 007,342,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 16:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 14:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/30 21:43:44 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/19 09:43:32 | 000,026,128 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/08/06 08:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/03/07 14:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pnetmdm64.sys -- (pnetmdm)
DRV - [2013/05/28 04:00:00 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130701.009\ex64.sys -- (NAVEX15)
DRV - [2013/05/28 04:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130701.009\eng64.sys -- (NAVENG)
DRV - [2012/08/08 04:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/08 04:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/16 14:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2010/09/07 02:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PcaSp60.sys -- (PcaSp60)
DRV - [2010/05/17 17:49:58 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2010/05/17 17:49:58 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2010/05/17 17:49:58 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=BNSR
IE - HKCU\..\SearchScopes,DefaultScope = {32DDB2A6-2C60-4FCF-849B-13D0CF3EDF89}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{32DDB2A6-2C60-4FCF-849B-13D0CF3EDF89}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/23 19:46:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/23 19:46:45 | 000,000,000 | ---D | M]

[2010/09/23 21:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RR\AppData\Roaming\Mozilla\Extensions
[2010/09/23 21:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RR\AppData\Roaming\Mozilla\Firefox\Profiles\oc6ptcgi.default\extensions
[2011/06/20 00:02:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/16 13:42:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/20 00:02:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/12/09 23:46:38 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll

O1 HOSTS File: ([2011/06/19 23:09:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PspUsbCf] C:\windows\SysWow64\pspusbcf.exe (Philips Speech Recognition Systems)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - Startup: C:\Users\RR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Windows Mobile\PdaNetPC.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {F80B9305-A013-11D2-BD23-00A024978908} http://68.236.160.12...ccuradimage.cab (Accurad Image Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F229A6DC-3858-4E18-AABF-F153A4340315}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wot - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/02 10:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/06/21 13:19:18 | 000,000,000 | ---D | C] -- C:\Users\RR\AppData\Local\Citrix
[2013/06/18 16:47:07 | 000,000,000 | ---D | C] -- C:\Users\RR\Desktop\Precision Health plug ins

========== Files - Modified Within 30 Days ==========

[2013/07/02 20:27:48 | 000,001,067 | ---- | M] () -- C:\Users\RR\Desktop\OTL - Shortcut.lnk
[2013/07/02 18:48:26 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/02 18:48:26 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/02 18:36:08 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/02 18:35:21 | 3168,219,136 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/02 10:49:25 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/02 09:45:26 | 000,000,000 | ---- | M] () -- C:\t13o.2
[2013/06/21 13:19:16 | 000,102,248 | ---- | M] () -- C:\Users\RR\GoToAssistDownloadHelper.exe
[2013/06/18 16:43:47 | 000,001,032 | ---- | M] () -- C:\Users\RR\Desktop\Medweb to PowerScribe Bridge.lnk
[2013/06/16 20:46:20 | 000,727,362 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/06/16 20:46:20 | 000,624,128 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/06/16 20:46:20 | 000,107,728 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/06/11 23:11:44 | 000,000,000 | ---- | M] () -- C:\t194.1
[2013/06/06 23:00:17 | 000,427,800 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/06/04 23:09:30 | 000,001,133 | ---- | M] () -- C:\Users\RR\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

========== Files Created - No Company Name ==========

[2013/07/02 20:27:48 | 000,001,067 | ---- | C] () -- C:\Users\RR\Desktop\OTL - Shortcut.lnk
[2013/07/02 10:49:25 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/02 09:45:26 | 000,000,000 | ---- | C] () -- C:\t13o.2
[2013/06/21 13:19:02 | 000,102,248 | ---- | C] () -- C:\Users\RR\GoToAssistDownloadHelper.exe
[2013/06/11 23:11:44 | 000,000,000 | ---- | C] () -- C:\t194.1
[2013/03/14 23:24:06 | 000,000,034 | ---- | C] () -- C:\Users\RR\AppData\Local\.20516086_uid
[2012/04/12 18:07:05 | 000,000,090 | ---- | C] () -- C:\Users\RR\AppData\Local\fusioncache.dat
[2012/04/12 17:39:58 | 000,743,594 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/03/21 21:44:01 | 000,000,323 | ---- | C] () -- C:\Users\RR\.JavaPowUpload.properties
[2010/10/19 22:24:41 | 000,000,198 | ---- | C] () -- C:\Users\RR\Export.properties
[2010/10/18 22:42:36 | 000,001,719 | ---- | C] () -- C:\Users\RR\AppData\Roaming\SAS7_000.DAT
[2010/09/11 23:52:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/09 23:46:38 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\Catalina Marketing Corp
[2010/09/22 21:41:25 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\EasyCapture
[2011/11/29 23:52:30 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\Foxit Software
[2010/09/11 23:08:56 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\ID Vault
[2011/06/22 18:53:20 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\Medweb
[2010/10/18 22:24:07 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\Nuance
[2010/09/09 15:33:11 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\ooVoo Details
[2011/06/17 18:38:55 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\ReportViewer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:F35A93AD

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Could you give me a link to your other forum post so we don't waste time redoing stuff they did?


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.



Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Can you submit one of the DWHxxx.tmp files to Virustotal.com and see if the report is clean? If not please copy and paste the report.


Ron
  • 0

#3
unsmiley

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Here is the link to the prior attempts at fixing the problem:

http://www.windowsbb...infections.html

I will forward the results of the tests you requested when completed. Thanks, Ron.
  • 0

#4
unsmiley

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
The sfc /scannow ran without complaint and it says "Windows Resource Protection did not find any integrity violations."
  • 0

#5
unsmiley

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/07/2013 11:24:19 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/07/2013 2:51:44 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Conexant SmartAudio service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 03/07/2013 2:51:44 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The ReadyComm.DirectRouter service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/07/2013 2:49:39 PM
Type: Warning Category: 0
Event: 4 Source: b57nd60a
Broadcom NetLink ™ Fast Ethernet: The network link is down. Check to make sure the network cable is properly connected.
  • 0

#6
unsmiley

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/07/2013 11:26:30 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/07/2013 2:48:15 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 16 user registry handles leaked from \Registry\User\S-1-5-21-205398528-154359821-1429519996-1000:
Process 1516 (\Device\HarddiskVolume2\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe) has opened key \REGISTRY\USER\S-1-5-21-205398528-154359821-1429519996-1000
Process 1516 (\Device\HarddiskVolume2\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe) has opened key \REGISTRY\USER\S-1-5-21-205398528-154359821-1429519996-1000
Process 1516 (\Device\HarddiskVolume2\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe) has opened key \REGISTRY\USER\S-1-5-21-205398528-154359821-1429519996-1000
Process 1516 (\Device\HarddiskVolume2\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe) has opened key \REGISTRY\USER\S-1-5-21-205398528-154359821-1429519996-1000
Process 1516 (\Device\HarddiskVolume2\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe) has opened key \REGISTRY\USER\S-1-5-21-205398528-154359821-1429519996-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1516 (\Device\HarddiskVolume2\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe) has opened key \REGISTRY\USER\S-1-5-21-205398528-154359821-1429519996-1000\Software\Policies\Microsoft\SystemCertificates
Process 1516 (\Device\HarddiskVolume2\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe) has opened key \REGISTRY\USER\S-1-5-21-205398528-154359821-1429519996-1000\Software\Policies\Microsoft\SystemCertificates
Process 1516 (\Device\HarddiskVolume2\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe) has opened key \REGISTRY\USER\S-1-5-21-205398528-154359821-1429519996-1000\Software\Policies\Microsoft\SystemCertificates
Process 1516 (\Device\HarddiskVolume2\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe) has opened key \REGISTRY\USER\S-1-5-21-205398528-154359821-1429519996-1000\Software\Policies\Microsoft\SystemCertificates
Process 1516 (\Device\HarddiskVolume2\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe) has opened key \REGISTRY\USER\S-1-5-21-205398528-154359821-1429519996-1000\Software\Microsoft\SystemCertificates\Root
Process 2604 (\Device\HarddiskVolume2\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe) has opened key \REGISTRY\USER\S-1-5-21-205398528-154359821-1429519996-1000\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks
Process 1516 (\Device\HarddiskVolume2\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe) has opened key \REGISTRY\USER\S-1-5-21-205398528-154359821-1429519996-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1516 (\Device\HarddiskVolume2\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe) has opened key \REGISTRY\USER\S-1-5-21-205398528-154359821-1429519996-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1516 (\Device\HarddiskVolume2\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe) has opened key \REGISTRY\USER\S-1-5-21-205398528-154359821-1429519996-1000\Software\Microsoft\SystemCertificates\My
Process 1516 (\Device\HarddiskVolume2\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe) has opened key \REGISTRY\USER\S-1-5-21-205398528-154359821-1429519996-1000\Software\Microsoft\SystemCertificates\CA
Process 1516 (\Device\HarddiskVolume2\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe) has opened key \REGISTRY\USER\S-1-5-21-205398528-154359821-1429519996-1000\Software\Microsoft\SystemCertificates\trust
  • 0

#7
unsmiley

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
OTL logfile created on: 7/3/2013 11:29:06 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RR\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 0.33 Gb Available Physical Memory | 8.29% Memory free
7.87 Gb Paging File | 3.53 Gb Available in Paging File | 44.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 187.69 Gb Total Space | 15.45 Gb Free Space | 8.23% Space Free | Partition Type: NTFS
Drive D: | 30.25 Gb Total Space | 29.49 Gb Free Space | 97.50% Space Free | Partition Type: NTFS

Computer Name: RR-PC | User Name: RR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/02 20:25:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RR\Downloads\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/04/19 02:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2010/07/12 13:37:34 | 003,122,440 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2010/06/29 15:08:14 | 000,144,896 | ---- | M] (WebInterstate Inc.) -- C:\Program Files (x86)\WebInterstate\radserver\webiRadServerService.exe
PRC - [2010/05/17 17:49:58 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/05/17 17:49:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/05/17 17:49:52 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/05/17 17:49:52 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2010/05/05 02:53:12 | 000,736,312 | ---- | M] (Conexant Systems, Inc) -- C:\Program Files\CONEXANT\SAII\SmartAudio.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/03/18 22:16:48 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\Medweb\Plugin\MWIPCServer.exe
PRC - [2009/07/14 10:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
PRC - [2009/06/15 13:27:08 | 000,020,480 | ---- | M] (PSP Speech Recognition Systems) -- C:\Program Files (x86)\SpeechQ Client\PatcherClient\SQPatcher.Client.exe
PRC - [2009/06/04 15:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 15:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/07/31 22:45:36 | 000,185,560 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Windows Mobile\PdaNetPC.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/06 23:06:16 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013/06/06 23:05:50 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/06/06 23:05:40 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013/06/06 23:05:28 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/06/06 23:05:20 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/02/14 00:25:58 | 000,240,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll
MOD - [2013/02/14 00:24:27 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll
MOD - [2013/02/14 00:24:25 | 001,374,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\SmartAudio\b553402413fa7b799cf8f2351618916b\SmartAudio.ni.exe
MOD - [2013/01/10 00:25:33 | 000,220,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll
MOD - [2013/01/09 23:52:00 | 000,253,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CxHDAudioAP#\ab7c0d1230766b1ecad8b66fce8a5df5\Interop.CxHDAudioAPILib.ni.dll
MOD - [2013/01/09 16:42:38 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/09 16:42:20 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 16:41:41 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 16:41:17 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 16:41:12 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 16:40:54 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010/12/20 15:04:08 | 001,671,840 | ---- | M] () -- C:\Program Files (x86)\WOT\WOT.dll
MOD - [2010/11/04 21:57:39 | 000,069,120 | ---- | M] () -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/07/12 13:37:34 | 000,492,808 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2008/07/31 22:45:36 | 000,185,560 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Windows Mobile\PdaNetPC.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/04/03 01:44:24 | 008,988,048 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:64bit: - [2010/03/25 05:32:02 | 000,445,496 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\SASrv.exe -- (SAService)
SRV:64bit: - [2009/09/22 14:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV:64bit: - [2009/08/14 10:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/31 21:30:46 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/01/31 21:30:40 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/09/16 14:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2010/06/29 15:08:14 | 000,144,896 | ---- | M] (WebInterstate Inc.) [Auto | Running] -- C:\Program Files (x86)\WebInterstate\radserver\webiRadServerService.exe -- (webiRadServerService)
SRV - [2010/05/17 17:49:58 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/05/17 17:49:58 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/05/17 17:49:54 | 003,218,880 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/05/17 17:49:54 | 000,419,656 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2010/05/17 17:49:52 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 22:16:48 | 000,038,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Medweb\Plugin\MWIPCServer.exe -- (MWIPCServer)
SRV - [2010/02/17 13:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/15 23:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
SRV - [2009/07/14 10:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/14 10:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
SRV - [2009/06/15 13:27:08 | 000,020,480 | ---- | M] (PSP Speech Recognition Systems) [Auto | Running] -- C:\Program Files (x86)\SpeechQ Client\PatcherClient\SQPatcher.Client.exe -- (SpeechClientUpdateService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 15:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/07/24 17:11:12 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\PortProxyService\PortProxyService.exe -- (PortProxyService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/10 07:02:16 | 000,044,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DisplayLinkUsbIo_x64_7.2.47157.0.sys -- (DisplayLinkUsbIo_x64)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/04/03 01:46:20 | 000,388,912 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd)
DRV:64bit: - [2013/04/03 01:46:20 | 000,015,664 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV:64bit: - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 21:31:08 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011/09/16 14:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 14:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/09 16:28:24 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/09/07 02:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PcaSp60.sys -- (PcaSp60)
DRV:64bit: - [2010/09/01 04:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/12 13:36:54 | 000,058,896 | ---- | M] () [Kernel | System | Running] -- C:\windows\SysNative\drivers\funfrm.sys -- (funfrm)
DRV:64bit: - [2010/05/31 02:29:58 | 000,077,312 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ax88772.sys -- (AX88772)
DRV:64bit: - [2010/05/17 17:49:58 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2010/05/17 17:49:58 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/05/17 17:49:58 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/04/22 00:11:42 | 000,260,216 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010/01/18 05:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/10/16 14:37:34 | 000,197,376 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMIksdrv.sys -- (usbsmi)
DRV:64bit: - [2009/07/21 10:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/16 07:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)
DRV:64bit: - [2009/07/15 23:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/07 13:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/02 21:42:08 | 007,342,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 16:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 14:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/30 21:43:44 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/19 09:43:32 | 000,026,128 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/08/06 08:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/03/07 14:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pnetmdm64.sys -- (pnetmdm)
DRV - [2013/05/28 04:00:00 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130701.009\ex64.sys -- (NAVEX15)
DRV - [2013/05/28 04:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130701.009\eng64.sys -- (NAVENG)
DRV - [2012/08/08 04:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/08 04:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/16 14:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2010/09/07 02:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PcaSp60.sys -- (PcaSp60)
DRV - [2010/05/17 17:49:58 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2010/05/17 17:49:58 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2010/05/17 17:49:58 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=BNSR
IE - HKCU\..\SearchScopes,DefaultScope = {32DDB2A6-2C60-4FCF-849B-13D0CF3EDF89}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{32DDB2A6-2C60-4FCF-849B-13D0CF3EDF89}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/23 19:46:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/23 19:46:45 | 000,000,000 | ---D | M]

[2010/09/23 21:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RR\AppData\Roaming\Mozilla\Extensions
[2010/09/23 21:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RR\AppData\Roaming\Mozilla\Firefox\Profiles\oc6ptcgi.default\extensions
[2011/06/20 00:02:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/16 13:42:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/20 00:02:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/12/09 23:46:38 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll

O1 HOSTS File: ([2011/06/19 23:09:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PspUsbCf] C:\windows\SysWow64\pspusbcf.exe (Philips Speech Recognition Systems)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - Startup: C:\Users\RR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Windows Mobile\PdaNetPC.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {F80B9305-A013-11D2-BD23-00A024978908} http://68.236.160.12...ccuradimage.cab (Accurad Image Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F229A6DC-3858-4E18-AABF-F153A4340315}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wot - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


MsConfig:64bit - StartUpFolder: C:^Users^RR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk - C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe - (Nuance Communications, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^RR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Medweb Input Source Agent.lnk - C:\Program Files (x86)\Medweb\Plugin\MWInputSourceAgent.exe - (MedWeb Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: ooVoo.exe - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: Symantec Antivirus - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmcService - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.clmp3enc - C:\Program Files (x86)\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.smcelp32 - C:\windows\SysWow64\smcelp32.acm (Philips Speech Processing)
Drivers32: msacm.trspch - C:\windows\SysWow64\tssoft32.acm (DSP GROUP, INC.)
Drivers32: pspctrlc - C:\windows\SysWow64\pspusbct.dll (Philips Speech Recognition Systems)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/07/02 10:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/06/21 13:19:18 | 000,000,000 | ---D | C] -- C:\Users\RR\AppData\Local\Citrix
[2013/06/18 16:47:07 | 000,000,000 | ---D | C] -- C:\Users\RR\Desktop\Precision Health plug ins
[2013/06/14 17:19:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/06/14 17:19:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/06/14 17:19:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/06/14 17:19:42 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/06/14 17:19:42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/06/14 17:19:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/14 17:19:40 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/06/14 17:19:40 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/06/14 17:19:39 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/06/14 17:19:31 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/06/14 17:19:30 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/06/14 17:19:29 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/06/14 17:19:28 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/06/14 17:18:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/06/14 17:18:05 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/06/14 17:07:12 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certutil.exe
[2013/06/14 17:07:12 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certutil.exe
[2013/06/14 17:07:10 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/06/14 17:07:08 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/06/14 17:07:06 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certenc.dll
[2013/06/14 17:07:05 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certenc.dll
[2013/06/14 17:06:48 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/06/14 17:06:47 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013/06/06 22:09:55 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013/06/06 22:09:54 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
[2013/06/06 22:09:52 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2013/06/06 22:09:51 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013/06/06 22:09:24 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2013/06/06 22:09:24 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll

========== Files - Modified Within 30 Days ==========

[2013/07/03 11:23:37 | 000,001,067 | ---- | M] () -- C:\Users\RR\Desktop\VEW.exe - Shortcut.lnk
[2013/07/03 11:00:56 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/03 11:00:56 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/03 10:50:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/03 10:49:30 | 3168,219,136 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/02 20:27:48 | 000,001,067 | ---- | M] () -- C:\Users\RR\Desktop\OTL.lnk
[2013/07/02 10:49:25 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/02 09:45:26 | 000,000,000 | ---- | M] () -- C:\t13o.2
[2013/06/21 13:19:16 | 000,102,248 | ---- | M] () -- C:\Users\RR\GoToAssistDownloadHelper.exe
[2013/06/18 16:43:47 | 000,001,032 | ---- | M] () -- C:\Users\RR\Desktop\Medweb to PowerScribe Bridge.lnk
[2013/06/16 20:46:20 | 000,727,362 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/06/16 20:46:20 | 000,624,128 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/06/16 20:46:20 | 000,107,728 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/06/11 23:11:44 | 000,000,000 | ---- | M] () -- C:\t194.1
[2013/06/08 10:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/06/08 07:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/06/06 23:00:17 | 000,427,800 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/06/04 23:09:30 | 000,001,133 | ---- | M] () -- C:\Users\RR\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

========== Files Created - No Company Name ==========

[2013/07/03 11:23:37 | 000,001,067 | ---- | C] () -- C:\Users\RR\Desktop\VEW.exe - Shortcut.lnk
[2013/07/02 20:27:48 | 000,001,067 | ---- | C] () -- C:\Users\RR\Desktop\OTL.lnk
[2013/07/02 10:49:25 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/02 09:45:26 | 000,000,000 | ---- | C] () -- C:\t13o.2
[2013/06/21 13:19:02 | 000,102,248 | ---- | C] () -- C:\Users\RR\GoToAssistDownloadHelper.exe
[2013/06/11 23:11:44 | 000,000,000 | ---- | C] () -- C:\t194.1
[2013/03/14 23:24:06 | 000,000,034 | ---- | C] () -- C:\Users\RR\AppData\Local\.20516086_uid
[2012/04/12 18:07:05 | 000,000,090 | ---- | C] () -- C:\Users\RR\AppData\Local\fusioncache.dat
[2012/04/12 17:39:58 | 000,743,594 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/03/21 21:44:01 | 000,000,323 | ---- | C] () -- C:\Users\RR\.JavaPowUpload.properties
[2010/10/19 22:24:41 | 000,000,198 | ---- | C] () -- C:\Users\RR\Export.properties
[2010/10/18 22:42:36 | 000,001,719 | ---- | C] () -- C:\Users\RR\AppData\Roaming\SAS7_000.DAT
[2010/09/11 23:52:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST9250315AS
Partitions: 4
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 200.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 188.00GB
Starting Offset: 210763776
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 30.00GB
Starting Offset: 201739042816
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 234216587264
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/06/06 23:22:50 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\Adobe
[2011/12/09 23:46:38 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\Catalina Marketing Corp
[2010/09/22 21:41:25 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\EasyCapture
[2011/11/29 23:52:30 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\Foxit Software
[2010/09/11 23:08:56 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\ID Vault
[2010/09/09 15:32:33 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\Identities
[2013/03/31 16:50:30 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\InstallShield
[2010/09/30 21:56:36 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\Macromedia
[2010/09/17 23:06:59 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\Malwarebytes
[2009/07/29 03:23:49 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\Media Center Programs
[2011/06/22 18:53:20 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\Medweb
[2013/04/02 20:44:48 | 000,000,000 | --SD | M] -- C:\Users\RR\AppData\Roaming\Microsoft
[2010/09/23 21:14:12 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\Mozilla
[2010/10/18 22:24:07 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\Nuance
[2010/09/09 15:33:11 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\ooVoo Details
[2011/06/17 18:38:55 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\ReportViewer
[2013/07/02 23:47:42 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\Skype
[2012/09/18 21:13:28 | 000,000,000 | ---D | M] -- C:\Users\RR\AppData\Roaming\skypePM

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\windows\SysNative\csrss.exe
[2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/06/28 10:17:10 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/06/28 10:13:38 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/06/28 10:17:10 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/06/28 10:13:38 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/06/28 10:17:10 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/06/28 10:13:38 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/06/28 10:17:10 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/06/28 10:13:38 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/13 21:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 09:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\ERDNT\cache64\mswsock.dll
[2010/11/20 09:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\windows\SysNative\mswsock.dll
[2010/11/20 09:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\ERDNT\cache86\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2009/07/13 21:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 21:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\windows\SysNative\NapiNSP.dll
[2009/07/13 21:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009/07/13 21:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_cdcf91c058fc0e07\nlaapi.dll
[2012/01/13 03:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
[2012/01/13 03:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
[2010/11/20 08:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2012/10/03 12:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
[2010/11/20 09:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2012/10/03 13:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\windows\SysNative\nlaapi.dll
[2012/10/03 13:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
[2009/07/13 21:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_c37ae76e249b4c0c\nlaapi.dll
[2012/10/03 13:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 21:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\windows\SysNative\pnrpnsp.dll
[2009/07/13 21:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\windows\SysNative\PrintIsolationHost.exe
[2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/06/28 10:17:10 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/06/28 10:17:10 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 21:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\windows\SysNative\winrnr.dll
[2009/07/13 21:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\windows\SysNative\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/06/23 19:46:38 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/06/23 19:46:38 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/06/23 19:46:38 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2013/06/23 19:46:18 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013/06/23 19:46:18 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013/06/23 19:46:18 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/05/16 23:30:45 | 000,775,256 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/05/16 23:30:45 | 000,775,256 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013/06/23 19:46:38 | 000,552,464 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013/06/23 19:46:38 | 000,552,464 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013/06/23 19:46:38 | 000,552,464 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2013/06/23 19:46:18 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2013/06/23 19:46:18 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2013/06/23 19:46:18 | 000,912,344 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/05/16 20:59:12 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/05/16 20:59:12 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/05/16 20:59:12 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/05/16 23:30:45 | 000,775,256 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2013/05/16 23:30:45 | 000,775,256 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:F35A93AD

< End of report >
  • 0

#8
unsmiley

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I think this is the second log you mentioned:

OTL Extras logfile created on: 7/3/2013 11:29:06 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RR\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 0.33 Gb Available Physical Memory | 8.29% Memory free
7.87 Gb Paging File | 3.53 Gb Available in Paging File | 44.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 187.69 Gb Total Space | 15.45 Gb Free Space | 8.23% Space Free | Partition Type: NTFS
Drive D: | 30.25 Gb Total Space | 29.49 Gb Free Space | 97.50% Space Free | Partition Type: NTFS

Computer Name: RR-PC | User Name: RR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04519B7D-C56D-4F50-A37D-BDBF551F3F66}" = lport=137 | protocol=17 | dir=in | app=system |
"{068C7B5E-4E51-48BB-8A03-3E7E6633C1D5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{1053B614-6888-4A9C-BD7C-BECBFDD1BF89}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17CCF1CC-FFD8-44D4-8A19-8950203D5C56}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{20DAA658-598F-4EA3-9CAC-4DBAD4BF536A}" = lport=445 | protocol=6 | dir=in | app=system |
"{23AE8356-56FA-4D12-8DB7-1872482DEA16}" = lport=2869 | protocol=6 | dir=in | app=system |
"{26A6BFD5-CA4E-4290-93D0-E1141564B163}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2DCF876D-2045-4A31-805A-8BB59295FA46}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{359DF22B-1BEE-48AA-B828-D9F601AF9767}" = rport=138 | protocol=17 | dir=out | app=system |
"{3CADB65E-CB74-47C8-91E5-B652F9BDF90E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{41BA5275-DF9D-4CEE-A1F2-FA090A841231}" = lport=10243 | protocol=6 | dir=in | app=system |
"{420057C4-F244-4E84-80BD-3EBFE6F1965D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4864906E-C3F5-48F4-B3E6-B69D218E4252}" = rport=139 | protocol=6 | dir=out | app=system |
"{4BFE91F9-046C-4F9D-8F9D-637EBBC227C9}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5C53B1C9-E8A1-405E-9FD3-D98CE12C8B2B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{614D43FF-CE1D-43C5-8077-332F224BE2AE}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{73001B39-1133-45AE-A93A-B9E28E2B0A4F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7FC87652-62B4-4E88-AAB1-229CA76A3529}" = rport=445 | protocol=6 | dir=out | app=system |
"{8D784A53-87EB-44CA-84EF-6933385F3731}" = rport=137 | protocol=17 | dir=out | app=system |
"{92209010-2C04-494A-968C-5D7CA3449E8E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95ADF514-3DE7-4397-8564-E2B77B0BD527}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9FB939A5-45B3-44F2-B26F-36713B29409F}" = lport=138 | protocol=17 | dir=in | app=system |
"{ADD4EB8F-5C94-4802-9E73-CD7BE6CB23C4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BCCE3175-7CD5-4E2F-AADE-19BA34655B74}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7E46B3E-ED43-45BC-BDB5-6EA4B730765B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D1FD45D1-D920-4035-98E9-878B9C194D6F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D4200098-4359-46FC-A9AC-AEFDA6CD211D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E102EDEE-57BA-4127-9055-FCC521615C6F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E59EA6CB-4EA3-4951-A3F2-8A7B8C1C10FB}" = lport=139 | protocol=6 | dir=in | app=system |
"{EDC8668D-1E4E-4C7C-B6C6-2EABB5105ADB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F5B800D3-0F41-47B9-AB3C-E854330FE778}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{FB0BC842-5858-439D-AAA6-48B576B7ECB4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B396F7-9D49-43FF-995D-4CFDC5CA8CB3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0607165D-7D1C-45C4-8FB3-61DF96E84B95}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{06F3B108-7E69-4B2E-B725-453FEA44B591}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{079B7CA9-B0F1-4F1B-B8A5-E2E4DB6F5A51}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\wl-330n wireless router utilities\rescue.exe |
"{08A32182-F003-4FD4-8A30-74630A10C6C1}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{0A3EBBB0-EF46-4086-96AD-62E4EF31B877}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{11219362-88B4-4BE4-B259-42345129C9BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1294F4FF-FBF1-4EE8-BFC3-E4B21008CBE6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{129E8E32-188C-40CA-8797-41BDD0A57C07}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1BA58F13-5307-4621-A635-7280EB68CAA4}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe |
"{1BCF7BD9-1045-4651-8BA1-9FC9D44A4810}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{24F870E2-6744-48D3-BA7A-4D311E148D35}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{255D2C1D-A390-40E1-A8A6-FD7484B7D6BE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2B42F9A2-927F-4FE1-A768-763C893AB43E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{2E2AC9C6-57A7-4C96-8F89-1DF950A397A1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{332ED928-D490-4F08-B27F-48D2918E7D66}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\wl-330n wireless router utilities\qiswizard.exe |
"{349AA6B4-F163-46F1-B77A-AF04DB3BFE68}" = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{3D1A7C7F-7A7A-48E9-B489-EAF326E31371}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3E0798C9-1D8A-4DD9-97AE-39596A39956C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{42AE3BE0-222C-4C38-9B57-B10F76BF9D44}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{43A9F766-72B6-4FB5-9284-02F22817DFCD}" = dir=in | app=c:\program files\lenovo\readycomm\readycom.exe |
"{4BC95784-E385-4E3C-9E86-3914CAB84A84}" = protocol=58 | dir=in | [email protected],-28545 |
"{4C1562E3-A3D6-45DE-A5E8-EB4FE73B6950}" = protocol=17 | dir=in | app=e:\routersetup\qiswizard.exe |
"{4C391C81-BBAB-4C75-9E1D-77F8B9F91D86}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4CF3751E-9DD2-487E-9C04-699697AAA09A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{533DFD60-FCA1-47DA-BE84-6D3169E6DBB7}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{56941AF1-A549-49E7-97EA-2EF01C3E5BA4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{56B970B4-4AFB-4439-92B3-2BD8F7EBBCFF}" = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{59130818-03F4-49B4-A138-6229490C55F6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5F2A57BD-A476-4616-9779-6B7824BD9A80}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6099FE62-0151-4AA8-9F12-28C5DCE700AB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A9975F3-D143-411A-90FC-921BF2D74BE0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6F89D1A8-891A-48A4-82B2-6A28234BCCD6}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{733B55CC-353F-426B-8302-C7AD17B6597C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{742E049D-E42C-45F7-BE4D-A3A90A0C65D1}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"{758AD566-9B9B-4F7A-8596-F988014E0509}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\wl-330ge wireless ap utilities\discovery.exe |
"{7943C1DD-8A51-4927-8FC2-FA36210F86F7}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\wl-330n wireless router utilities\discovery.exe |
"{7BFD35A1-1AC4-4AB1-88D6-CB62565ABC3A}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\wl-330n wireless router utilities\discovery.exe |
"{7F72015A-8585-401E-8C63-589905C43197}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{800037A8-6F49-4F2A-AE2B-EF4E7889B2A0}" = protocol=6 | dir=in | app=e:\routersetup\qiswizard.exe |
"{803A9138-AD8E-4FA3-80E2-A9A203B9128F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8725DE62-42FD-4931-B00E-431E47EB4EA1}" = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{87911AFB-7F29-4B2D-AFD5-46020A51C01F}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{8794F9E6-3800-42AC-9A6D-2893C07AE88B}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\wl-330n wireless router utilities\rescue.exe |
"{8AAB845E-2219-4A31-B4C9-22AF79781F12}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\wl-330ge wireless ap utilities\discovery.exe |
"{8B38E1A6-8A71-474F-9460-D0086CA83658}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{91BBD58A-ED8B-4844-BB86-32CB4182C36F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94362248-826D-4B09-A2F4-FC87189ED860}" = protocol=6 | dir=out | app=system |
"{95F7358D-8455-4AB8-9034-D9C0F688B03A}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{9D1232DC-CC96-4493-AA86-74BA6CC088EA}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{9EB8763F-6F6B-4EB0-9C02-D6A0D3C26E6F}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{A5469540-AF79-4CF5-A16F-3A825B51A86E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AC1A20EF-1DB7-4B9B-BAC4-7F066B1C58BD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{ACE248A1-3D84-429A-A650-AEF9D60D8A99}" = protocol=1 | dir=in | [email protected],-28543 |
"{B0A1BDAC-192C-4BE5-8DC3-7049CF892129}" = protocol=58 | dir=out | [email protected],-28546 |
"{B890AE26-4030-4495-80F7-B47AC7D2E796}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BB263935-A21B-4A2F-8D50-8A38E2F8EF1B}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{BDE5CE66-3D34-4D7D-9D0F-D77E0C9BD7FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BE6686E5-BAD3-43A7-8B13-D166E187674E}" = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{C3207373-0916-4876-B19A-0BE86AACDE4A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C7340FA5-4678-48B8-B2B2-C15245CFDE00}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{CD65EED4-E005-4E6F-B6CE-15FF540555F9}" = protocol=1 | dir=out | [email protected],-28544 |
"{CD9C6294-5E73-40B9-A096-715C7A2EE27C}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{DED30D1D-6C18-47CC-92CC-A2E2FDD36C6E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E176E1AF-0B62-410C-8E26-F1EE7C65D368}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E3BD713C-A7E1-4973-937D-4133B30F06B7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E91D40A1-FE39-4C5D-A5C7-D65319A00F67}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F2673489-D558-400D-A679-D20E39C10174}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\wl-330n wireless router utilities\qiswizard.exe |
"{FB3BCD7B-A674-471F-89CA-13C90C73A29D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FBF9CCAE-B8C6-41ED-80A4-DB12B64A4A03}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{10007A4A-18B7-43C8-8076-2534F6D2B103}C:\program files (x86)\speechq client\reportstation.exe" = protocol=6 | dir=in | app=c:\program files (x86)\speechq client\reportstation.exe |
"TCP Query User{110F4754-8EDC-4FAB-8407-749816FBD51E}C:\program files (x86)\pdanet for windows mobile\pdanetpc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pdanet for windows mobile\pdanetpc.exe |
"TCP Query User{3E83783B-A44A-42F3-9588-F50927AAD1F5}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{873450B1-77B2-4A9E-BEAD-416083DB708C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{BF8B9CD9-B721-49D8-A3BF-F81DABFBF0B6}C:\program files (x86)\asus\wl-330ge wireless ap utilities\discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\wl-330ge wireless ap utilities\discovery.exe |
"UDP Query User{00D85971-A94F-4273-AF50-4D9520AEB2A8}C:\program files (x86)\pdanet for windows mobile\pdanetpc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pdanet for windows mobile\pdanetpc.exe |
"UDP Query User{38317C02-D6AB-4817-A3EF-FD59D9FEFB3E}C:\program files (x86)\asus\wl-330ge wireless ap utilities\discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\wl-330ge wireless ap utilities\discovery.exe |
"UDP Query User{450CAC77-A113-4D2C-A049-6EA478C3973D}C:\program files (x86)\speechq client\reportstation.exe" = protocol=17 | dir=in | app=c:\program files (x86)\speechq client\reportstation.exe |
"UDP Query User{A29DA5F3-47AC-44D8-8E5B-DA38543BDA71}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{DF1693B4-573C-4206-B3EA-93241BDD879D}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0A2163CB-4F47-44AA-A219-36133260CF17}" = Symantec Endpoint Protection
"{24375FD2-4508-4E13-BAEF-0BE3E9E738CF}" = DisplayLink Graphics
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{49F3D04B-B849-4C89-AB31-2366A004EA28}" = Broadcom Gigabit Integrated Controller
"{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64)
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{63C80529-037C-4EDB-B3A5-ED01FF6AB651}" = DisplayLink Core Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"92F4CDC794E6E4E29DC063D292D1C94F6FA1EA1E" = Windows Driver Package - Lenovo (ACPIVPC) System (05/19/2009 4.4.0.1)
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"HDMI" = Intel® Graphics Media Accelerator Driver
"Lenovo EasyCamera" = Lenovo EasyCamera
"PC-Doctor for Windows" = PC-Doctor for Windows

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{19B4A83C-4684-4BDE-AE33-561F75474982}" = Medweb Viewer 2.0
"{1D10C273-3F95-42A2-8371-AB6B1F59821B}" = WOT for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2BFDA78F-39F7-4537-9995-71424CFA88BB}" = LogMeIn
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47198750-713E-4B00-AC33-6F981C4F8AC1}" = PortProxyService
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4F3602EE-B5C2-4435-97F0-CB83D6296B8F}" = Medweb Telemedicine Viewer
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{88366B6B-1C1D-4C7F-8A2C-EB93AEC43BE3}" = ASUS WL-330N Wireless Router Utilities
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C5307DF8-9370-4646-9034-C28E2B44992C}" = Foxit Reader
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD489274-54B4-4919-B739-B07B1CA2D736}" = SpeechQ Client
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{ED7494CC-2B77-4FEF-B578-01EE0BB674DA}" = MedEDocsCore
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Lenovo EasyCamera
"1861-5153-3834-0030" = MediMatrix Radiology Server 3.0.0
"3680-3688-6291-0447" = MediMatrix Eye 6.0.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"EasyCapture4.0" = EasyCapture
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{CD489274-54B4-4919-B739-B07B1CA2D736}" = SpeechQ Client
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"PdaNet_is1" = PdaNet for Windows Mobile 2.0 (x64 version)
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"Skype™ for Windows Mobile_is1" = Skype™ for Windows Mobile 3.0
"VeriFace" = VeriFace
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winmx Community 1" = Winmx Community 1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"6c08d413daa76487" = ReportViewer

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/3/2013 11:31:20 AM | Computer Name = RR-PC | Source = VSS | ID = 8193
Description =

[ OSession Events ]
Error - 1/13/2011 12:59:10 AM | Computer Name = RR-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 606
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/3/2013 10:51:44 AM | Computer Name = RR-PC | Source = Service Control Manager | ID = 7000
Description = The ReadyComm.DirectRouter service failed to start due to the following
error: %%2

Error - 7/3/2013 10:51:44 AM | Computer Name = RR-PC | Source = Service Control Manager | ID = 7000
Description = The Conexant SmartAudio service service failed to start due to the
following error: %%2


< End of report >
  • 0

#9
unsmiley

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I can upload to Virustotal when I get the quarantined files. Right now, none have popped up on my system today. (This happens about 1/3 times I am online - Norton detects no threats during those sessions.)

But, excuse my ignorance, how do I select one of those quarantined files for upload to the Virustotal site? Or can I find them on my system now without waiting for Norton to flag them? If so, how?
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
You may need to pause Norton while you do this so it doesn't grab them when you find them but the following procedure should allow you to detect the DHW*.tmp files.

In the search box type in cmd, wait until it finds cmd.exe and then right click on it and Run As Admin. In the black window type:

dir %temp%\DHW*.tmp

If there are no files it will say:
File Not Found

If it finds any it will list them. I'm wondering if the files are associated with your printer. Pause Norton, print something then do the above and see if a file appears.

If Norton is stuffing all of these tmp files into its Quarantine folder then you probably need to go into Norton and clean out the Quarantine folder periodically. Also if I remember correctly Norton likes to save all of the old database downloads so these could be eating up your hard drive. Are you required to use Norton? When does your license expire? It would probably be a good idea to remove it, run the Norton Removal tool and reinstall it.
Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Download a new version of Norton from their website.
Uninstall Symantec (First save the product license key in order to reinstall it:
http://us.norton.com...3834EN&ln=en_US )

Run the Norton Removal tool by right clicking and Run as Admin.

Reboot

Right click on the Norton Installer and Run As Admin.

Check your hard drive usage and see if that helped any.

I see two persistent errors. Probably not part of your problem but I like to get rid of all the errors that I can.


Error - 7/3/2013 10:51:44 AM | Computer Name = RR-PC | Source = Service Control Manager | ID = 7000
Description = The ReadyComm.DirectRouter service failed to start due to the following
error: %%2


Error: %%2 means the file is missing. If you can live without ReadyComm it should be uninstalled. If you would rather not uninstall it then you can go into Services and disable the service in order to prevent the error (and save 30 seconds on boot).

In the search box type: services.msc wait until it finds services.msc and then right click on it and Run As Admin.

Scroll down in the new window and find Readycomm.DirectRouter service and right click on it and select Properties. Change Startup Type: to Disabled.

Error - 7/3/2013 10:51:44 AM | Computer Name = RR-PC | Source = Service Control Manager | ID = 7000
Description = The Conexant SmartAudio service service failed to start due to the
following error: %%2


Not sure exactly what Conexant SmartAudio is but it is not working. Is your sound working? If you need Conexant SmartAudio then you need to find the audio drivers for your PC on the Lenovo site and reinstall them. If not change its Startup Type: to Disabled as above.


Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 16 user registry handles leaked from \Registry\User\S-1-5-21-205398528-154359821-1429519996-1000:
Process 1516 (\Device\HarddiskVolume2\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe) has opened key \REGISTRY\USER\S-1-5-21-205398528-154359821-1429519996-1000 ...


Finally Cisco Systems VPN Client 5.0.07.0290 software is not playing by the rules. Check and see if there is a newer version.

Uninstall both of these:

JavaFX 2.1.1
Java™ 6 Update 26

If you don't use LogMeIn any more it should be uninstalled too.

Spybot - Search & Destroy doesn't work all that well on 64 bit systems so I would uninstall it too.

Microsoft Choice Guard is just foistware to keep you from changing your search program. You can uninstall it too.

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin

are both out of date (and thus dangerous) and need to be updated. The ActiveX one is the one used by IE. The other one is used by all other browsers. When you go to Adobe.com you have to use IE to get the first one and another browser like Firefox to get the second one. Make sure you uncheck any foistware they try to give you before the download. Appears that you no longer have Firefox. It's not a good idea to just have one browser. If something happens to IE then you are dead in the water so it's wise to have a second browser and keep it up to date. Get the latest Firefox from http://www.mozilla.o...US/firefox/new/

If you are not using Adobe Reader you can also uninstall Acrobat.com and Adobe Air which were installed at the same time.

Make sure you have the latest version of Foxit Reader. I can't tell from your log which one you have.

Most of the files that Combofix removed were associated with DisplayLink Core Software. Appears to allow you to add monitors via USB. If you need it it probably needs to be uninstalled and then reinstalled. If you don't need it then remove it.



Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.



Get autoruns from
http://live.sysinter...om/autoruns.exe

Download Save and Run the program by right clicking and Run As Admin. File, Save, to your desktop, autoruns.arn, OK

Either zip up the file if you have the ability (7-zip works nicely) or just rename it from autoruns.arn to autoruns.txt then ATTACH it. Do not copy and paste.
  • 0

Advertisements


#11
unsmiley

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
1) I did the first step after disabling Norton, got "file not found." Then I printed something, and repeated the step, and also got nothing, I think -- It just shows the command line: c:\windows\system32>dir %temp%\DHW*.tmp WITHOUT saying file not found.

2) I constantly clean out the Quarantine folder when using the computer.

3) I am not required to use Norton, but it is free for me. I have an old lifetime license from a University, and I am thrifty. If I remove it I will need to use something else, but will if you think it is necessary. (I do have a Norton 2012 retail boxed version in my closet or could use something else). Let me know what you think.

4) Your thoughts about it being printer related intrigue me. I have had some recent problems printing PDF files; can print some, but not all. The ones I cannot print I cannot see in print preview. But if I save them I can print them.

5) What is Ready.comm router service? Not sure whether I use it and am reluctant to remove it until I know what it is.

6) I use multiple monitors via USB.

7) Sound is working. More to come...
  • 0

#12
unsmiley

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I uninstalled the two Java items, Acrobat.com and Acrobat AIR, and am in the process of deleting Logmein.

I like Spybot since it is the only scanner I can use that doesn't take hours and hours to scan my hard drive.

Can't find Microsoft Choice Guard in my list of programs. Does it go by another name?

I do have Mozilla Firefox on computer.

I don't have the most recent FoxIt Reader because many people say the old version is better. With that in mind it OK to leave it as is?

My USB monitor is still working - I didn't do anything about the DisplayLink software - so am I OK with this or do I still need to update that software?
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
1.

It just shows the command line: c:\windows\system32>dir %temp%\DHW*.tmp WITHOUT saying file not found.


You need to hit Enter after the command.

2. OK.

3. In that case let's try the free Avast. It's the antivirus I use and doesn't load the PC down like Norton does.


Download and Save the free Avast installer.
http://www.avast.com...ivirus-download
Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Uninstall Symantec (save the product license key in case you decide to reinstall it:
http://us.norton.com...3834EN&ln=en_US )

Run the Norton Removal tool.

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)

Then tonight let's let it do a full boot-time scan. You want to let this run while you sleep as it can take up to 6 hours. Best to mute the speakers before you start so it doesn't wake you up when Windows loads.
Click on the Avast ball. Click on Security then on Antivirus. (You can also hit Scan Now which will start the Quick Scan as it takes you to the correct page. Stop the scan as we don't need it.) Scroll down until you find Boot-time Scan. Click on Settings. It should be set by default to do the System Drive which is what we want.
Where it says Heuristics Sensitivity - click on the last of the orange boxes. We want it to maximum (High). Both boxes should be checked. Change it to say "Move to Chest" under "When a threat is found ..." OK. Now click on "Schedule Now" and then close the Avast window. Close all programs then reboot. The scan will start. It normally tells you where it will store the report. Usually it is at C:\ProgramData\Avast Software\Avast\report\aswboot.txt
To view the report, click on the Avast ball then on Maintenance then on Scan Logs. Click on the log and then View Results. If it didn't find anything I don't need the report but if it did please copy and paste the report.

4. No hard data, but so many tmp files indicates something that happens pretty often and you mentioned a printer problem in your first forum.

5. Ready.comm router is something that came with your computer. Apparently it controls the wireless or the networking but appears to be broken since it says it can't find the file. It shouldn't hurt to change the Startup Type to disabled. You can always change it back to Automatic if something stops working. I find that Windows does a better job anyway. You should be able to find the download for the software on the Lenovo site so you can reinstall it after uninstalling you find that you miss it.

6. IF that still works then good. Otherwise you will need to reinstall DisplayLink Core Software.

7. Does the sound still work after you disable the Conexant SmartAudio service?
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

I like Spybot since it is the only scanner I can use that doesn't take hours and hours to scan my hard drive.

OK

Can't find Microsoft Choice Guard in my list of programs. Does it go by another name?


I hate stealth programs. Copy the next line:

msiexec /x {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Then in the search box type in cmd.exe and wait for it to find it then right click on cmd.exe and Run As Admin. Right click and Paste (or Edit then Paste) and the copied line should appear. Hit Enter. That should uninstall it.

I do have Mozilla Firefox on computer.


Didn't see it in the installed programs list so thought you might have removed it. Make sure it is the latest version.
Firefox works best with the AdBlock Plus add-on. http://adblockplus.org/en/firefox
If Firefox is slow loading then first remove or disable the old Java add-ons

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

then download and save Speedyfox. Close Firefox, right click on Speedyfox and then Speed up my Firefox.


I don't have the most recent FoxIt Reader because many people say the old version is better. With that in mind it OK to leave it as is?


Afraid not. You need to have the latest version for security reasons. I haven't used Foxit in a while. Stopped using it when they started foisting the Ask toolbar on you.

My USB monitor is still working - I didn't do anything about the DisplayLink software - so am I OK with this or do I still need to update that software?



If Combofix didn't break it then don't worry about it.
  • 0

#15
unsmiley

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 89.16 0 K 24 K 0
procexp64.exe 3.98 38,616 K 46,008 K 3384 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
svchost.exe 1.93 113,668 K 90,680 K 876 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 1.15 37,976 K 34,016 K 4540 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 0.72 102,368 K 69,012 K 1552 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.66 0 K 0 K n/a Hardware Interrupts and DPCs
System 0.57 148 K 776 K 4
mbamservice.exe 0.36 134,872 K 45,376 K 2304 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
Smc.exe 0.26 11,200 K 8,000 K 1088 Symantec CMC Smc Symantec Corporation (Verified) Symantec Corporation
ProtectionUtilSurrogate.exe 0.23 3,964 K 5,204 K 3052 Symantec AntiVirus Symantec Corporation (Verified) Symantec Corporation
csrss.exe 0.18 10,412 K 29,260 K 400 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
SmcGui.exe 0.13 6,888 K 6,224 K 1296 Symantec CMC SmcGui Symantec Corporation (Verified) Symantec Corporation
PdaNetPC.exe 0.12 11,920 K 6,396 K 4356 (Verified) June Fabrics Technology Inc.
lsass.exe 0.08 6,116 K 5,804 K 512 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.07 39,900 K 27,200 K 964 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
services.exe 0.06 7,216 K 5,132 K 504 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
ccSvcHst.exe 0.04 5,352 K 3,228 K 1596 Symantec Service Framework Symantec Corporation (Verified) Symantec Corporation
explorer.exe 0.04 52,012 K 43,752 K 1484 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.04 7,128 K 4,364 K 4524 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.03 10,612 K 6,388 K 2952 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
DisplayLinkManager.exe 0.03 28,680 K 17,472 K 364 DisplayLinkManager Application DisplayLink Corp. (Verified) DISPLAYLINK
webiRadServerService.exe 0.02 37,748 K 1,044 K 3044 WebInterstate Radioplogy Server WebInterstate Inc. (No signature was present in the subject) WebInterstate Inc.
lsm.exe 0.02 2,520 K 1,640 K 520 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 0.01 70,932 K 69,728 K 4704 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
DisplayLinkUI.exe 0.01 2,556 K 1,044 K 3092 DisplayLinkUI Sys-Tray Application DisplayLink Corp. (Verified) DISPLAYLINK
psia.exe 0.01 1,544 K 908 K 2596 Secunia PSI Agent Secunia (Verified) Secunia
iexplore.exe 0.01 16,732 K 24,824 K 4780 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
Rtvscan.exe 0.01 12,548 K 2,936 K 2696 Symantec AntiVirus Symantec Corporation (Verified) Symantec Corporation
svchost.exe 0.01 11,364 K 7,532 K 852 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
cvpnd.exe 0.01 3,456 K 2,264 K 2056 Cisco Systems VPN Client Cisco Systems, Inc. (Verified) Cisco Systems
iexplore.exe 0.01 14,628 K 26,980 K 3552 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe < 0.01 14,032 K 6,740 K 1184 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 2,108 K 3,964 K 360 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
psi_tray.exe < 0.01 1,144 K 984 K 1528 Secunia PSI Tray Secunia (Verified) Secunia
MWIPCServer.exe < 0.01 1,084 K 444 K 2400 (No signature was present in the subject)
mbamgui.exe < 0.01 2,832 K 1,436 K 2416 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
svchost.exe < 0.01 29,432 K 12,644 K 1312 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
IGRS.exe < 0.01 3,592 K 2,720 K 2124 IGRS Protocol Stack Lenovo Group Limited (Verified) Lenovo (Beijing) Limited
SearchIndexer.exe < 0.01 55,488 K 14,960 K 4976 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe < 0.01 64,212 K 75,392 K 584 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
SQPatcher.Client.exe < 0.01 12,964 K 1,872 K 2968 SpeechQ Version Checker (Client) PSP Speech Recognition Systems (No signature was present in the subject) PSP Speech Recognition Systems
ccApp.exe < 0.01 2,712 K 636 K 3852 Symantec User Session Symantec Corporation (Verified) Symantec Corporation
svchost.exe < 0.01 150,196 K 135,372 K 828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 1,476 K 600 K 5176 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 1,832 K 724 K 2644 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wuauclt.exe 1,968 K 868 K 5668 Windows Update Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3,180 K 3,728 K 3728 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wmdc.exe 2,224 K 896 K 4068 Windows Mobile Device Center Microsoft Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
wlanext.exe 1,700 K 1,288 K 1588 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,868 K 1,368 K 464 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,540 K 400 K 408 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
utility.exe 8,632 K 1,904 K 1772 Lenovo Battery Management Software Ver3.0 Lenovo(beijing) Limited (Verified) Lenovo (Beijing) Limited
TrustedInstaller.exe 2,324 K 7,424 K 1520 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 1,864 K 4,968 K 5688 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,348 K 4,700 K 692 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 39,812 K 26,284 K 6028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 22,940 K 10,192 K 792 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,480 K 3,736 K 612 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,316 K 1,368 K 3124 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,784 K 1,896 K 992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 9,216 K 5,284 K 2036 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
splwow64.exe 2,772 K 744 K 4632 Print driver host for 32bit applications Microsoft Corporation (Verified) Microsoft Windows
smss.exe 504 K 368 K 252 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
SmartAudio.exe 79,492 K 4,812 K 940 SmartAudio Conexant Systems, Inc (Verified) Conexant Systems
SDWinSec.exe 5,360 K 4,112 K 2964 Spybot-S&D Security Center integration Safer Networking Ltd. (Verified) Safer Networking Ltd.
procexp.exe 2,564 K 6,864 K 1224 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 25,240 K 1,820 K 4212 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Windows
PortProxyService.exe 22,296 K 1,812 K 2472 (No signature was present in the subject)
PnHelp.exe 2,264 K 632 K 4792 PdaNet Helper June Fabrics Technology Inc. (Verified) June Fabrics Technology Inc.
PManage.exe 2,884 K 1,148 K 3332 VeriFace Tray Icon Manager Lenovo (Verified) Lenovo (Beijing) Limited
ONENOTEM.EXE 2,132 K 812 K 4784 Microsoft Office OneNote Quick Launcher Microsoft Corporation (Verified) Microsoft Corporation
notepad.exe 1,960 K 892 K 4616 Notepad Microsoft Corporation (Verified) Microsoft Windows
notepad.exe 2,060 K 916 K 5020 Notepad Microsoft Corporation (Verified) Microsoft Windows
MsSpellCheckingFacility.exe 3,072 K 3,096 K 5740 Microsoft Spell Checking Facility Microsoft Corporation (Verified) Microsoft Windows
mbamscheduler.exe 1,916 K 412 K 2196 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
LMIGuardianSvc.exe 2,896 K 1,640 K 2148 LMIGuardianSvc LogMeIn, Inc. (Verified) LogMeIn
issch.exe 1,952 K 864 K 780 InstallShield Update Service Scheduler InstallShield Software Corporation (No signature was present in the subject) InstallShield Software Corporation
igfxtray.exe 2,352 K 780 K 3780 igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 2,144 K 908 K 3576 igfxsrvc Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 1,988 K 996 K 3708 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
IAANTmon.exe 2,088 K 1,648 K 2764 RAID Monitor Intel Corporation (Verified) Intel Corporation
IAAnotif.exe 2,112 K 756 K 3924 Event Monitor User Notification Tool Intel Corporation (Verified) Intel Corporation
hkcmd.exe 2,208 K 1,112 K 2548 hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
Energy Management.exe 2,792 K 1,384 K 3260 Lenovo Energy Management Software Lenovo (Beijing) Limited (No signature was present in the subject) Lenovo (Beijing) Limited
DisplayLinkUserAgent.exe 6,464 K 3,092 K 2608 DisplayLinkUserAgent Application DisplayLink Corp. (Verified) DISPLAYLINK
conhost.exe 880 K 400 K 1604 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
audiodg.exe 16,712 K 16,316 K 2052 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP