Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet unusable because of adds, malware

Started by Cat25 , Aug 31 2013 04:00 PM

  • Please log in to reply

#1
Cat25
Posted 31 August 2013 - 04:00 PM

Cat25

    Member

  • Member
  • PipPip
  • 34 posts
I am running windows XP. My internet has become almost unusable because of pop up adds, pop ups & redirect to other pages. Very annoying adds show up in the lower left hand corner, on IE & Firefox, plus other pop ups. Never have had this problem before. I have ad block plus on firefox. I have run malwarebyte many times, it used to not find anything. On 8/11 found 173 items, 8/29 over 100 ,one was (Trojan.downloader. agent). Today 8/31 found 6. I removed them but issue continues. I think it started when I installed the lasted version of Adobe probably before 8/11. It made IE totally unusable. Called adobe they were absolutely no help (big surprise)& they told me I needed to download Windows 7 or 8, which I can't do on this old computer, not enough room. I finally got IE to work again on my own, don't know how. Now it has pops & adds. I could not even open this thread on Firefox, had to post this from a friends computer, kept saying not a trusted site & taking me to Norton web site. I am attaching the OTL.

Thank you in advance for your help.

Attached File  OTL.Txt   164.83KB   110 downloads

I used your web site in Nov 2010 & Black Oxide was a big help & solved my problem. Then he advised that I use Firefox & run Malwarebyte regularly, which I have been doing.

OTL logfile created on: 8/31/2013 4:12:08 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Kathie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 34.95% Memory free
3.81 Gb Paging File | 2.63 Gb Available in Paging File | 69.01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.46 Gb Total Space | 14.38 Gb Free Space | 10.02% Space Free | Partition Type: NTFS

Computer Name: LAPTOPW | User Name: Kathie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/22 15:06:54 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/08/19 23:07:10 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/08/12 12:42:57 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/08/11 13:05:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kathie\Desktop\OTL.exe
PRC - [2013/07/10 16:50:38 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2013/06/23 11:08:19 | 001,226,928 | ---- | M] (AVG Secure Search) -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/06/16 12:36:48 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe
PRC - [2013/03/04 13:57:52 | 000,398,336 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files\Virtual Account Numbers\CitiVAN.exe
PRC - [2012/12/23 22:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\20.3.0.36\ccsvchst.exe
PRC - [2012/12/06 14:41:06 | 000,156,672 | ---- | M] (Orbiscom Ltd.) -- C:\WINDOWS\system32\OBroker.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/03/18 12:22:23 | 000,123,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.1.246\SymcPCCULaunchSvc.exe
PRC - [2011/06/01 11:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 11:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 11:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2011/05/04 16:05:18 | 000,085,272 | ---- | M] (Memeo Inc.) -- C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe
PRC - [2011/05/04 16:04:32 | 000,325,344 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
PRC - [2010/04/07 07:57:42 | 000,099,896 | ---- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/24 20:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/03/02 19:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.1.246\ccSvcHst.exe
PRC - [2009/05/27 21:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/07/05 18:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007/07/05 18:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007/07/05 18:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007/07/05 17:58:40 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007/07/05 17:51:48 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007/04/09 13:03:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007/03/09 00:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/07 23:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/02/27 20:43:30 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007/02/27 20:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007/02/08 16:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/02/08 16:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/02/08 14:40:16 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/29 22:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2007/01/04 22:48:52 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/07 05:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006/09/06 02:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2006/05/24 00:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 19:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/02/14 00:17:28 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/02/02 08:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE


========== Modules (No Company Name) ==========

MOD - [2013/08/31 14:39:24 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5f752470\mscorlib.dll
MOD - [2013/08/31 14:39:22 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_218b4147\system.drawing.dll
MOD - [2013/08/31 14:39:08 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_a196a692\system.xml.dll
MOD - [2013/08/31 14:39:02 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f0f2943b\system.windows.forms.dll
MOD - [2013/08/31 14:38:43 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_0231ed72\system.dll
MOD - [2013/08/31 14:38:30 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2013/08/31 14:38:29 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2013/08/31 14:38:28 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2013/08/31 14:24:10 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/08/31 14:24:10 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/08/31 14:24:05 | 004,550,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2013/08/31 14:24:04 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2013/08/31 14:24:03 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/08/31 14:24:02 | 002,052,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/08/31 14:24:00 | 000,659,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2013/08/31 14:24:00 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2013/08/31 14:23:54 | 000,010,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2013/08/22 15:06:54 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/07/07 13:36:53 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2013/06/23 11:08:20 | 000,158,384 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll
MOD - [2013/03/05 15:14:00 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2013/03/05 15:13:57 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2013/03/05 15:13:50 | 005,246,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2013/02/19 17:47:03 | 009,000,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2013/02/19 17:46:33 | 014,415,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2012/12/06 14:38:00 | 000,039,424 | ---- | M] () -- C:\Program Files\Virtual Account Numbers\VANRes.dll
MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360 Premier Edition\Engine\20.3.0.36\wincfi39.dll
MOD - [2011/06/01 11:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 11:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 11:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 11:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2011/05/04 16:04:54 | 002,896,608 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2011/05/04 16:04:50 | 000,027,360 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
MOD - [2011/05/04 16:04:32 | 000,325,344 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
MOD - [2010/03/22 17:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\sqlite3.dll
MOD - [2010/03/04 16:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
MOD - [2010/03/04 16:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
MOD - [2009/05/27 21:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2007/11/28 10:34:16 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2007/11/28 10:34:05 | 000,798,720 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2007/11/28 10:34:01 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2007/11/28 10:33:22 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2007/11/28 10:33:00 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\3.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2007/11/28 10:32:57 | 000,049,152 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2007/11/28 10:32:46 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\3.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2007/11/28 10:32:42 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.89__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2007/11/28 10:32:42 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.89__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2007/11/28 10:32:42 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.89__9cf889f53ea9b907\lead.drawing.dll
MOD - [2007/11/28 10:32:42 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.89__9cf889f53ea9b907\lead.dll
MOD - [2007/11/28 10:32:42 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2007/11/28 10:32:42 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2007/11/28 10:32:37 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2007/11/28 10:32:35 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2007/11/28 10:32:35 | 000,167,936 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2007/11/28 10:32:35 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2007/11/28 10:32:35 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2007/11/28 10:32:34 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2007/11/28 10:32:33 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2007/11/28 10:32:33 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2007/11/28 10:29:00 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\3.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2007/11/28 10:29:00 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2007/11/28 10:29:00 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpdarc\1.0.0.0__19565c63d39c2842\interop.hpdarc.dll
MOD - [2007/11/28 10:29:00 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2007/11/28 10:28:59 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2007/11/28 10:28:59 | 000,073,728 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2007/11/28 10:28:58 | 000,196,608 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
MOD - [2007/11/28 10:28:57 | 000,475,136 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2007/06/17 11:16:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2007/06/17 11:16:00 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2007/05/17 10:53:00 | 001,474,560 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2007/05/17 10:53:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007/04/16 14:17:32 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/04/09 13:03:00 | 000,235,056 | ---- | M] () -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7.dll
MOD - [2007/03/22 12:02:00 | 000,063,024 | ---- | M] () -- C:\Program Files\ThinkVantage\PrdCtr\US\LPRESMGR.DLL
MOD - [2007/02/27 20:48:38 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007/02/08 16:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
MOD - [2007/02/08 16:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
MOD - [2007/02/08 15:59:30 | 000,139,264 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2007/02/08 15:59:30 | 000,139,264 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\CDRecord.dll
MOD - [2007/02/08 14:40:16 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
MOD - [2007/01/30 21:21:54 | 000,110,592 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\xml4cmessages5_5.dll
MOD - [2007/01/25 01:25:52 | 000,069,720 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll
MOD - [2006/12/13 21:06:42 | 000,028,672 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\tphklock.dll
MOD - [2006/11/09 23:26:02 | 000,030,256 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.dll
MOD - [2006/04/30 02:31:01 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2006/04/30 02:25:07 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2013/08/22 15:06:54 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/12 12:42:57 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/07/10 16:50:38 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2013/06/16 12:36:48 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files\CouponAlert_2p\bar\1.bin\2pbarsvc.exe -- (CouponAlert_2pService)
SRV - [2012/12/23 22:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\20.3.0.36\ccSvcHst.exe -- (N360)
SRV - [2012/11/08 11:39:36 | 000,174,176 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe -- (PACSPTISVR-Sound_Organizer)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/03/18 12:22:23 | 000,123,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.1.246\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/06/01 11:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/05/04 16:04:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/04/07 07:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/11/10 13:32:42 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.1.246\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/02 09:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/04/16 19:12:56 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/07/05 18:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/07/05 18:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/02/27 20:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/02/08 16:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/02/08 14:40:16 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/29 22:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007/01/04 22:48:52 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/05/24 00:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/10/06 21:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/08/28 18:40:16 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130830.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/08/28 18:40:15 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130830.009\NAVENG.SYS -- (NAVENG)
DRV - [2013/08/27 15:22:00 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/27 15:21:59 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/08/20 17:13:48 | 000,380,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130830.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013/05/31 11:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130715.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/01/30 22:18:18 | 000,394,656 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1403000.024\symtdi.sys -- (SYMTDI)
DRV - [2013/01/30 22:18:06 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1403000.024\symefa.sys -- (SymEFA)
DRV - [2013/01/28 20:45:18 | 000,602,712 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\1403000.024\srtsp.sys -- (SRTSP)
DRV - [2013/01/28 20:45:18 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1403000.024\srtspx.sys -- (SRTSPX)
DRV - [2013/01/21 21:15:32 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1403000.024\symds.sys -- (SymDS)
DRV - [2012/12/03 16:20:12 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/11/15 21:22:01 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1403000.024\ironx86.sys -- (SymIRON)
DRV - [2012/11/15 21:18:04 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1403000.024\ccsetx86.sys -- (ccSet_N360)
DRV - [2009/10/12 21:24:56 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/12 21:24:54 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/12 21:24:52 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/20 22:58:09 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009/02/09 07:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/10/01 17:24:36 | 000,023,864 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/09/21 04:11:02 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/09/21 04:10:46 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/09/21 04:10:40 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/08/08 06:42:00 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/29 21:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/29 20:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/06/17 11:16:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007/06/07 19:36:44 | 000,081,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LenovoRd.sys -- (LenovoRd)
DRV - [2007/04/30 09:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/04/09 13:03:00 | 000,012,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007/04/02 14:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007/03/29 18:19:36 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/02 20:49:00 | 000,100,656 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2007/03/02 20:47:00 | 000,019,760 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/02/27 04:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/01/24 04:33:00 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/01/24 04:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/12/21 21:56:00 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 21:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/21 21:55:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/11/06 03:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/10/15 01:01:00 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/10/15 00:59:00 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/10/09 09:00:00 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/09/13 15:42:44 | 000,035,264 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/02/02 08:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 08:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 08:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 08:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 08:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 08:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 08:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/11/18 15:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 15:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/08 12:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {F5A2CC86-4F66-44FC-8275-502A645B9AB9}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://lenovo.us.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 BC ED 67 AC A2 CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {0134af61-7a0c-4649-aeca-90d776060cb3} - C:\Program Files\KeyBar_1.12\prxtbKey0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKCU\..\URLSearchHook: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0270EEB4-082C-4CEB-92FD-0974815FD809}: "URL" = http://search.yahoo....ei=utf-8&fr=ie8
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...&FORM=LENIE
IE - HKCU\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGLJ_enUS253
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....sa&d=2013-06-23 11:09:52&v=15.2.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{AB658337-3765-4769-8329-FC8A0B7D27A0}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...ct=sb&qsrc=2869
IE - HKCU\..\SearchScopes\{B0E3B58F-B17F-49CA-884A-D6AB63CD0C52}: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3287811.browser.search.defaultthis.engineName: true
FF - prefs.js..CT3291325.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B9A4F784C-8AE7-4A0E-93CB-88F63569346F%7D:1.5
FF - prefs.js..extensions.enabledAddons: showlyrics%40superstrsoft.co:1.114
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:15.2.0.5
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.0.380%20-%201
FF - prefs.js..extensions.enabledAddons: %7B0134af61-7a0c-4649-aeca-90d776060cb3%7D:10.19.2.505
FF - prefs.js..extensions.enabledAddons: addon%40defaulttab.com:2.1.34
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\DOCUME~1\Kathie\APPLIC~1\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/21 13:47:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2012/12/03 16:21:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2013/08/31 15:50:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\citius@orbiscom: C:\Program Files\Virtual Account Numbers [2013/04/29 15:19:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5 [2013/06/23 11:10:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/22 15:06:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/22 15:06:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/21 13:47:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Show-Lyrics\FF\ [2013/06/30 20:54:54 | 000,000,000 | ---D | M]

[2011/01/08 13:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Extensions
[2013/08/31 12:24:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions
[2013/08/31 12:24:54 | 000,000,000 | ---D | M] (KeyBar 1.12) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\{0134af61-7a0c-4649-aeca-90d776060cb3}
[2012/03/23 16:02:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/08/31 12:24:19 | 000,000,000 | ---D | M] (VisualBee V.12) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\{53c4024f-5a2e-4f2a-b33e-e8784d730938}
[2013/06/30 20:55:53 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\{9A4F784C-8AE7-4A0E-93CB-88F63569346F}
[2013/08/10 13:08:21 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/08/27 17:32:50 | 000,000,000 | ---D | M] (SySaver) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\[email protected]
[2013/08/04 16:24:26 | 000,000,000 | ---D | M] (GetSavin) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\getsavin@jetpack
[2013/08/04 16:25:00 | 000,000,000 | ---D | M] (Define Ext) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\[email protected]
[2013/08/31 12:24:54 | 000,037,942 | ---- | M] () (No name found) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\[email protected]
[2013/08/10 13:10:21 | 000,301,821 | ---- | M] () (No name found) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\[email protected]
[2013/08/09 15:57:34 | 000,824,302 | ---- | M] () (No name found) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/08/31 15:52:53 | 000,002,045 | ---- | M] () -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\searchplugins\search.xml
[2013/08/31 12:26:08 | 000,001,102 | ---- | M] () -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\searchplugins\visualbee-v12-customized-web-search.xml
[2013/08/22 15:06:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/22 15:06:30 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/08/22 15:06:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/22 15:06:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/23 11:10:05 | 000,000,000 | ---D | M] (AVG SafeGuard toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\15.2.0.5
[2012/12/03 16:21:06 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPLGN
[2013/06/30 20:54:54 | 000,000,000 | ---D | M] ("Show Lyrics") -- C:\PROGRAM FILES\SHOW-LYRICS\FF
[2013/02/10 12:49:24 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/17 17:29:27 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/17 17:29:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2013/06/23 11:10:07 | 000,003,725 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.14\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.14\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.14\pdf.dll
CHR - plugin: npDefaultTabSearch plugin (Enabled) = C:\Documents and Settings\Kathie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0\plugins/npDefaultTabSearch.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Catalina Savings Printer (Enabled) = C:\DOCUME~1\Kathie\APPLIC~1\CATALI~2\NPBCSK~1.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: MixiDJ V30 = C:\Documents and Settings\Kathie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.19.2.505_0\
CHR - Extension: SySaver = C:\Documents and Settings\Kathie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\
CHR - Extension: GetSavin = C:\Documents and Settings\Kathie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0\
CHR - Extension: AVG SafeGuard toolbar = C:\Documents and Settings\Kathie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Kathie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Gmail = C:\Documents and Settings\Kathie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Show Lyrics = C:\Documents and Settings\Kathie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pkahcfoiapkaglphahjnnmojmlbhnidb\1.114_0\

O1 HOSTS File: ([2010/04/28 13:43:11 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (KeyBar 1.12 Toolbar) - {0134af61-7a0c-4649-aeca-90d776060cb3} - C:\Program Files\KeyBar_1.12\prxtbKey0.dll (Conduit Ltd.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Virtual Account Numbers Helper) - {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files\Virtual Account Numbers\CitiVANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Toolbar BHO) - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\Program Files\CouponAlert_2p\bar\1.bin\2pbar.dll (MindSpark)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O2 - BHO: (Search Assistant BHO) - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (MindSpark)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\20.3.0.36\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SelectionLinks) - {878B8524-AED5-4870-9A96-A515440DAC75} - C:\Program Files\OApps\SelectionLinks.dll (SelectionLinks)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Documents and Settings\Kathie\Local Settings\Application Data\DefineExt\temp.dat ()
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll File not found
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (KeyBar 1.12 Toolbar) - {0134af61-7a0c-4649-aeca-90d776060cb3} - C:\Program Files\KeyBar_1.12\prxtbKey0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKLM\..\Toolbar: (Coupon Alert) - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files\CouponAlert_2p\bar\1.bin\2pbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Virtual Account Numbers) - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files\Virtual Account Numbers\CitiVANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (KeyBar 1.12 Toolbar) - {0134AF61-7A0C-4649-AECA-90D776060CB3} - C:\Program Files\KeyBar_1.12\prxtbKey0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Coupon Alert) - {3462C343-BE19-4143-AF70-CEFB56F46FC6} - C:\Program Files\CouponAlert_2p\bar\1.bin\2pbar.dll (MindSpark)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Coupon Alert Search Scope Monitor] C:\Program Files\CouponAlert_2p\bar\1.bin\2pSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [CouponAlert_2p Browser Plugin Loader] C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Virtual Account Numbers] C:\Program Files\Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe (AVG Secure Search)
O4 - HKCU..\Run: [82A65744E4EE70D3AE1EB3EF2EB18B07B2E3ECBB._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_BA67679302E9B0B9DBD0A56F5991E6C8] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O8 - Extra context menu item: &Search - http://tbedits.coupo...2013061613&cv=4 File not found
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} https://www-307.ibm....ntent/AcpIR.cab (IASRunner Class)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (SysData Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfi...ll/gtdownls.cab (LinkSys Content Update)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{244DD694-3020-4B85-8405-0AFFC7EB67EA}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Program Files\Lenovo\HOTKEY\notifyf2.dll) - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (C:\Program Files\Lenovo\HOTKEY\tphklock.dll) - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Kathie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kathie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 02:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{41d1cff1-8314-11e0-9f14-001c26d9f1a0}\Shell - "" = AutoRun
O33 - MountPoints2\{41d1cff1-8314-11e0-9f14-001c26d9f1a0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41d1cff1-8314-11e0-9f14-001c26d9f1a0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{449b2de2-9a82-11dc-9c83-001de009fc1f}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O33 - MountPoints2\{fa5ead3b-547a-11df-9ee6-001c26d9f1a0}\Shell - "" = AutoRun
O33 - MountPoints2\{fa5ead3b-547a-11df-9ee6-001c26d9f1a0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fa5ead3b-547a-11df-9ee6-001c26d9f1a0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/31 14:33:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/08/27 17:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\Start Menu\Programs\SySaver
[2013/08/27 17:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Flash Player Pro
[2013/08/27 17:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Flash Player Pro
[2013/08/27 17:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\My Documents\Flash Player Pro
[2013/08/27 17:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\Local Settings\Application Data\SySaver
[2013/08/26 18:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\PrinterShare
[2013/08/26 18:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\wrapper_inst
[2013/08/26 18:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/08/26 18:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrinterShare
[2013/08/25 21:18:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\Local Settings\Application Data\VisualBeeClient
[2013/08/25 21:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2013/08/25 21:17:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\Local Settings\Application Data\VisualBeeExe
[2013/08/25 21:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\VisualBee
[2013/08/22 15:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/11 14:29:10 | 000,000,000 | ---D | C] -- C:\Avenger
[2013/08/11 13:05:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kathie\Desktop\OTL.exe
[2013/08/04 16:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\Start Menu\Programs\Define Ext
[2013/08/04 16:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\Local Settings\Application Data\DefineExt
[2013/08/04 16:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\Local Settings\Application Data\getsavin
[2013/08/04 16:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\Local Settings\Application Data\CRE
[2013/08/04 16:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/08/04 16:21:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013/06/02 11:06:07 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Documents and Settings\Kathie\Local Settings\Application Data\BcsKtYcHW.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[29 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/31 16:23:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2013/08/31 16:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/31 15:48:28 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2013/08/31 15:47:57 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/31 15:47:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2013/08/31 15:47:53 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2013/08/31 15:47:53 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2013/08/31 15:47:52 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/31 15:47:44 | 000,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2013/08/31 15:47:42 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/08/31 15:47:30 | 000,000,480 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2013/08/31 15:47:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/31 15:47:11 | 2112,139,264 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/31 15:13:22 | 000,321,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/31 14:42:10 | 000,589,016 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/31 14:42:10 | 000,114,484 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/31 14:38:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/31 13:37:03 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2013/08/31 10:56:03 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\ProgramRefresh-ATFST.job
[2013/08/31 00:02:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/08/30 22:17:01 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/08/30 22:17:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\pcreg.job
[2013/08/29 12:15:54 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\skvkfkbo.sys
[2013/08/28 13:25:43 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/08/28 09:08:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/08/27 18:39:54 | 000,001,838 | ---- | M] () -- C:\Documents and Settings\Kathie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/27 17:33:04 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\Kathie\Desktop\Flash Player Pro.lnk
[2013/08/25 21:23:58 | 000,000,000 | ---- | M] () -- C:\END
[2013/08/18 12:41:31 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Kathie\Desktop\Microsoft Office Excel 2003.lnk
[2013/08/11 13:05:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kathie\Desktop\OTL.exe
[2013/08/04 16:21:15 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Kathie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/08/04 16:21:14 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[29 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/30 08:15:36 | 000,001,904 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2013/08/29 12:15:54 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\skvkfkbo.sys
[2013/08/27 17:33:03 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\Kathie\Desktop\Flash Player Pro.lnk
[2013/08/26 18:07:14 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\pcreg.job
[2013/08/26 18:07:12 | 000,000,368 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2013/08/25 21:22:43 | 000,000,000 | ---- | C] () -- C:\END
[2013/06/30 20:57:48 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Kathie\ntuser.pol
[2013/06/27 19:09:33 | 000,712,264 | ---- | C] () -- C:\WINDOWS\is-JU18I.exe
[2013/06/02 11:06:04 | 000,893,239 | ---- | C] () -- C:\Documents and Settings\Kathie\Local Settings\Application Data\a.zip
[2013/02/18 13:50:42 | 000,304,450 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/02/14 18:42:53 | 002,601,826 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2742438380-270914250-3487169969-1008-0.dat
[2013/02/14 15:19:44 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2013/02/06 09:20:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/11/10 12:06:35 | 000,121,960 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2009/01/14 21:11:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/08/27 15:31:00 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Kathie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/28 16:46:26 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Kathie\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2006/04/30 02:25:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/23 10:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2013/06/23 11:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2010/10/12 14:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2010/10/12 14:16:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/10/12 14:28:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2013/01/20 14:43:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/10/12 14:28:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2010/10/12 14:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup
[2010/10/12 14:45:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/10/12 14:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2013/06/23 11:07:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/07/23 15:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/06/20 22:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2013/01/27 02:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2009/03/14 21:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/05/08 19:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/03/14 21:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/03/14 21:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009/11/10 12:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2013/08/27 18:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrinterShare
[2010/07/13 01:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2009/03/14 18:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009/04/15 12:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2013/06/23 11:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\1O1L1I1PtF1F1C1N
[2013/06/23 11:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\AVG SafeGuard toolbar
[2010/10/12 14:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Canon
[2012/03/22 07:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Canon Easy-WebPrint EX
[2013/01/20 13:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Catalina Marketing Corp
[2013/06/02 11:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Catalina – Print Savings
[2013/06/16 12:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\CouponAlert_2p
[2013/06/30 20:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\DefaultTab
[2009/06/20 22:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Downloaded Installations
[2013/04/28 13:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\ElevatedDiagnostics
[2013/06/23 14:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\FreeFileViewer
[2009/03/14 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\GARMIN
[2009/03/14 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Leadertech
[2009/03/14 19:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Lenovo
[2013/02/11 14:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Memeo
[2009/03/14 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Nokia
[2009/03/14 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\PC Suite
[2012/05/31 22:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\PCCUStubInstaller
[2009/03/14 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Samsung
[2013/01/20 11:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Seagate
[2013/08/29 12:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\SearchProtect
[2011/09/18 22:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Tific

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 31 August 2013 - 04:40 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Copy the next line:

"C:\Program Files\Internet Explorer\iexplore" -extoff http://general-chang...de/2-adwcleaner



Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Internet Explorer should open with add-ons disabled.

It should come up and ask you if you want to Run or SAVE adwcleaner.exe
Tell it SAVE.

While still in IE with add-ons disabled try to download and save:
Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.

Close all browsers. Pause your anti-virus.

Locate the adwcleaner tool. By default it will be in your Downloads folder.

  • Run the tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the Delete option
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

[*]Run the Junkware-Removal-Tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
[*]The tool will open and start scanning your system.
[*]Please be patient as this can take a while to complete depending on your system's specifications.
[*]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[*]Post the contents of JRT.txt into your next message.
[/list]
Download aswMBR.exe to your desktop.

Double click (XP) or Right click the aswMBR.exe (Vista/Win 7&8) and select Run As Administrator to run it

Click the "Scan" button to start scan
Posted Image
Allow it to download the Avast engine if it wants.
On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image


Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
Cat25
Posted 31 August 2013 - 09:14 PM

Cat25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I can only get as far as 1st item. Copy firt line to command prompt. Then internet explorer says " internet explorer cannot display webpage. When I click diagnose connection problems- says does not detect problem with internet connection. So tried opening http:/general-chang...de/2-adwcleaner, in Firefox & it would not open. Any other suggestions ?
  • 0

#4
Cat25
Posted 31 August 2013 - 09:17 PM

Cat25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Forgot to mention Internet Explorer had a little yellow information bar at the top that said " Internet Explorer currently running with add-ons disabled.

Thanks
  • 0

#5
Cat25
Posted 31 August 2013 - 11:14 PM

Cat25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I finally got everything to run. Disreguard the earlier posts. The aswMBR did not have the fix button enabled just the fixMBR button.

Hope the attached files are what you need. Thanks

OTL logfile created on: 8/31/2013 11:52:59 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Kathie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.07% Memory free
3.81 Gb Paging File | 2.87 Gb Available in Paging File | 75.16% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.46 Gb Total Space | 15.14 Gb Free Space | 10.56% Space Free | Partition Type: NTFS
Drive E: | 3.77 Gb Total Space | 0.01 Gb Free Space | 0.14% Space Free | Partition Type: FAT32

Computer Name: LAPTOPW | User Name: Kathie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/31 23:46:46 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kathie\Desktop\aswmbr.exe
PRC - [2013/08/31 23:07:16 | 001,027,511 | ---- | M] (Thisisu) -- C:\Documents and Settings\Kathie\Desktop\JRT.exe
PRC - [2013/08/12 12:42:57 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/08/11 13:05:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kathie\Desktop\OTL.exe
PRC - [2013/07/10 16:50:38 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2013/03/04 13:57:52 | 000,398,336 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files\Virtual Account Numbers\CitiVAN.exe
PRC - [2012/12/23 22:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\20.3.0.36\ccsvchst.exe
PRC - [2012/12/06 14:41:06 | 000,156,672 | ---- | M] (Orbiscom Ltd.) -- C:\WINDOWS\system32\OBroker.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/03/18 12:22:23 | 000,123,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.1.246\SymcPCCULaunchSvc.exe
PRC - [2011/06/01 11:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 11:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 11:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2011/05/04 16:04:32 | 000,325,344 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
PRC - [2010/04/07 07:57:42 | 000,099,896 | ---- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/24 20:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/03/02 19:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.1.246\ccSvcHst.exe
PRC - [2009/05/27 21:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 19:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/07/05 18:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007/07/05 18:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007/07/05 18:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007/07/05 17:58:40 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007/07/05 17:51:48 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007/04/09 13:03:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007/03/09 00:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/07 23:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/02/27 20:43:30 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007/02/27 20:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007/02/08 16:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/02/08 16:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/02/08 14:40:16 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/29 22:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2007/01/04 22:48:52 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/07 05:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006/09/06 02:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2006/05/24 00:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 19:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/02/14 00:17:28 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/02/02 08:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE


========== Modules (No Company Name) ==========

MOD - [2013/08/31 14:39:24 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5f752470\mscorlib.dll
MOD - [2013/08/31 14:39:22 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_218b4147\system.drawing.dll
MOD - [2013/08/31 14:39:08 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_a196a692\system.xml.dll
MOD - [2013/08/31 14:39:02 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f0f2943b\system.windows.forms.dll
MOD - [2013/08/31 14:38:43 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_0231ed72\system.dll
MOD - [2013/08/31 14:38:30 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2013/08/31 14:38:29 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2013/08/31 14:38:28 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2013/08/31 14:24:10 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/08/31 14:24:10 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/08/31 14:24:05 | 004,550,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2013/08/31 14:24:04 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2013/08/31 14:24:03 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/08/31 14:24:02 | 002,052,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/08/31 14:24:00 | 000,659,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2013/08/31 14:24:00 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2013/08/31 14:23:54 | 000,010,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2013/07/07 13:36:53 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2013/03/05 15:14:00 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2013/03/05 15:13:57 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2013/03/05 15:13:50 | 005,246,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2013/02/19 17:47:03 | 009,000,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2013/02/19 17:46:33 | 014,415,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2012/12/06 14:38:00 | 000,039,424 | ---- | M] () -- C:\Program Files\Virtual Account Numbers\VANRes.dll
MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360 Premier Edition\Engine\20.3.0.36\wincfi39.dll
MOD - [2011/06/01 11:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 11:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 11:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 11:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2011/05/04 16:04:54 | 002,896,608 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2011/05/04 16:04:50 | 000,027,360 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
MOD - [2011/05/04 16:04:32 | 000,325,344 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
MOD - [2010/03/22 17:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\sqlite3.dll
MOD - [2010/03/04 16:55:54 | 000,274,432 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hp1100sd.dll
MOD - [2010/03/04 16:55:46 | 002,306,048 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hp1100su.dll
MOD - [2010/03/04 16:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
MOD - [2010/03/04 16:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
MOD - [2010/03/04 16:55:12 | 000,794,624 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1100GC.DLL
MOD - [2009/05/27 21:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2007/11/28 10:34:16 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2007/11/28 10:34:05 | 000,798,720 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2007/11/28 10:34:01 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2007/11/28 10:33:22 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2007/11/28 10:33:00 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\3.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2007/11/28 10:32:57 | 000,049,152 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2007/11/28 10:32:46 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\3.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2007/11/28 10:32:42 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.89__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2007/11/28 10:32:42 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.89__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2007/11/28 10:32:42 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.89__9cf889f53ea9b907\lead.drawing.dll
MOD - [2007/11/28 10:32:42 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.89__9cf889f53ea9b907\lead.dll
MOD - [2007/11/28 10:32:42 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2007/11/28 10:32:42 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2007/11/28 10:32:37 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2007/11/28 10:32:35 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2007/11/28 10:32:35 | 000,167,936 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2007/11/28 10:32:35 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2007/11/28 10:32:35 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2007/11/28 10:32:34 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2007/11/28 10:32:33 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2007/11/28 10:32:33 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2007/11/28 10:29:00 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\3.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2007/11/28 10:29:00 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2007/11/28 10:29:00 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpdarc\1.0.0.0__19565c63d39c2842\interop.hpdarc.dll
MOD - [2007/11/28 10:29:00 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2007/11/28 10:28:59 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2007/11/28 10:28:59 | 000,073,728 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2007/11/28 10:28:58 | 000,196,608 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
MOD - [2007/11/28 10:28:57 | 000,475,136 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2007/05/17 10:53:00 | 001,474,560 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2007/04/16 14:17:32 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/04/09 13:03:00 | 000,235,056 | ---- | M] () -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7.dll
MOD - [2007/03/22 12:02:00 | 000,063,024 | ---- | M] () -- C:\Program Files\ThinkVantage\PrdCtr\US\LPRESMGR.DLL
MOD - [2007/02/27 20:48:38 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007/02/08 16:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
MOD - [2007/02/08 16:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
MOD - [2007/02/08 15:59:30 | 000,139,264 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2007/02/08 15:59:30 | 000,139,264 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\CDRecord.dll
MOD - [2007/02/08 14:40:16 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
MOD - [2007/01/30 21:21:54 | 000,110,592 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\xml4cmessages5_5.dll
MOD - [2007/01/25 01:25:52 | 000,069,720 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll
MOD - [2006/12/13 21:06:42 | 000,028,672 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\tphklock.dll
MOD - [2006/11/09 23:26:02 | 000,030,256 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.dll
MOD - [2006/04/30 02:31:01 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2006/04/30 02:25:07 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2013/08/22 15:06:54 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/12 12:42:57 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/07/10 16:50:38 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2012/12/23 22:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\20.3.0.36\ccSvcHst.exe -- (N360)
SRV - [2012/11/08 11:39:36 | 000,174,176 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe -- (PACSPTISVR-Sound_Organizer)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/03/18 12:22:23 | 000,123,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.1.246\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/06/01 11:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/05/04 16:04:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/04/07 07:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/11/10 13:32:42 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.1.246\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/02 09:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/16 19:12:56 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/07/05 18:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/07/05 18:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/02/27 20:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/02/08 16:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/02/08 14:40:16 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/29 22:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007/01/04 22:48:52 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/05/24 00:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/10/06 21:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Kathie\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013/08/28 18:40:16 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130831.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/08/28 18:40:15 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130831.007\NAVENG.SYS -- (NAVENG)
DRV - [2013/08/27 15:22:00 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/27 15:21:59 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/08/20 17:13:48 | 000,380,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130830.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013/05/31 11:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130715.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/01/30 22:18:18 | 000,394,656 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1403000.024\symtdi.sys -- (SYMTDI)
DRV - [2013/01/30 22:18:06 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1403000.024\symefa.sys -- (SymEFA)
DRV - [2013/01/28 20:45:18 | 000,602,712 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\1403000.024\srtsp.sys -- (SRTSP)
DRV - [2013/01/28 20:45:18 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1403000.024\srtspx.sys -- (SRTSPX)
DRV - [2013/01/21 21:15:32 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1403000.024\symds.sys -- (SymDS)
DRV - [2012/12/03 16:20:12 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/11/15 21:22:01 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1403000.024\ironx86.sys -- (SymIRON)
DRV - [2012/11/15 21:18:04 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1403000.024\ccsetx86.sys -- (ccSet_N360)
DRV - [2009/10/12 21:24:56 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/12 21:24:54 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/12 21:24:52 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/20 22:58:09 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009/02/09 07:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/10/01 17:24:36 | 000,023,864 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/09/21 04:11:02 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/09/21 04:10:46 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/09/21 04:10:40 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/08/08 06:42:00 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/29 21:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/29 20:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/06/17 11:16:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007/06/07 19:36:44 | 000,081,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LenovoRd.sys -- (LenovoRd)
DRV - [2007/04/30 09:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/04/09 13:03:00 | 000,012,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007/04/02 14:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007/03/29 18:19:36 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/02 20:49:00 | 000,100,656 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2007/03/02 20:47:00 | 000,019,760 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/02/27 04:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/01/24 04:33:00 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/01/24 04:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/12/21 21:56:00 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 21:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/21 21:55:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/11/06 03:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/10/15 01:01:00 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/10/15 00:59:00 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/10/09 09:00:00 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/09/13 15:42:44 | 000,035,264 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/02/02 08:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 08:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 08:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 08:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 08:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 08:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 08:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/11/18 15:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 15:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/08 12:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.searc...835,20029,0,8,0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://lenovo.us.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 BC ED 67 AC A2 CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0270EEB4-082C-4CEB-92FD-0974815FD809}: "URL" = http://search.yahoo....835,20028,0,8,0
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGLJ_enUS253
IE - HKCU\..\SearchScopes\{AB658337-3765-4769-8329-FC8A0B7D27A0}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.yhs4.searc...35,20031,0,8,0"
FF - prefs.js..extensions.enabledAddons: %7B9A4F784C-8AE7-4A0E-93CB-88F63569346F%7D:1.5
FF - prefs.js..extensions.enabledAddons: showlyrics%40superstrsoft.co:1.114
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:15.2.0.5
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.0.380%20-%201
FF - prefs.js..extensions.enabledAddons: %7B0134af61-7a0c-4649-aeca-90d776060cb3%7D:10.19.2.505
FF - prefs.js..extensions.enabledAddons: addon%40defaulttab.com:2.1.34
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: ""
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20130835,20030,0,8,0"
FF - prefs.js..keyword.URL: "http://search.yahoo....35,20030,0,8,0"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\DOCUME~1\Kathie\APPLIC~1\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/21 13:47:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2012/12/03 16:21:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2013/08/31 23:25:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\citius@orbiscom: C:\Program Files\Virtual Account Numbers [2013/04/29 15:19:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/22 15:06:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/31 23:10:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/21 13:47:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Show-Lyrics\FF\

[2011/01/08 13:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Extensions
[2013/08/31 23:17:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions
[2012/03/23 16:02:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/08/31 23:00:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/06/30 20:55:53 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\{9A4F784C-8AE7-4A0E-93CB-88F63569346F}
[2013/08/10 13:08:21 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/08/27 17:32:50 | 000,000,000 | ---D | M] (SySaver) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\[email protected]
[2013/08/04 16:24:26 | 000,000,000 | ---D | M] (GetSavin) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\getsavin@jetpack
[2013/08/04 16:25:00 | 000,000,000 | ---D | M] (Define Ext) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\[email protected]
[2013/08/10 13:10:21 | 000,301,821 | ---- | M] () (No name found) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\[email protected]
[2013/08/09 15:57:34 | 000,824,302 | ---- | M] () (No name found) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/08/31 12:26:08 | 000,001,102 | ---- | M] () -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\searchplugins\visualbee-v12-customized-web-search.xml
[2013/08/22 15:06:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/22 15:06:30 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/08/22 15:06:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/22 15:06:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/23 11:10:05 | 000,000,000 | ---D | M] (AVG SafeGuard toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\15.2.0.5
[2012/12/03 16:21:06 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPLGN
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KATHIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LO98RB5I.DEFAULT\EXTENSIONS\{0134AF61-7A0C-4649-AECA-90D776060CB3}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KATHIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LO98RB5I.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\SHOW-LYRICS\FF
[2013/02/10 12:49:24 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2013/06/23 11:10:07 | 000,003,725 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://us.yhs4.searc...835,20033,0,8,0
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.14\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.14\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.14\pdf.dll
CHR - plugin: npDefaultTabSearch plugin (Enabled) = C:\Documents and Settings\Kathie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0\plugins/npDefaultTabSearch.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Catalina Savings Printer (Enabled) = C:\DOCUME~1\Kathie\APPLIC~1\CATALI~2\NPBCSK~1.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: GetSavin = C:\Documents and Settings\Kathie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Kathie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Gmail = C:\Documents and Settings\Kathie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010/04/28 13:43:11 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Virtual Account Numbers Helper) - {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files\Virtual Account Numbers\CitiVANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\20.3.0.36\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll File not found
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Virtual Account Numbers) - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files\Virtual Account Numbers\CitiVANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Virtual Account Numbers] C:\Program Files\Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKCU..\Run: [82A65744E4EE70D3AE1EB3EF2EB18B07B2E3ECBB._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_BA67679302E9B0B9DBD0A56F5991E6C8] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} https://www-307.ibm....ntent/AcpIR.cab (IASRunner Class)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (SysData Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfi...ll/gtdownls.cab (LinkSys Content Update)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{244DD694-3020-4B85-8405-0AFFC7EB67EA}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Program Files\Lenovo\HOTKEY\notifyf2.dll) - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (C:\Program Files\Lenovo\HOTKEY\tphklock.dll) - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Kathie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kathie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 02:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{41d1cff1-8314-11e0-9f14-001c26d9f1a0}\Shell - "" = AutoRun
O33 - MountPoints2\{41d1cff1-8314-11e0-9f14-001c26d9f1a0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41d1cff1-8314-11e0-9f14-001c26d9f1a0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{449b2de2-9a82-11dc-9c83-001de009fc1f}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O33 - MountPoints2\{fa5ead3b-547a-11df-9ee6-001c26d9f1a0}\Shell - "" = AutoRun
O33 - MountPoints2\{fa5ead3b-547a-11df-9ee6-001c26d9f1a0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fa5ead3b-547a-11df-9ee6-001c26d9f1a0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/31 23:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\Local Settings\Application Data\FileTypeAssistant
[2013/08/31 23:46:30 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Kathie\Desktop\aswmbr.exe
[2013/08/31 23:09:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/08/31 23:07:13 | 001,027,511 | ---- | C] (Thisisu) -- C:\Documents and Settings\Kathie\Desktop\JRT.exe
[2013/08/31 23:02:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kathie\IECompatCache
[2013/08/31 23:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Genius
[2013/08/31 23:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\The Sea App (Internet Explorer)
[2013/08/31 22:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2013/08/31 22:47:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/31 14:33:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/08/30 08:15:10 | 000,028,272 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2013/08/27 17:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\Start Menu\Programs\SySaver
[2013/08/27 17:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Flash Player Pro
[2013/08/27 17:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Flash Player Pro
[2013/08/27 17:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\My Documents\Flash Player Pro
[2013/08/27 17:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\Local Settings\Application Data\SySaver
[2013/08/26 18:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\PrinterShare
[2013/08/26 18:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\wrapper_inst
[2013/08/26 18:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/08/26 18:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrinterShare
[2013/08/26 17:59:32 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Kathie\Desktop\PrinterShare2304.exe
[2013/08/22 15:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/12 12:43:30 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/08/12 12:43:21 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/08/12 12:43:21 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/08/11 14:29:10 | 000,000,000 | ---D | C] -- C:\Avenger
[2013/08/11 13:05:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kathie\Desktop\OTL.exe
[2013/08/04 16:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\Start Menu\Programs\Define Ext
[2013/08/04 16:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/08/04 16:21:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013/06/02 11:06:07 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Documents and Settings\Kathie\Local Settings\Application Data\BcsKtYcHW.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[29 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/31 23:49:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Kathie\Desktop\MBR.dat
[2013/08/31 23:46:46 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kathie\Desktop\aswmbr.exe
[2013/08/31 23:25:46 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2013/08/31 23:24:01 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2013/08/31 23:23:05 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/31 23:23:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2013/08/31 23:22:57 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2013/08/31 23:22:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/31 23:22:50 | 000,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2013/08/31 23:22:49 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/08/31 23:22:37 | 000,000,480 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2013/08/31 23:22:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/31 23:22:20 | 2112,139,264 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/31 23:07:16 | 001,027,511 | ---- | M] (Thisisu) -- C:\Documents and Settings\Kathie\Desktop\JRT.exe
[2013/08/31 23:01:09 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\Kathie\Desktop\Driver Genius.lnk
[2013/08/31 23:00:32 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\Kathie\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
[2013/08/31 23:00:30 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Optimizer Pro.lnk
[2013/08/31 22:37:08 | 000,994,642 | ---- | M] () -- C:\Documents and Settings\Kathie\Desktop\adwcleaner.exe
[2013/08/31 22:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/31 22:17:01 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/08/31 22:17:01 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\pcreg.job
[2013/08/31 21:37:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2013/08/31 15:13:22 | 000,321,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/31 14:42:10 | 000,589,016 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/31 14:42:10 | 000,114,484 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/31 14:38:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/31 10:56:03 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\ProgramRefresh-ATFST.job
[2013/08/31 00:02:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/08/29 12:15:54 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\skvkfkbo.sys
[2013/08/28 13:25:43 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/08/28 09:08:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/08/27 18:39:54 | 000,001,838 | ---- | M] () -- C:\Documents and Settings\Kathie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/27 17:33:04 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\Kathie\Desktop\Flash Player Pro.lnk
[2013/08/26 17:59:40 | 001,941,504 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Kathie\Desktop\PrinterShare2304.exe
[2013/08/18 12:41:31 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Kathie\Desktop\Microsoft Office Excel 2003.lnk
[2013/08/12 12:42:58 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/08/12 12:42:55 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/08/12 12:42:55 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/08/12 12:42:55 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/08/12 12:42:55 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/08/12 12:42:55 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/08/12 12:42:55 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/08/11 13:05:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kathie\Desktop\OTL.exe
[2013/08/04 16:21:15 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Kathie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/08/04 16:21:14 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/08/03 14:18:38 | 001,543,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvdecod.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[29 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/31 23:49:53 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Kathie\Desktop\MBR.dat
[2013/08/31 23:01:08 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\Kathie\Desktop\Driver Genius.lnk
[2013/08/31 23:00:30 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\Kathie\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
[2013/08/31 23:00:28 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Optimizer Pro.lnk
[2013/08/31 22:37:05 | 000,994,642 | ---- | C] () -- C:\Documents and Settings\Kathie\Desktop\adwcleaner.exe
[2013/08/30 08:15:36 | 000,001,904 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2013/08/29 12:15:54 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\skvkfkbo.sys
[2013/08/27 17:33:03 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\Kathie\Desktop\Flash Player Pro.lnk
[2013/08/26 18:07:14 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\pcreg.job
[2013/08/26 18:07:12 | 000,000,368 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2013/06/30 20:57:48 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Kathie\ntuser.pol
[2013/06/27 19:09:33 | 000,712,264 | ---- | C] () -- C:\WINDOWS\is-JU18I.exe
[2013/06/02 11:06:04 | 000,893,239 | ---- | C] () -- C:\Documents and Settings\Kathie\Local Settings\Application Data\a.zip
[2013/02/18 13:50:42 | 000,304,450 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/02/14 18:42:53 | 002,601,826 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2742438380-270914250-3487169969-1008-0.dat
[2013/02/14 15:19:44 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2013/02/06 09:20:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/11/10 12:06:35 | 000,121,960 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2009/01/14 21:11:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/08/27 15:31:00 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Kathie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/28 16:46:26 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Kathie\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2006/04/30 02:25:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Attached Files


  • 0

#6
RKinner
Posted 01 September 2013 - 12:33 AM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
What did you do to get it to work?

Copy the text in the code box by highlighting and Ctrl + c


:OTL
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
FF - prefs.js..extensions.enabledAddons: %7B9A4F784C-8AE7-4A0E-93CB-88F63569346F%7D:1.5
FF - prefs.js..extensions.enabledAddons: showlyrics%40superstrsoft.co:1.114
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:15.2.0.5
FF - prefs.js..extensions.enabledAddons: %7B0134af61-7a0c-4649-aeca-90d776060cb3%7D:10.19.2.505
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll File not found
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Show-Lyrics\FF\
[2013/08/31 23:00:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/06/30 20:55:53 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\{9A4F784C-8AE7-4A0E-93CB-88F63569346F}
[2013/08/27 17:32:50 | 000,000,000 | ---D | M] (SySaver) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\[email protected]
[2013/08/04 16:24:26 | 000,000,000 | ---D | M] (GetSavin) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\getsavin@jetpack
[2013/08/04 16:25:00 | 000,000,000 | ---D | M] (Define Ext) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\[email protected]
[2013/08/31 12:26:08 | 000,001,102 | ---- | M] () -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\searchplugins\visualbee-v12-customized-web-search.xml
[2013/08/22 15:06:30 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/06/23 11:10:05 | 000,000,000 | ---D | M] (AVG SafeGuard toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\15.2.0.5
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KATHIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LO98RB5I.DEFAULT\EXTENSIONS\{0134AF61-7A0C-4649-AECA-90D776060CB3}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KATHIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LO98RB5I.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\SHOW-LYRICS\FF
[2013/06/23 11:10:07 | 000,003,725 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll File not found
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (SysData Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll File not found
[2013/08/31 23:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\Local Settings\Application Data\FileTypeAssistant
[2013/08/31 23:25:46 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2013/08/31 23:24:01 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2013/08/31 23:23:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2013/08/31 23:22:57 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2013/08/31 23:22:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/31 23:22:49 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/08/31 23:00:32 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\Kathie\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
[2013/08/31 23:00:30 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Optimizer Pro.lnk
[2013/08/31 22:17:01 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\pcreg.job
[2013/08/31 21:37:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2013/08/31 10:56:03 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\ProgramRefresh-ATFST.job
[2013/08/29 12:15:54 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\skvkfkbo.sys

:files
at /c
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At*.job

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Double on OTL to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.

Let's run a few other scans just to be sure.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Double click on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe and to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#7
Cat25
Posted 01 September 2013 - 09:05 PM

Cat25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I just saw your reply, I'll start runing it in the morning. Yesterday, My ERROR, I didn't copy all of the text to command prompt. This computer is hard to use, it freezes & locks up a lot, hope I can get thru all the steps you outlined. The computer is a laptop so when I run Combofix & you say not to touch anything, how do I keep it from hybernating or closing down on it's own ?

Thanks,

Kathie
  • 0

#8
RKinner
Posted 01 September 2013 - 09:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Set Turn Off Monitor to Never, then click on Hibernate and you should have an option to tell it not to hibernate or how long to wait before hibernating. Also Set Screen Saver to Never or maybe 2 hours.

http://www.askdaveta...windows_xp.html
  • 0

#9
Cat25
Posted 02 September 2013 - 10:42 AM

Cat25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I am down to: my computer, manage, event viewer. On my windows xp there is no windows logs, there is a windows power shell, is that it ? Also there is a Application, & a System. Is it different than your description because my computer uses windows xp ?

Thanks,

Kathie
  • 0

#10
RKinner
Posted 02 September 2013 - 12:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Those were the directions for XP but if they don't work for you, just skip that step.
  • 0

Advertisements

#11
Cat25
Posted 02 September 2013 - 01:35 PM

Cat25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Here are my new files. I skipped the step we talked about last - my computer/manage/event viewer.

Attached Files


  • 0

#12
RKinner
Posted 02 September 2013 - 02:13 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
J2SE Runtime Environment 5.0 Update 6
Java 7 Update 21

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:
Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)

Uninstall all of these that you can find:
Google Toolbar for Internet Explorer
Bonjour
Windows Live Toolbar
AVG SafeGuard toolbar
Google Updater
File Type Assistant
Windows Live Toolbar
Windows Live OneCare safety scanner
Yahoo! Anti-Spy
Yahoo! Toolbar

Go into Printers and make sure the Printer Lexmark 640 Series has been removed. Apparently you no longer have it but it is trying to connect.

If it is still acting up:

et Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.



Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.
  • 0

#13
Cat25
Posted 02 September 2013 - 03:24 PM

Cat25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I uninstalled J2SE runtime, tried to uninstall Java 7 update 21, got message : feature is on a network source that in unavailable install package. enter an alternate path to jre1.7.0_21-c.msi. Did a search on jre 1.7.0_21-c.msi and it didn't find anything. I don't want Java if I don't need it, before I got a lot of pop ups saying I needed to update Java, will the pop ups go away if I get all of the Java uninstalled ? I.m going to try to find & uninstall the other items you listed.
  • 0

#14
RKinner
Posted 02 September 2013 - 05:35 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Get the Free version of Revo uninstaller.

http://www.revounins...e_download.html

The free version download is near the bottom of the page where it says:

Free Full Downloads of Revo Uninstaller

It should be able to get rid of your Java for you. Can also be used on any of the others that don't want to go.
  • 0

#15
Cat25
Posted 02 September 2013 - 05:39 PM

Cat25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Could not remove: Java 7 update 21 ( as mentioned in previous post)
Bonjour - said could not find Bonjour.msi
Yahoo ! toolbar - locks up & runs for ever til I restart

Your correct I don"t have Printer Lexmark 640 series, but it is not listed in printers

attached is the speccy file

Below is the procexp file

Process CPU Private Bytes Working Set PID Verified Signer Description Company Name
Au_.exe 49.23 9,940 K 5,060 K 4728 (No signature was present in the subject) Yahoo! Inc. Yahoo! Toolbar Uninstall Setup Yahoo! Inc.
System Idle Process 0 K 28 K 0
procexp.exe 1.56 30,092 K 43,180 K 4500 (Verified) Microsoft Corporation Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs
YahooAUService.exe 3,276 K 4,808 K 848 (Verified) Yahoo! Inc. AutoUpater Service Module Yahoo! Inc.
wuauclt.exe 2,528 K 5,184 K 5332 (Verified) Microsoft Windows Component Publisher Windows Update Microsoft Corporation
wscntfy.exe 1,072 K 4,096 K 3000 (Verified) Microsoft Windows Component Publisher Windows Security Center Notification App Microsoft Corporation
wmiprvse.exe 0.77 3,920 K 7,864 K 2472 (No signature was present in the subject) Microsoft Corporation WMI Microsoft Corporation
wmiprvse.exe 2,164 K 6,428 K 5016 (No signature was present in the subject) Microsoft Corporation WMI Microsoft Corporation
winlogon.exe 7,444 K 1,988 K 1428 (No signature was present in the subject) Microsoft Corporation Windows NT Logon Application Microsoft Corporation
tvttcsd.exe 808 K 2,820 K 3848 (Verified) Lenovo (United States) Inc. tvttcsd Application IBM
tvtsched.exe 3,748 K 7,268 K 4048 (No signature was present in the subject) Lenovo Group Limited ThinkVantage Scheduler Lenovo Group Limited
tvt_reg_monitor_svc.exe 1,728 K 4,036 K 3780 (Verified) Lenovo (United States) Inc. ThinkVantage Registry Monitor Service Lenovo Group Limited
TpShocks.exe 2,108 K 4,428 K 2888 (Verified) Lenovo (Japan) Ltd. ThinkVantage Active Protection System Lenovo.
TpScrex.exe 1,240 K 3,652 K 2928 (Verified) Lenovo (Japan) Ltd ThinkPad UltraZoom Lenovo Group Limited
TPOSDSVC.exe 3,604 K 6,488 K 2992 (Verified) Lenovo (Japan) Ltd. On screen display message handler Lenovo Group Limited
TPONSCR.exe 1,232 K 3,724 K 2964 (Verified) Lenovo (Japan) Ltd. On screen display drawer Lenovo Group Limited
TPHDEXLG.exe 740 K 2,040 K 3828 (Verified) Lenovo (Japan) Ltd. ThinkVantage Active Protection System - HDD Logger Module Lenovo.
tpfnf7sp.exe 2,324 K 4,584 K 3004 (Verified) Lenovo (Japan) Ltd. Presentation Director Fn+F7 handler Lenovo Group Limited
taskmgr.exe 2,204 K 3,672 K 3512 (Verified) Microsoft Windows Component Publisher Windows TaskManager Microsoft Corporation
System 0 K 256 K 4
SynTPLpr.exe 1,252 K 3,512 K 2960 (Verified) Microsoft Windows Hardware Compatibility Publisher TouchPad Driver Helper Application Synaptics, Inc.
SynTPEnh.exe 3,328 K 6,408 K 2304 (Verified) Microsoft Windows Hardware Compatibility Publisher Synaptics TouchPad Enhancements Synaptics, Inc.
SymcPCCULaunchSvc.exe 3,736 K 5,940 K 1332 (Verified) Symantec Corporation Norton PC Checkup Launcher Service Symantec Corporation
svchost.exe 0.77 16,056 K 26,628 K 2000 (Verified) Microsoft Windows Component Publisher Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 3,204 K 5,252 K 1712 (No signature was present in the subject) Microsoft Corporation Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2,088 K 4,888 K 1800 (No signature was present in the subject) Microsoft Corporation Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1,340 K 3,636 K 472 (Verified) Microsoft Windows Component Publisher Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1,624 K 3,976 K 768 (No signature was present in the subject) Microsoft Corporation Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1,340 K 3,892 K 944 (No signature was present in the subject) Microsoft Corporation Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2,480 K 4,440 K 3740 (Verified) Microsoft Windows Component Publisher Generic Host Process for Win32 Services Microsoft Corporation
SvcGuiHlpr.exe 3,104 K 6,824 K 3404 (No signature was present in the subject) Lenovo Access Connections SvcGuiHlpr Application Lenovo
SUService.exe 11,144 K 13,780 K 2136 (No signature was present in the subject) Lenovo Group Limited ThinkVantage System Update Service Lenovo Group Limited
sqlwriter.exe 960 K 3,620 K 3708 (Verified) Microsoft Corporation SQL Server VSS Writer Microsoft Corporation
sqlbrowser.exe 712 K 2,356 K 3636 (Verified) Microsoft Corporation SQL Browser Service EXE Microsoft Corporation
spoolsv.exe 0.77 6,860 K 9,944 K 1016 (Verified) Microsoft Windows Component Publisher Spooler SubSystem App Microsoft Corporation
smss.exe 180 K 452 K 1268 (Verified) Microsoft Windows Component Publisher Windows NT Session Manager Microsoft Corporation
smax4pnp.exe 4,416 K 6,704 K 3056 (Verified) Microsoft Windows Hardware Compatibility Publisher SMax4PNP Analog Devices, Inc.
services.exe 3,164 K 4,292 K 1472 (Verified) Microsoft Windows Component Publisher Services and Controller app Microsoft Corporation
SeagateDashboardService.exe 21,144 K 21,756 K 2372 (Verified) Memeo Inc MemeoDashboardService Memeo
scheduler_proxy.exe 3,472 K 5,868 K 3412 (No signature was present in the subject) Lenovo Group Limited scheduler_proxy Application Lenovo Group Limited
scardsvr.exe 932 K 2,744 K 1060 (Verified) Microsoft Windows Component Publisher Smart Card Resource Management Server Microsoft Corporation
S24EvMon.exe 0.77 5,628 K 10,608 K 252 (No signature was present in the subject) Intel Corporation Wireless Management Service Intel Corporation
rundll32.exe 4,720 K 7,340 K 3196 (No signature was present in the subject) Microsoft Corporation Run a DLL as an App Microsoft Corporation
rundll32.exe 3,448 K 4,828 K 3252 (No signature was present in the subject) Microsoft Corporation Run a DLL as an App Microsoft Corporation
rundll32.exe 3,548 K 6,580 K 3300 (No signature was present in the subject) Microsoft Corporation Run a DLL as an App Microsoft Corporation
rrservice.exe 4,784 K 8,956 K 4032 (No signature was present in the subject) Lenovo Group Limited Rescue and Recovery Backup Service Lenovo Group Limited
rrpservice.exe 2,016 K 4,512 K 3948 (No signature was present in the subject) rrpservice Module
RegSrvc.exe 1,072 K 3,436 K 2076 (No signature was present in the subject) Intel Corporation Intel® PROSet/Wireless Registry Service Intel Corporation
OBroker.exe 1,872 K 5,828 K 2128 (No signature was present in the subject) Orbiscom Ltd. Orbiscom Communication Broker Module Orbiscom Ltd.
nvsvc32.exe 2,652 K 4,308 K 1552 (No signature was present in the subject) NVIDIA Corporation NVIDIA Driver Helper Service, Version 101.33 NVIDIA Corporation
msmsgs.exe 5,072 K 1,692 K 4272 (Verified) Microsoft Windows Component Publisher Windows Messenger Microsoft Corporation
msiexec.exe 1,468 K 5,264 K 6120 (Verified) Microsoft Windows Component Publisher Windows® installer Microsoft Corporation
MemeoDashboard.exe 40,964 K 44,212 K 5924 (Verified) Memeo Inc Seagate Dashboard Memeo
mDNSResponder.exe 1,432 K 4,232 K 1196 (Verified) Apple Inc. Bonjour Service Apple Inc.
MCPLaunch.exe 524 K 1,436 K 4124 (Verified) Lenovo Information Products (Shenzhen) Co. Message Center Plus Launcher
lsass.exe 4,200 K 6,736 K 1484 (No signature was present in the subject) Microsoft Corporation LSA Shell (Export Version) Microsoft Corporation
LPMGR.EXE 5,504 K 9,424 K 3348 (Verified) Lenovo (Japan) Ltd. ThinkVantage Productivity Center Manager Lenovo Group Limited
logmon.exe 1,348 K 2,948 K 1148 (No signature was present in the subject)
jusched.exe 1,636 K 4,260 K 5612 (Verified) Oracle America Java™ Update Scheduler Oracle Corporation
jqs.exe 2,648 K 1,916 K 408 (Verified) Oracle America Java Quick Starter Service Oracle Corporation
iviRegMgr.exe 784 K 2,680 K 368 (Verified) Intervideo RegMgr Module InterVideo
IUService.exe 472 K 1,488 K 4080 (No signature was present in the subject)
itype.exe 8,760 K 13,456 K 3608 (Verified) Microsoft Corporation IType.exe Microsoft Corporation
iTunesHelper.exe 7,852 K 12,308 K 4664 (Verified) Apple Inc. iTunesHelper Module Apple Inc.
issch.exe 632 K 1,712 K 688 (No signature was present in the subject) InstallShield Software Corporation InstallShield Update Service Scheduler InstallShield Software Corporation
IPSSVC.EXE 1,224 K 2,768 K 1084 (Verified) Lenovo (Japan) Ltd. IPS Core Service Lenovo Group Limited
ipoint.exe 8,904 K 13,524 K 3296 (Verified) Microsoft Corporation IPoint.exe Microsoft Corporation
iPodService.exe 2,680 K 4,512 K 4684 (Verified) Apple Inc. iPodService Module Apple Inc.
IntuitUpdateService.exe 10,872 K 11,936 K 304 (Verified) Intuit Intuit Update Service Intuit Inc.
InstantBackup.exe 44,244 K 28,888 K 5224 (Verified) Memeo Inc Memeo Instant Backup Client
iexplore.exe 12,680 K 4,432 K 4348 (Verified) Microsoft Windows Internet Explorer Microsoft Corporation
iexplore.exe 110,708 K 110,216 K 5988 (Verified) Microsoft Windows Internet Explorer Microsoft Corporation
ibmpmsvc.exe 436 K 1,448 K 1684 (Verified) Lenovo (Japan) Ltd. ThinkPad Power Management Service Lenovo
hpwuschd2.exe 1,228 K 3,788 K 2816 (Verified) Hewlett-Packard Company hpwuSchd Application Hewlett-Packard
hpswp_clipbook.exe 3,156 K 5,004 K 1604 (Verified) Hewlett-Packard Company HP Smart Web Printing add-on for Internet Explorer Hewlett-Packard Co.
HPSIsvc.exe 1,888 K 2,828 K 2020 (Verified) Hewlett-Packard Company HP Smart-Install Service HP
hpqtra08.exe 5,952 K 13,656 K 5212 (No signature was present in the subject) Hewlett-Packard Co. HP Digital Imaging Monitor Hewlett-Packard Co.
hpqgalry.exe 27,416 K 8,804 K 648 (No signature was present in the subject) Hewlett-Packard Co. Hewlett-Packard Co.
HipServAgent.exe 4,568 K 9,052 K 6080 (No signature was present in the subject) Axentra Corporation GoFlex Home Agent Application Axentra Corporation
EZEJMNAP.EXE 2,572 K 5,152 K 2648 (Verified) Lenovo (Japan) Ltd. ThinkPad EasyEject Support Application Lenovo Group Ltd.
explorer.exe 32,512 K 18,416 K 640 (Verified) Microsoft Windows Component Publisher Windows Explorer Microsoft Corporation
EvtEng.exe 8,580 K 12,468 K 1896 (No signature was present in the subject) Intel Corporation Intel® PROSet/Wireless Event Log Intel Corporation
dpupdchk.exe 1,940 K 3,064 K 484 (Verified) Microsoft Corporation dpupdchk.exe Microsoft Corporation
DLG.exe 2,936 K 5,244 K 4764 (Verified) Avanquest Digital Line Detection Avanquest Software
DLACTRLW.EXE 2,364 K 5,608 K 2652 (No signature was present in the subject) Sonic Solutions Drive Letter Access Component Sonic Solutions
DkService.exe 4,180 K 7,964 K 1284 (No signature was present in the subject) Diskeeper Corporation DKSERVICE.EXE Diskeeper Corporation
DkIcon.exe 1,968 K 4,480 K 2488 (No signature was present in the subject) Diskeeper Corporation DKICON.EXE Diskeeper Corporation
ctfmon.exe 1,396 K 5,776 K 3616 (No signature was present in the subject) Microsoft Corporation CTF Loader Microsoft Corporation
cssauth.exe 11,572 K 15,964 K 3312 (Verified) Lenovo (United States) Inc. CSS Authentication Provider Lenovo Group Limited
csrss.exe 1,892 K 4,912 K 1396 (No signature was present in the subject) Microsoft Corporation Client Server Runtime Process Microsoft Corporation
CNSEMAIN.EXE 42,856 K 44,740 K 5272 (Verified) Canon Inc. Canon Solution Menu EX CANON INC.
CNMNSUT.exe 2,520 K 5,932 K 5396 (Verified) Canon Inc. Canon IJ Network Scan Utility CANON INC.
CitiVAN.exe 7,068 K 12,000 K 5784 (No signature was present in the subject) Orbiscom Ltd. All rights reserved. Virtual Account Numbers Orbiscom Ltd. All rights reserved.
chrome.exe 9,276 K 14,236 K 3332 (Verified) Google Inc Google Chrome Google Inc.
ccsvchst.exe 19,836 K 36,720 K 2064 (Verified) Symantec Corporation Symantec Service Framework Symantec Corporation
ccsvchst.exe 32,800 K 14,048 K 1224 (Verified) Symantec Corporation Symantec Service Framework Symantec Corporation
ccSvcHst.exe 5,440 K 8,280 K 212 (Verified) Symantec Corporation Symantec Service Framework Symantec Corporation
ccSvcHst.exe 5,504 K 8,216 K 3696 (Verified) Symantec Corporation Symantec Service Framework Symantec Corporation
CALMAIN.exe 1,252 K 3,284 K 2060 (No signature was present in the subject) Canon Inc. Canon Camera Access Library 8 Canon Inc.
btwdins.exe 2,060 K 2,828 K 2028 (No signature was present in the subject) Broadcom Corporation. Bluetooth Support Server Broadcom Corporation.
BTTray.exe 4,916 K 6,844 K 4528 (No signature was present in the subject) Broadcom Corporation. Bluetooth Tray Application Broadcom Corporation.
BJMYPRT.EXE 4,512 K 6,832 K 5192 (Verified) Canon Inc. Canon My Printer CANON INC.
BcmSqlStartupSvc.exe 688 K 2,332 K 1176 (Verified) Microsoft Corporation BCM SQL Startup Service Microsoft Corporation
AwaySch.EXE 2,320 K 5,028 K 3240 (Verified) Lenovo (Japan) Ltd Maintenance Manager Scheduler Lenovo Group Limited
AppleMobileDeviceService.exe 2,064 K 3,144 K 1160 (Verified) Apple Inc. Apple Mobile Device Service Apple Inc.
alg.exe 1,188 K 3,676 K 3028 (Verified) Microsoft Windows Component Publisher Application Layer Gateway Service Microsoft Corporation
ACWLIcon.exe 3,592 K 6,860 K 3376 (No signature was present in the subject) Lenovo Access Connections Tray Status Application Lenovo
ACTray.exe 3,880 K 7,288 K 3372 (No signature was present in the subject) Lenovo Access Connections Tray Application Lenovo
AcSvc.exe 11,944 K 18,452 K 900 (No signature was present in the subject) Lenovo Access Connections Main Service Lenovo
AcPrfMgrSvc.exe 2,284 K 6,236 K 624 (No signature was present in the subject) Lenovo Access Connections Profile Manager Service Lenovo

Attached Files


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP