Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Popups, new icons, alerts, etc. but anti-virus claims it's clean&#


  • Please log in to reply

#1
macelink

macelink

    New Member

  • Member
  • Pip
  • 4 posts
I am having a ton of problems with my Lenovo ThinkPad laptop. Background: I have no idea how old it is; it doesn't have a webcam in it, so that may date it a little bit. It's been refurbished (not sure how many times) and it was given to me by my university as a part of an incoming student's tech package. It's running on Windows Vista Home Basic service pack 2 on a 32-bit OS (That's really all I know how to find).

As far as antivirus, it has Sophos Endpoint Security and Control 10.0 (installed by the university) and Malwarebytes Anti-Malware (installed by me). Normally I'd just take the laptop to our IT department to be fixed, but I recently graduated and they are no longer obligated to assist me. I'm buying a new, more reliable laptop next month but I just need to get this problem fixed until then.

For the past two weeks, I've been getting this alert from Sophos. I scanned and it didn't detect anything, and deleted my cookies but nothing changed. I also see pop-ups and ads like this come up randomly on different sites I visit. I generally use Firefox and thought it was a plug-in issue, but attempted to fix it and nothing seemed to help. My laptop hasn't been acting weird, slow, etc. at all.

Yesterday, I got an alert from our internet provider saying there was 'botnet activity' on our home network and we would have to scan our computers. I scanned with both Sophos and MalwareBytes full scans (took about 3 hours each) and neither found anything. I also used my internet provider's recommended scanners (Microsoft MSRT and McAfee Stinger) which both detected nothing after 3-hour full scans. Also, right when I got the botnet message, this weird little button appeared in the lower righthand corner of my screen. I don't know what it does; when I click it, it does nothing, and right-clicking doesn't bring up any options, but it just appeared after that warning message and I'm not sure if it has any relevance to the problem at-hand since I haven't actively downloaded anything besides those scanning tools.

I am not very tech-savvy but I found this forum and hope that you guys can help me out! thank you so much in advance :) here is my OTL log!


OTL logfile created on: 7/3/2013 11:55:29 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\College User\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 42.33% Memory free
6.12 Gb Paging File | 3.83 Gb Available in Paging File | 62.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 125.86 Gb Total Space | 50.66 Gb Free Space | 40.25% Space Free | Partition Type: NTFS
Drive Q: | 21.49 Gb Total Space | 16.25 Gb Free Space | 75.61% Space Free | Partition Type: NTFS
Drive S: | 1.70 Gb Total Space | 0.93 Gb Free Space | 54.43% Space Free | Partition Type: NTFS

Computer Name: LABLE-YKMBUOQWD | User Name: College User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/03 11:55:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\College User\Downloads\OTL.exe
PRC - [2013/07/03 11:21:19 | 002,986,440 | ---- | M] (Symantec Corporation) -- C:\Users\College User\Downloads\NPE.exe
PRC - [2013/07/03 10:03:56 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/06/12 13:21:50 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\College User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/06/02 15:32:32 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\College User\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/04 13:29:52 | 002,869,824 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2012/12/04 13:29:50 | 000,216,640 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2012/10/29 11:37:00 | 002,734,224 | ---- | M] (Bradford Networks) -- C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe
PRC - [2012/10/29 11:36:58 | 004,028,560 | ---- | M] (Bradford Networks) -- C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
PRC - [2012/09/19 10:50:47 | 000,233,472 | ---- | M] () -- C:\ProgramData\Premium\Codec\Codec.exe
PRC - [2012/09/17 14:00:21 | 000,818,240 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
PRC - [2012/09/17 14:00:20 | 000,289,856 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2012/08/08 09:55:54 | 000,900,160 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2012/08/08 09:55:53 | 000,232,512 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012/07/19 07:55:38 | 001,422,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
PRC - [2012/07/05 11:28:45 | 000,139,840 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2012/05/09 12:05:39 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/11/04 16:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/10/24 05:16:26 | 000,425,984 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2011/10/24 05:16:14 | 000,356,352 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2011/10/24 05:15:48 | 000,188,416 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2011/10/24 05:14:16 | 000,258,048 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2011/10/24 05:14:12 | 000,122,880 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2011/10/20 11:58:46 | 000,101,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2011/10/04 04:04:00 | 000,486,464 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE
PRC - [2011/10/04 04:04:00 | 000,292,200 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2011/10/04 04:04:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
PRC - [2011/10/04 04:04:00 | 000,089,152 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2011/10/04 04:04:00 | 000,064,576 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/26 00:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2011/07/12 19:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2011/07/12 18:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\tpscrex.exe
PRC - [2011/07/12 17:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2011/07/12 17:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2011/07/12 17:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphksvc.exe
PRC - [2010/07/27 14:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/03/29 01:11:24 | 000,409,600 | ---- | M] () -- C:\Program Files\Print Manager Plus - Client\CheckPages.exe
PRC - [2009/08/04 05:32:00 | 000,062,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/07/23 04:11:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2009/04/11 09:18:35 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 01:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2008/06/06 18:26:38 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/01/20 22:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/20 22:33:00 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/03 10:03:52 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/06/02 15:32:32 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\College User\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/12/12 01:34:13 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\College User\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/10/05 06:59:03 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/10/05 06:59:03 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/08/31 07:01:10 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/13 07:02:15 | 001,249,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2012/02/13 07:02:09 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012/02/13 07:02:04 | 004,214,784 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2011/11/11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/10/24 05:11:40 | 000,086,016 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcWrpc.dll
MOD - [2011/10/04 04:04:00 | 000,081,920 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMROV.DLL
MOD - [2011/10/04 04:04:00 | 000,044,544 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/18 11:04:04 | 000,196,448 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/29 01:11:24 | 000,409,600 | ---- | M] () -- C:\Program Files\Print Manager Plus - Client\CheckPages.exe
MOD - [2009/04/11 09:19:05 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
MOD - [2009/04/11 09:19:04 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
MOD - [2009/04/11 09:19:04 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
MOD - [2009/04/11 09:19:03 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
MOD - [2009/04/11 09:18:29 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2008/06/06 18:13:22 | 000,139,264 | ---- | M] () -- c:\Program Files\Common Files\Lenovo\CDRecord.dll
MOD - [2007/06/18 20:28:44 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL


========== Services (SafeList) ==========

SRV - [2013/07/03 10:03:52 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/04 13:29:52 | 002,869,824 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012/12/04 13:29:50 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012/12/04 13:29:46 | 001,459,264 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe -- (swi_update)
SRV - [2012/10/29 11:36:58 | 004,028,560 | ---- | M] (Bradford Networks) [Auto | Running] -- C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe -- (BNPagent)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/09/17 14:00:21 | 000,818,240 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2012/09/17 14:00:20 | 000,289,856 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2012/08/08 09:55:53 | 000,232,512 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012/07/05 11:28:45 | 000,139,840 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012/05/09 12:05:39 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2011/10/24 05:14:16 | 000,258,048 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2011/10/24 05:14:12 | 000,122,880 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2011/10/04 04:04:00 | 000,292,200 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2011/10/04 04:04:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011/10/04 04:04:00 | 000,089,152 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/07/26 00:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/07/12 17:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2011/07/12 17:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011/07/12 17:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011/07/12 17:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphksvc.exe -- (TPHKSVC)
SRV - [2010/07/27 14:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2009/04/28 22:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009/03/05 01:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2008/06/06 18:26:38 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/04/25 12:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\Drivers\PROCEXP151.SYS -- (PROCEXP151)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/07/03 11:21:32 | 000,098,392 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SMR322.SYS -- (SMR322)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/05/09 12:05:42 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2012/03/21 17:56:14 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2012/03/11 15:42:06 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2012/03/11 15:41:59 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2012/01/18 02:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/01/02 12:12:46 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2011/10/04 04:04:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2011/10/04 04:04:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2011/08/30 16:46:12 | 000,835,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2011/03/29 20:14:08 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2011/03/29 20:12:16 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/09/07 15:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/06/17 12:37:30 | 000,467,072 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010/04/07 16:59:34 | 000,223,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress)
DRV - [2009/06/23 13:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/04/28 22:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/01/05 01:35:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/02/22 19:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/02/15 05:01:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/20 22:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/07/29 22:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/29 21:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/06/18 20:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 20:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 20:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 20:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 20:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 20:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 20:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 20:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/02/09 00:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/09 00:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...c=IE-SearchBox;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...c=IE-SearchBox;
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:1.3.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/29 10:29:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/03 10:02:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/03 10:02:41 | 000,000,000 | ---D | M]

[2012/01/05 13:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\College User\AppData\Roaming\mozilla\Extensions
[2013/05/08 22:02:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\College User\AppData\Roaming\mozilla\Firefox\Profiles\c3ivqacj.default\extensions
[2012/10/30 19:25:56 | 000,000,000 | ---D | M] (Vaudix) -- C:\Users\College User\AppData\Roaming\mozilla\Firefox\Profiles\c3ivqacj.default\extensions\[email protected]
[2012/01/06 14:01:09 | 000,021,093 | ---- | M] () (No name found) -- C:\Users\College User\AppData\Roaming\mozilla\firefox\profiles\c3ivqacj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/05/08 22:02:34 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\College User\AppData\Roaming\mozilla\firefox\profiles\c3ivqacj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/03 10:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/03 10:03:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/08/16 15:48:57 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [bncsaui.exe] C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe (Bradford Networks)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PrintManagerPlusClient] C:\Program Files\Print Manager Plus - Client\CheckPages.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spotify] C:\Users\College User\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\college User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\College User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\College User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.2.128.88 10.2.128.87
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23C7BFB6-F8EC-47A5-8E10-3A4CED717D5E}: DhcpNameServer = 10.2.128.88 10.2.128.87
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8241DFA-F755-41B1-8A7E-9A574F690FD7}: DhcpNameServer = 10.2.128.88 10.2.128.87
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\College User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\College User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008/06/02 18:46:54 | 000,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{26b91366-3573-11e1-8454-8941d6fa1200}\Shell - "" = AutoRun
O33 - MountPoints2\{26b91366-3573-11e1-8454-8941d6fa1200}\Shell\AutoRun\command - "" = S:\LenovoSDrive.exe -- [2008/07/29 18:37:58 | 000,180,224 | -HS- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/03 11:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/07/03 11:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SMR322
[2013/07/03 11:21:32 | 000,098,392 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR322.SYS
[2013/07/03 11:21:28 | 000,000,000 | ---D | C] -- C:\Users\College User\AppData\Local\NPE
[2013/07/03 11:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/07/03 10:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/07/02 20:51:49 | 000,000,000 | ---D | C] -- C:\Users\College User\AppData\Local\Sophos
[2013/07/02 17:44:53 | 000,000,000 | ---D | C] -- C:\Stinger_Quarantine
[2013/07/02 17:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2013/06/07 01:37:26 | 000,000,000 | ---D | C] -- C:\Users\College User\Documents\Pine Glenn
[2013/06/07 01:33:07 | 000,000,000 | ---D | C] -- C:\Users\College User\Documents\Towers
[2013/06/07 01:30:07 | 000,000,000 | ---D | C] -- C:\Users\College User\Documents\Main Street
[28 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/03 11:47:12 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/07/03 11:32:09 | 000,640,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/03 11:32:09 | 000,118,878 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/03 11:24:38 | 000,000,374 | -H-- | M] () -- C:\Windows\tasks\CodecUpdaterTask{0E079E4A-AD41-4809-98CE-7448FB225F6C}.job
[2013/07/03 11:24:24 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/03 11:24:24 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/03 11:24:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/03 11:24:16 | 3179,311,104 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/03 11:21:32 | 000,098,392 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR322.SYS
[2013/07/03 11:09:48 | 000,007,728 | ---- | M] () -- C:\Users\College User\AppData\Local\d3d9caps.dat
[2013/07/03 11:01:58 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/07/03 09:52:01 | 000,032,050 | ---- | M] () -- C:\Users\College User\Desktop\ad.jpg
[2013/07/03 09:38:37 | 000,002,998 | ---- | M] () -- C:\Users\College User\Desktop\weirdbutton.jpg
[2013/07/03 09:37:46 | 000,009,761 | ---- | M] () -- C:\Users\College User\Desktop\asiaalert.jpg
[2013/07/03 09:31:45 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\Daily 6am.job
[2013/07/02 21:49:40 | 000,079,370 | ---- | M] () -- C:\Users\College User\Desktop\tumblr_m1o3dpprvB1rsg0mro1_500.jpg
[2013/06/18 11:14:39 | 000,085,073 | ---- | M] () -- C:\Users\College User\Desktop\a1b09212ee677109fe3dfaa7bba9eb00.jpg
[2013/06/09 03:36:04 | 000,420,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[28 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/03 11:47:12 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/07/03 11:24:16 | 3179,311,104 | -HS- | C] () -- C:\hiberfil.sys
[2013/07/03 09:52:01 | 000,032,050 | ---- | C] () -- C:\Users\College User\Desktop\ad.jpg
[2013/07/03 09:38:36 | 000,002,998 | ---- | C] () -- C:\Users\College User\Desktop\weirdbutton.jpg
[2013/07/03 09:37:46 | 000,009,761 | ---- | C] () -- C:\Users\College User\Desktop\asiaalert.jpg
[2013/07/02 21:49:39 | 000,079,370 | ---- | C] () -- C:\Users\College User\Desktop\tumblr_m1o3dpprvB1rsg0mro1_500.jpg
[2013/06/18 11:14:38 | 000,085,073 | ---- | C] () -- C:\Users\College User\Desktop\a1b09212ee677109fe3dfaa7bba9eb00.jpg
[2012/12/10 19:20:29 | 000,007,168 | ---- | C] () -- C:\Users\College User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/03 15:54:53 | 000,007,728 | ---- | C] () -- C:\Users\College User\AppData\Local\d3d9caps.dat
[2012/03/11 15:39:28 | 000,420,872 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/02 16:18:54 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2012/01/02 16:18:54 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2012/01/02 16:18:54 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/01/02 16:18:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2012/01/02 16:18:51 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012/01/02 15:51:20 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2012/01/02 15:36:56 | 000,016,896 | ---- | C] () -- C:\Windows\Eventclr.exe
[2012/01/02 12:09:00 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2012/01/02 12:09:00 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/02 12:05:29 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2012/01/02 12:05:29 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2012/01/02 12:05:29 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2012/01/02 12:05:29 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2012/01/02 12:05:29 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2012/01/02 12:05:29 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2012/01/02 11:57:53 | 000,134,544 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2011/11/16 21:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll

========== ZeroAccess Check ==========

[2006/11/02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 09:18:35 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 09:18:24 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/08/16 15:48:57 | 000,000,000 | ---D | M] -- C:\Users\College User\AppData\Roaming\Catalina Marketing Corp
[2013/07/03 11:28:00 | 000,000,000 | ---D | M] -- C:\Users\College User\AppData\Roaming\Dropbox
[2012/05/05 00:55:57 | 000,000,000 | ---D | M] -- C:\Users\College User\AppData\Roaming\Leadertech
[2012/01/02 13:06:47 | 000,000,000 | ---D | M] -- C:\Users\College User\AppData\Roaming\Lenovo
[2012/01/02 16:10:33 | 000,000,000 | ---D | M] -- C:\Users\College User\AppData\Roaming\PwrMgr
[2013/07/03 11:28:19 | 000,000,000 | ---D | M] -- C:\Users\College User\AppData\Roaming\Spotify
[2013/01/29 18:58:53 | 000,000,000 | ---D | M] -- C:\Users\College User\AppData\Roaming\webex

========== Purity Check ==========



< End of report >

***This was an addition titled "Extras.Txt"...I'm not sure if it's needed but I am pasting it just in case!

OTL Extras logfile created on: 7/3/2013 11:55:29 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\College User\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 42.33% Memory free
6.12 Gb Paging File | 3.83 Gb Available in Paging File | 62.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 125.86 Gb Total Space | 50.66 Gb Free Space | 40.25% Space Free | Partition Type: NTFS
Drive Q: | 21.49 Gb Total Space | 16.25 Gb Free Space | 75.61% Space Free | Partition Type: NTFS
Drive S: | 1.70 Gb Total Space | 0.93 Gb Free Space | 54.43% Space Free | Partition Type: NTFS

Computer Name: LABLE-YKMBUOQWD | User Name: College User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3BBCE7B5-B97E-4ACE-82F5-8E13D8F55941}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{141EC1EE-AEA2-493D-9C2B-975DC778E963}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{309F4995-BE5E-4330-AC93-A0D110810213}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5294305A-1C5F-42BF-BC6A-D471C8DBF32F}" = protocol=6 | dir=in | app=c:\program files\bradford networks\persistent agent\bndaemon.exe |
"{617A3351-D9E0-4DB3-AE01-76A714F7D56C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6C3E9FEB-A146-4FE7-BC19-2E988CC58D23}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{79DE8A91-C789-4AA4-9136-3FE97571D281}" = protocol=6 | dir=in | app=c:\users\college user\appdata\roaming\dropbox\bin\dropbox.exe |
"{7E0B0ED1-E225-4F18-8CAF-D2AE00DD4A0E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9E7EB1BD-B110-4028-8E56-B39C011E0B1F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{AB59EB20-F3D3-46BD-A23C-C75AB7410E21}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8006BEF-6402-4D4A-A578-1D27254D9A5D}" = protocol=17 | dir=in | app=c:\users\college user\appdata\roaming\dropbox\bin\dropbox.exe |
"{D2A7AD89-67C3-4500-99D4-16E89053DDA0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D85C20AC-1B8C-4E9D-87FB-944E783012F0}" = protocol=17 | dir=in | app=c:\program files\bradford networks\persistent agent\bndaemon.exe |
"{DBF41DFF-9938-4FB3-8634-D228D8A5B09C}" = protocol=17 | dir=in | app=c:\program files\bradford networks\persistent agent\bndaemon.exe |
"{E2CB24C4-E629-4538-B337-110410BB543D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F1ACC737-1C4B-433D-B0D9-E0B7F1997220}" = protocol=6 | dir=in | app=c:\program files\bradford networks\persistent agent\bndaemon.exe |
"TCP Query User{034B2155-5D14-4D2F-B0E4-C63DFA9E45C2}C:\program files\print manager plus - client\checkpages.exe" = protocol=6 | dir=in | app=c:\program files\print manager plus - client\checkpages.exe |
"TCP Query User{B747C62D-0B96-4F85-8CF9-0222C5DC8570}C:\users\college user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\college user\appdata\roaming\spotify\spotify.exe |
"TCP Query User{C4EE86BD-B50A-4197-B158-11C1F375C5C9}C:\users\college user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\college user\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{D0E76357-19F1-42F6-9497-D5BE0DB0F6CE}C:\program files\print manager plus - client\checkpages.exe" = protocol=6 | dir=in | app=c:\program files\print manager plus - client\checkpages.exe |
"TCP Query User{FB63C4E1-998B-488E-8CD6-8C7BA5713289}C:\users\college user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\college user\appdata\roaming\spotify\spotify.exe |
"UDP Query User{393CA147-71F6-4C5E-B52E-1CD232EEE04D}C:\users\college user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\college user\appdata\roaming\spotify\spotify.exe |
"UDP Query User{466A3CBE-1343-44B3-AD4E-332560CF162C}C:\users\college user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\college user\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4EBFF936-BB5F-4821-A494-8C446BC7C964}C:\program files\print manager plus - client\checkpages.exe" = protocol=17 | dir=in | app=c:\program files\print manager plus - client\checkpages.exe |
"UDP Query User{5781DDD0-FDDA-435B-A6AC-56388985FE54}C:\program files\print manager plus - client\checkpages.exe" = protocol=17 | dir=in | app=c:\program files\print manager plus - client\checkpages.exe |
"UDP Query User{CA7BCD48-02B4-4685-8046-06D8CB139F25}C:\users\college user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\college user\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2C9F55AF-1CFA-4063-8A36-EEA6979602AD}" = SoftwareManager
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40D6A7A7-4E16-4266-B353-1F4083AC1808}" = Bradford Persistent Agent
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4E2FA28A-2D17-41CC-AD11-12F428B2A273}" = ThinkVantage Access Connections
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{681002C6-5019-81A2-7871-A43754F71E56}" = Vaudix
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70EAB8EB-BAA2-4D2E-A4A6-4246D522797D}" = ThinkVantage Status Gadget
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4DB1CA-8206-4ADC-805C-66ACF1611DA3}" = System Migration Assistant
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9D3D2C60-A55F-4fed-B2B9-17394396DF01}" = ThinkPad Wireless LAN Adapter Software
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AE902C4A-22FF-4889-9F27-F0D106E43ADC}" = Minitab16
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B9D9B170-6A42-4AD0-8DBE-10E0EF29B0A3}" = Bootstrapper
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D36B4583-E804-406B-9D56-F97931286C5B}" = 32 Bit HP CIO Components Installer
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DA6177B2-FF5D-46EA-8633-359C358307C5}" = Print Manager Plus - Client
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{E62BCBF4-C355-45A0-974B-D5F62963F12A}" = Minitab16
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F80662FB-C834-497A-AFE7-A4999E508093}" = Minitab16
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
"{FED1005D-CBC8-45D5-A288-FFC7BB304121}" = Sophos Remote Management System
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"1205965EF392C9B0D5A9BDB139035F058E76359E" = Windows Driver Package - Ricoh Company MMC Host Controller (02/15/2008 6.00.03.05)
"1A96FF9D9E5F19776E6749D8F6557FCC437EB294" = Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)
"3EB6CB625B5778835F0A66A7529E69050E0EE033" = Windows Driver Package - Lenovo 1.53 (03/19/2009 1.53)
"432D918ED17EA51B73E8491A0369730C0076A292" = Windows Driver Package - Intel System (02/20/2008 8.6.1.1002)
"464CE3922A214073AAEE00DEB23EA5C750AF8CE8" = Windows Driver Package - Intel USB (02/05/2007 8.3.0.1011)
"513C7D1BF4530B30EC84716327E4D7E76810DCC5" = Windows Driver Package - Intel System (02/20/2008 8.7.0.1007)
"5A4D4FF375E24E41AE5D2D907E67E0884BE2CAF4" = Windows Driver Package - Intel System (01/30/2008 8.6.1.1001)
"778DAA8FB0D52FC214BC306BBDC33E26ACAB6F44" = Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"CF1BA19E706159CF116E54C430C0383590316730" = Windows Driver Package - Intel (e1yexpress) Net (03/26/2009 9.52.25.0)
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"Codec" = Codec
"Coupon Printer for Windows5.0.0.3" = Coupon Printer for Windows
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"DivX Setup" = DivX Setup
"E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"HECI" = Intel® Management Engine Interface
"Lenovo Registration" = Lenovo Registration
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Minitab16" = Minitab 16
"MinitabSoftwareManager" = Minitab Software Update Manager
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"PROSet" = Intel® Network Connections Drivers
"Speccy" = Speccy
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/3/2013 11:01:07 AM | Computer Name = lable-YKMBUOQWD | Source = Windows Search Service | ID = 3013
Description =

Error - 7/3/2013 11:01:07 AM | Computer Name = lable-YKMBUOQWD | Source = Windows Search Service | ID = 3013
Description =

Error - 7/3/2013 11:01:07 AM | Computer Name = lable-YKMBUOQWD | Source = Windows Search Service | ID = 3013
Description =

Error - 7/3/2013 11:01:08 AM | Computer Name = lable-YKMBUOQWD | Source = Windows Search Service | ID = 3013
Description =

Error - 7/3/2013 11:01:08 AM | Computer Name = lable-YKMBUOQWD | Source = Windows Search Service | ID = 3013
Description =

Error - 7/3/2013 11:01:09 AM | Computer Name = lable-YKMBUOQWD | Source = Windows Search Service | ID = 3013
Description =

Error - 7/3/2013 11:01:09 AM | Computer Name = lable-YKMBUOQWD | Source = Windows Search Service | ID = 3013
Description =

Error - 7/3/2013 11:09:22 AM | Computer Name = lable-YKMBUOQWD | Source = EventSystem | ID = 4609
Description =

Error - 7/3/2013 11:32:02 AM | Computer Name = lable-YKMBUOQWD | Source = MsiInstaller | ID = 10005
Description =

Error - 7/3/2013 11:47:22 AM | Computer Name = lable-YKMBUOQWD | Source = Perflib | ID = 1010
Description =

[ Lenovo-Lenovo Patch Utility/Admin Events ]
Error - 1/5/2012 12:00:00 PM | Computer Name = TC-123456789012 | Source = Lenovo Patch Utility | ID = 1
Description = HttpFileDownloader failed to download the file "http://download.leno....manifest.xml".
Error message: The remote server returned an error: (404) Not Found.

Error - 1/5/2012 12:00:00 PM | Computer Name = TC-123456789012 | Source = Lenovo Patch Utility | ID = 2
Description = Failed to download the manifest file.

Error - 5/18/2013 3:18:31 PM | Computer Name = lable-YKMBUOQWD | Source = Lenovo Patch Utility | ID = 1
Description = HttpFileDownloader failed to download the file "http://download.leno....manifest.xml".
Error message: The remote name could not be resolved: 'download.lenovo.com'

Error - 5/18/2013 3:18:31 PM | Computer Name = lable-YKMBUOQWD | Source = Lenovo Patch Utility | ID = 1
Description = Connection failure while downloading manifest file http://download.leno...M.manifest.xml.

Error - 5/18/2013 3:18:31 PM | Computer Name = lable-YKMBUOQWD | Source = Lenovo Patch Utility | ID = 2
Description = Failed to connect to the server. Error message: Exception of type
'Lenovo.LenovoPatchUtility.Exceptions.ConnectionFailureException' was thrown.

Error - 5/18/2013 3:22:49 PM | Computer Name = lable-YKMBUOQWD | Source = Lenovo Patch Utility | ID = 1
Description = HttpFileDownloader failed to download the file "http://download.leno....manifest.xml".
Error message: The remote name could not be resolved: 'download.lenovo.com'

Error - 5/18/2013 3:22:49 PM | Computer Name = lable-YKMBUOQWD | Source = Lenovo Patch Utility | ID = 1
Description = Connection failure while downloading manifest file http://download.leno...M.manifest.xml.

Error - 5/18/2013 3:22:49 PM | Computer Name = lable-YKMBUOQWD | Source = Lenovo Patch Utility | ID = 2
Description = Failed to connect to the server. Error message: Exception of type
'Lenovo.LenovoPatchUtility.Exceptions.ConnectionFailureException' was thrown.

Error - 5/18/2013 3:22:50 PM | Computer Name = lable-YKMBUOQWD | Source = Lenovo Patch Utility | ID = 1
Description = HttpFileDownloader failed to download the file "http://download.leno....manifest.xml".
Error message: The remote name could not be resolved: 'download.lenovo.com'

Error - 5/18/2013 3:22:50 PM | Computer Name = lable-YKMBUOQWD | Source = Lenovo Patch Utility | ID = 1
Description = Connection failure while downloading manifest file http://download.leno...M.manifest.xml.

[ System Events ]
Error - 7/3/2013 11:08:36 AM | Computer Name = lable-YKMBUOQWD | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:07:09 AM on 7/3/2013 was unexpected.

Error - 7/3/2013 11:09:05 AM | Computer Name = lable-YKMBUOQWD | Source = DCOM | ID = 10005
Description =

Error - 7/3/2013 11:09:22 AM | Computer Name = lable-YKMBUOQWD | Source = DCOM | ID = 10005
Description =

Error - 7/3/2013 11:09:58 AM | Computer Name = lable-YKMBUOQWD | Source = DCOM | ID = 10005
Description =

Error - 7/3/2013 11:10:01 AM | Computer Name = lable-YKMBUOQWD | Source = Service Control Manager | ID = 7001
Description =

Error - 7/3/2013 11:10:01 AM | Computer Name = lable-YKMBUOQWD | Source = Service Control Manager | ID = 7026
Description =

Error - 7/3/2013 11:26:00 AM | Computer Name = lable-YKMBUOQWD | Source = Service Control Manager | ID = 7000
Description =

Error - 7/3/2013 11:27:29 AM | Computer Name = lable-YKMBUOQWD | Source = Service Control Manager | ID = 7009
Description =

Error - 7/3/2013 11:28:00 AM | Computer Name = lable-YKMBUOQWD | Source = Service Control Manager | ID = 7009
Description =

Error - 7/3/2013 11:28:00 AM | Computer Name = lable-YKMBUOQWD | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
The Fn icon just means the Function button has been depressed and locked in the on mode.

See: http://www.ehow.com/...s-thinkpad.html

I don't see any sign of malware but we can run some scans and see if anything comes up.



Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(Does this complain that it could not fix all of your files?)


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

If it doesn't do it for you:
Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Your Java and Adobe Reader are both out of date and need to be updated. These are two very popular malware targets so need to be kept up to date.

Ron
  • 0

#3
macelink

macelink

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you so much for trying to help me! I appreciate it a lot. I am posting the logs that I am able to...ComboFix did not work. It crashed my laptop 3x even though I let it start and just left it to do its thing while I did some chores. I also do not have the adwCleaner log because the page with the file was detected as malware by my antivirus program. I also tried to update my Adobe Reader and Java, but they both said I already have the latest versions installed? Here are the logs I do have:

aswMBR:
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-04 18:37:54
-----------------------------
18:37:54.500 OS Version: Windows 6.0.6002 Service Pack 2
18:37:54.500 Number of processors: 2 586 0x170A
18:37:54.501 ComputerName: LABLE-YKMBUOQWD UserName: College User
18:37:59.098 Initialize success
18:38:14.434 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:38:14.439 Disk 0 Vendor: HITACHI_ FB2Z Size: 152627MB BusType: 3
18:38:14.764 Disk 0 MBR read successfully
18:38:14.769 Disk 0 MBR scan
18:38:14.778 Disk 0 unknown MBR code
18:38:14.828 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1741 MB offset 2048
18:38:14.853 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 128883 MB offset 3567616
18:38:14.901 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 22001 MB offset 267520000
18:38:14.924 Disk 0 scanning sectors +312579760
18:38:15.174 Disk 0 scanning C:\Windows\system32\drivers
18:38:37.812 Service scanning
18:39:11.336 Modules scanning
18:39:38.763 Scan finished successfully
18:39:56.164 Disk 0 MBR has been saved successfully to "C:\Users\College User\Desktop\MBR.dat"
18:39:56.172 The log file has been saved successfully to "C:\Users\College User\Desktop\aswMBR.txt"


TDSSKiller log:
18:52:15.0452 7488 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:52:15.0913 7488 ============================================================
18:52:15.0913 7488 Current date / time: 2013/07/04 18:52:15.0913
18:52:15.0913 7488 SystemInfo:
18:52:15.0913 7488
18:52:15.0913 7488 OS Version: 6.0.6002 ServicePack: 2.0
18:52:15.0913 7488 Product type: Workstation
18:52:15.0913 7488 ComputerName: LABLE-YKMBUOQWD
18:52:15.0913 7488 UserName: College User
18:52:15.0913 7488 Windows directory: C:\Windows
18:52:15.0913 7488 System windows directory: C:\Windows
18:52:15.0913 7488 Processor architecture: Intel x86
18:52:15.0913 7488 Number of processors: 2
18:52:15.0913 7488 Page size: 0x1000
18:52:15.0913 7488 Boot type: Normal boot
18:52:15.0913 7488 ============================================================
18:52:17.0401 7488 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
18:52:17.0404 7488 ============================================================
18:52:17.0404 7488 \Device\Harddisk0\DR0:
18:52:17.0414 7488 MBR partitions:
18:52:17.0414 7488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x366800
18:52:17.0414 7488 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x367000, BlocksNum 0xFBB9800
18:52:17.0414 7488 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xFF20800, BlocksNum 0x2AF8EB0
18:52:17.0414 7488 ============================================================
18:52:17.0543 7488 C: <-> \Device\Harddisk0\DR0\Partition2
18:52:17.0714 7488 S: <-> \Device\Harddisk0\DR0\Partition1
18:52:17.0786 7488 Q: <-> \Device\Harddisk0\DR0\Partition3
18:52:17.0786 7488 ============================================================
18:52:17.0786 7488 Initialize success
18:52:17.0786 7488 ============================================================
18:52:31.0969 1844 ============================================================
18:52:31.0969 1844 Scan started
18:52:31.0969 1844 Mode: Manual; SigCheck; TDLFS;
18:52:31.0969 1844 ============================================================
18:52:34.0409 1844 ================ Scan system memory ========================
18:52:34.0409 1844 System memory - ok
18:52:34.0410 1844 ================ Scan services =============================
18:52:35.0484 1844 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:52:35.0739 1844 ACPI - ok
18:52:36.0254 1844 [ 87400FB737962BCCD5C603EF6D7EF029 ] AcPrfMgrSvc C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
18:52:36.0283 1844 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - warning
18:52:36.0283 1844 AcPrfMgrSvc - detected UnsignedFile.Multi.Generic (1)
18:52:36.0421 1844 [ 994738547394E581FD635D6A0E995516 ] AcSvc C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
18:52:36.0571 1844 AcSvc ( UnsignedFile.Multi.Generic ) - warning
18:52:36.0571 1844 AcSvc - detected UnsignedFile.Multi.Generic (1)
18:52:36.0734 1844 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:52:36.0793 1844 AdobeARMservice - ok
18:52:37.0135 1844 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:52:37.0240 1844 adp94xx - ok
18:52:37.0317 1844 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:52:37.0354 1844 adpahci - ok
18:52:37.0386 1844 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:52:37.0455 1844 adpu160m - ok
18:52:37.0609 1844 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:52:37.0687 1844 adpu320 - ok
18:52:37.0778 1844 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:52:37.0894 1844 AeLookupSvc - ok
18:52:38.0060 1844 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:52:38.0369 1844 AFD - ok
18:52:38.0454 1844 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:52:38.0476 1844 agp440 - ok
18:52:38.0524 1844 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:52:38.0564 1844 aic78xx - ok
18:52:38.0594 1844 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:52:38.0674 1844 ALG - ok
18:52:38.0721 1844 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
18:52:38.0756 1844 aliide - ok
18:52:38.0845 1844 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:52:38.0868 1844 amdagp - ok
18:52:38.0897 1844 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
18:52:38.0930 1844 amdide - ok
18:52:39.0001 1844 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:52:39.0091 1844 AmdK7 - ok
18:52:39.0122 1844 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:52:39.0164 1844 AmdK8 - ok
18:52:39.0278 1844 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:52:39.0387 1844 Appinfo - ok
18:52:39.0534 1844 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:52:39.0654 1844 Apple Mobile Device - ok
18:52:39.0827 1844 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
18:52:39.0867 1844 arc - ok
18:52:39.0953 1844 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:52:39.0991 1844 arcsas - ok
18:52:40.0386 1844 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:52:40.0517 1844 aspnet_state - ok
18:52:40.0873 1844 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:52:40.0976 1844 AsyncMac - ok
18:52:41.0020 1844 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
18:52:41.0066 1844 atapi - ok
18:52:41.0583 1844 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:52:41.0664 1844 AudioEndpointBuilder - ok
18:52:41.0878 1844 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:52:41.0913 1844 Audiosrv - ok
18:52:42.0018 1844 [ 502F1C30BD50B32D00CE4DCAECC3D3C7 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:52:42.0085 1844 b57nd60x - ok
18:52:42.0199 1844 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:52:42.0254 1844 Beep - ok
18:52:42.0431 1844 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:52:42.0578 1844 BFE - ok
18:52:43.0024 1844 [ 0D4A07E5AC9998E4B251D603C96D4F20 ] BITS C:\Windows\System32\qmgr.dll
18:52:43.0108 1844 BITS - ok
18:52:43.0150 1844 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:52:43.0213 1844 blbdrive - ok
18:52:43.0384 1844 [ FB6539DEF5B9E00C27B45E3F20213CB2 ] BNPagent C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
18:52:45.0068 1844 BNPagent - ok
18:52:45.0245 1844 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:52:45.0326 1844 Bonjour Service - ok
18:52:45.0371 1844 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:52:45.0423 1844 bowser - ok
18:52:45.0505 1844 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:52:45.0571 1844 BrFiltLo - ok
18:52:45.0620 1844 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:52:45.0650 1844 BrFiltUp - ok
18:52:45.0728 1844 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:52:45.0837 1844 Browser - ok
18:52:45.0924 1844 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:52:46.0045 1844 Brserid - ok
18:52:46.0067 1844 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:52:46.0128 1844 BrSerWdm - ok
18:52:46.0152 1844 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:52:46.0233 1844 BrUsbMdm - ok
18:52:46.0297 1844 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:52:46.0347 1844 BrUsbSer - ok
18:52:46.0400 1844 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
18:52:46.0460 1844 BthEnum - ok
18:52:46.0573 1844 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:52:46.0666 1844 BTHMODEM - ok
18:52:46.0724 1844 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:52:46.0801 1844 BthPan - ok
18:52:47.0225 1844 [ 5A3ABAA2F8EECE7AEFB942773766E3DB ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
18:52:47.0299 1844 BTHPORT - ok
18:52:47.0335 1844 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
18:52:47.0496 1844 BthServ - ok
18:52:47.0562 1844 [ 94E2941280E3756A5E0BCB467865C43A ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
18:52:47.0623 1844 BTHUSB - ok
18:52:47.0684 1844 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:52:47.0732 1844 cdfs - ok
18:52:47.0824 1844 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:52:47.0857 1844 cdrom - ok
18:52:47.0930 1844 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:52:47.0995 1844 CertPropSvc - ok
18:52:48.0028 1844 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
18:52:48.0072 1844 circlass - ok
18:52:48.0113 1844 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:52:48.0154 1844 CLFS - ok
18:52:48.0342 1844 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:52:48.0533 1844 clr_optimization_v2.0.50727_32 - ok
18:52:48.0606 1844 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:52:48.0834 1844 clr_optimization_v4.0.30319_32 - ok
18:52:48.0880 1844 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:52:48.0945 1844 CmBatt - ok
18:52:48.0983 1844 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:52:49.0009 1844 cmdide - ok
18:52:49.0161 1844 [ 912C546AB87AA0E240E82BD7CA48A9E6 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
18:52:49.0242 1844 CnxtHdAudService - ok
18:52:49.0316 1844 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:52:49.0341 1844 Compbatt - ok
18:52:49.0345 1844 COMSysApp - ok
18:52:49.0369 1844 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:52:49.0381 1844 crcdisk - ok
18:52:49.0397 1844 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:52:49.0481 1844 Crusoe - ok
18:52:49.0577 1844 [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:52:49.0668 1844 CryptSvc - ok
18:52:49.0821 1844 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:52:49.0898 1844 DcomLaunch - ok
18:52:49.0955 1844 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:52:50.0008 1844 DfsC - ok
18:52:50.0374 1844 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:52:51.0366 1844 DFSR - ok
18:52:51.0519 1844 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:52:51.0585 1844 Dhcp - ok
18:52:51.0694 1844 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:52:51.0760 1844 disk - ok
18:52:51.0872 1844 [ 5B149CCFE275F4DE0B4B8EC6B9F6821E ] DLABMFSM C:\Windows\system32\DLA\DLABMFSM.SYS
18:52:51.0951 1844 DLABMFSM - ok
18:52:52.0051 1844 [ AD4CB3D783634C90A9D0CE360933A63C ] DLABOIOM C:\Windows\system32\DLA\DLABOIOM.SYS
18:52:52.0126 1844 DLABOIOM - ok
18:52:52.0199 1844 [ 5230CDB7E715F3A3B4A882E254CDD35D ] DLACDBHM C:\Windows\system32\Drivers\DLACDBHM.SYS
18:52:52.0234 1844 DLACDBHM - ok
18:52:52.0266 1844 [ 93D03238CC3F0EE3C0B3985D110EC575 ] DLADResM C:\Windows\system32\DLA\DLADResM.SYS
18:52:52.0343 1844 DLADResM - ok
18:52:52.0368 1844 [ 6A82F77C4A6F5235BF352F0028E2EF52 ] DLAIFS_M C:\Windows\system32\DLA\DLAIFS_M.SYS
18:52:52.0457 1844 DLAIFS_M - ok
18:52:52.0487 1844 [ 0E6052C0ADA37504896A847231A3907D ] DLAOPIOM C:\Windows\system32\DLA\DLAOPIOM.SYS
18:52:52.0549 1844 DLAOPIOM - ok
18:52:52.0581 1844 [ 29670BB4E2B973C5B55A76107D4910B2 ] DLAPoolM C:\Windows\system32\DLA\DLAPoolM.SYS
18:52:52.0665 1844 DLAPoolM - ok
18:52:52.0729 1844 [ 77FE51F0F8D86804CB81F6EF6BFB86DD ] DLARTL_M C:\Windows\system32\Drivers\DLARTL_M.SYS
18:52:52.0767 1844 DLARTL_M - ok
18:52:52.0838 1844 [ 6B087732B86C1D866D69DBBE463EA90A ] DLAUDFAM C:\Windows\system32\DLA\DLAUDFAM.SYS
18:52:52.0907 1844 DLAUDFAM - ok
18:52:52.0939 1844 [ BBEECB95F2841AE4A3E3690D46D7153D ] DLAUDF_M C:\Windows\system32\DLA\DLAUDF_M.SYS
18:52:53.0022 1844 DLAUDF_M - ok
18:52:53.0115 1844 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:52:53.0178 1844 Dnscache - ok
18:52:53.0255 1844 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:52:53.0335 1844 dot3svc - ok
18:52:53.0454 1844 [ 6D279BB0DE1D8E34F454E1B353F4D738 ] DozeHDD C:\Windows\system32\DRIVERS\DozeHDD.sys
18:52:53.0534 1844 DozeHDD - ok
18:52:53.0716 1844 [ 01E2180C3D72CB0ADCC43FB83D18942A ] DozeSvc C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
18:52:53.0758 1844 DozeSvc - ok
18:52:53.0853 1844 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:52:53.0937 1844 DPS - ok
18:52:54.0052 1844 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:52:54.0100 1844 drmkaud - ok
18:52:54.0123 1844 [ 83106585494D5EB96F59187200C144BD ] DRVMCDB C:\Windows\system32\Drivers\DRVMCDB.SYS
18:52:54.0163 1844 DRVMCDB - ok
18:52:54.0176 1844 [ FFC371525AA55D1BAE18715EBCB8797C ] DRVNDDM C:\Windows\system32\Drivers\DRVNDDM.SYS
18:52:54.0219 1844 DRVNDDM - ok
18:52:54.0343 1844 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:52:54.0407 1844 DXGKrnl - ok
18:52:54.0598 1844 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:52:54.0719 1844 E1G60 - ok
18:52:54.0779 1844 [ 6DF7356C560596413165204189DD4DE2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y6032.sys
18:52:54.0805 1844 e1yexpress - ok
18:52:54.0869 1844 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:52:54.0927 1844 EapHost - ok
18:52:54.0945 1844 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:52:54.0960 1844 Ecache - ok
18:52:55.0097 1844 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:52:55.0145 1844 elxstor - ok
18:52:55.0332 1844 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:52:55.0522 1844 EMDMgmt - ok
18:52:55.0587 1844 [ A81AB23EDDB4693612014D87367D014C ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:52:55.0615 1844 ErrDev - ok
18:52:55.0750 1844 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:52:55.0813 1844 EventSystem - ok
18:52:55.0940 1844 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:52:55.0982 1844 exfat - ok
18:52:56.0033 1844 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:52:56.0084 1844 fastfat - ok
18:52:56.0148 1844 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:52:56.0186 1844 fdc - ok
18:52:56.0255 1844 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:52:56.0318 1844 fdPHost - ok
18:52:56.0357 1844 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:52:56.0431 1844 FDResPub - ok
18:52:56.0457 1844 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:52:56.0470 1844 FileInfo - ok
18:52:56.0511 1844 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:52:56.0556 1844 Filetrace - ok
18:52:56.0607 1844 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:52:56.0631 1844 flpydisk - ok
18:52:56.0832 1844 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:52:56.0849 1844 FltMgr - ok
18:52:56.0940 1844 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
18:52:57.0198 1844 FontCache - ok
18:52:57.0343 1844 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:52:57.0425 1844 FontCache3.0.0.0 - ok
18:52:57.0489 1844 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:52:57.0534 1844 Fs_Rec - ok
18:52:57.0599 1844 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:52:57.0636 1844 gagp30kx - ok
18:52:57.0670 1844 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:52:57.0694 1844 GEARAspiWDM - ok
18:52:57.0820 1844 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:52:57.0943 1844 gpsvc - ok
18:52:58.0265 1844 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:52:58.0410 1844 HdAudAddService - ok
18:52:58.0501 1844 [ 4B6F641DE7D79F414B309B519C30F274 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:52:58.0698 1844 HDAudBus - ok
18:52:58.0776 1844 [ 30D57EE84E1E169D41A6E873B549A096 ] HECI C:\Windows\system32\DRIVERS\HECI.sys
18:52:58.0905 1844 HECI - ok
18:52:58.0928 1844 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:52:58.0998 1844 HidBth - ok
18:52:59.0034 1844 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:52:59.0114 1844 HidIr - ok
18:52:59.0200 1844 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
18:52:59.0263 1844 hidserv - ok
18:52:59.0315 1844 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:52:59.0361 1844 HidUsb - ok
18:52:59.0415 1844 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:52:59.0458 1844 hkmsvc - ok
18:52:59.0479 1844 [ 7EBEC5EB56B90ED65A8BBD91464E5CFB ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:52:59.0513 1844 HpCISSs - ok
18:52:59.0579 1844 [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
18:52:59.0712 1844 HsfXAudioService - ok
18:52:59.0903 1844 [ C761B4A8391F5E47F7C51A691CE773F4 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:53:00.0027 1844 HSF_DPV - ok
18:53:00.0112 1844 [ 50B42EF358A2E5363BE6B77138A22391 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:53:00.0164 1844 HSXHWAZL - ok
18:53:00.0282 1844 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:53:00.0409 1844 HTTP - ok
18:53:00.0583 1844 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:53:00.0628 1844 i2omp - ok
18:53:00.0866 1844 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:53:00.0996 1844 i8042prt - ok
18:53:01.0103 1844 [ 01446278D4563B3013C92830AE6CBB26 ] iaStor C:\Windows\system32\drivers\iastor.sys
18:53:01.0186 1844 iaStor - ok
18:53:01.0288 1844 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:53:01.0332 1844 iaStorV - ok
18:53:01.0393 1844 [ E3FFC8CB45B3F55264EE10F084B2731B ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
18:53:01.0443 1844 IBMPMDRV - ok
18:53:01.0501 1844 [ 5565982522EE9D4E8921FEB304D4226F ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
18:53:01.0528 1844 IBMPMSVC - ok
18:53:01.0812 1844 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:53:01.0896 1844 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:53:01.0896 1844 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:53:02.0164 1844 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:53:02.0952 1844 idsvc - ok
18:53:04.0793 1844 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:53:07.0177 1844 igfx - ok
18:53:07.0239 1844 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:53:07.0262 1844 iirsp - ok
18:53:07.0320 1844 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:53:07.0398 1844 IKEEXT - ok
18:53:07.0428 1844 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
18:53:07.0440 1844 intelide - ok
18:53:07.0469 1844 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:53:07.0492 1844 intelppm - ok
18:53:07.0547 1844 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:53:07.0611 1844 IPBusEnum - ok
18:53:07.0653 1844 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:53:07.0705 1844 IpFilterDriver - ok
18:53:07.0992 1844 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:53:08.0211 1844 iphlpsvc - ok
18:53:08.0214 1844 IpInIp - ok
18:53:08.0230 1844 [ 4B9C0F4D4A3ACC535F9771039ECD6365 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:53:08.0274 1844 IPMIDRV - ok
18:53:08.0324 1844 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:53:08.0437 1844 IPNAT - ok
18:53:08.0683 1844 [ CE004777B92DEA56FE14EC900D20BAA4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:53:09.0384 1844 iPod Service - ok
18:53:09.0411 1844 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:53:09.0472 1844 IRENUM - ok
18:53:09.0541 1844 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:53:09.0554 1844 isapnp - ok
18:53:09.0626 1844 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:53:09.0654 1844 iScsiPrt - ok
18:53:09.0895 1844 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:53:09.0907 1844 iteatapi - ok
18:53:09.0938 1844 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:53:10.0005 1844 iteraid - ok
18:53:10.0148 1844 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
18:53:10.0624 1844 IviRegMgr - ok
18:53:10.0718 1844 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:53:10.0730 1844 kbdclass - ok
18:53:10.0782 1844 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:53:10.0838 1844 kbdhid - ok
18:53:10.0948 1844 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:53:11.0034 1844 KeyIso - ok
18:53:11.0176 1844 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:53:11.0215 1844 KSecDD - ok
18:53:11.0402 1844 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:53:11.0713 1844 KtmRm - ok
18:53:11.0883 1844 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
18:53:11.0923 1844 LanmanServer - ok
18:53:12.0032 1844 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:53:12.0142 1844 LanmanWorkstation - ok
18:53:12.0364 1844 [ CAB9C6C37FD0F9612B269349116504B6 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
18:53:12.0418 1844 LENOVO.CAMMUTE - ok
18:53:12.0698 1844 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
18:53:12.0795 1844 LENOVO.MICMUTE - ok
18:53:12.0935 1844 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
18:53:12.0971 1844 lenovo.smi - ok
18:53:13.0052 1844 [ 158B67696EC8602CE71F9AA4F14AA96F ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
18:53:13.0107 1844 Lenovo.VIRTSCRLSVC - ok
18:53:13.0160 1844 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:53:13.0194 1844 lltdio - ok
18:53:13.0270 1844 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:53:13.0450 1844 lltdsvc - ok
18:53:13.0478 1844 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:53:13.0558 1844 lmhosts - ok
18:53:13.0617 1844 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:53:13.0680 1844 LSI_FC - ok
18:53:13.0699 1844 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:53:13.0738 1844 LSI_SAS - ok
18:53:13.0801 1844 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:53:13.0835 1844 LSI_SCSI - ok
18:53:13.0856 1844 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:53:13.0905 1844 luafv - ok
18:53:14.0043 1844 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
18:53:14.0297 1844 LVRS - ok
18:53:14.0334 1844 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:53:14.0374 1844 MBAMProtector - ok
18:53:14.0561 1844 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:53:14.0633 1844 MBAMScheduler - ok
18:53:14.0739 1844 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:53:14.0808 1844 MBAMService - ok
18:53:14.0826 1844 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:53:14.0867 1844 mdmxsdk - ok
18:53:14.0943 1844 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
18:53:14.0966 1844 megasas - ok
18:53:15.0044 1844 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:53:15.0081 1844 MegaSR - ok
18:53:15.0185 1844 Microsoft SharePoint Workspace Audit Service - ok
18:53:15.0237 1844 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:53:15.0351 1844 MMCSS - ok
18:53:15.0379 1844 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:53:15.0452 1844 Modem - ok
18:53:15.0523 1844 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:53:15.0602 1844 monitor - ok
18:53:15.0694 1844 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:53:15.0706 1844 mouclass - ok
18:53:15.0740 1844 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:53:15.0787 1844 mouhid - ok
18:53:15.0806 1844 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:53:15.0819 1844 MountMgr - ok
18:53:15.0963 1844 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:53:16.0014 1844 MozillaMaintenance - ok
18:53:16.0049 1844 [ 5DA347912FD3AF24D7BFB3DE519D4BD0 ] mpio C:\Windows\system32\drivers\mpio.sys
18:53:16.0075 1844 mpio - ok
18:53:16.0098 1844 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:53:16.0158 1844 mpsdrv - ok
18:53:16.0227 1844 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:53:16.0601 1844 MpsSvc - ok
18:53:16.0697 1844 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:53:16.0732 1844 Mraid35x - ok
18:53:16.0767 1844 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:53:16.0809 1844 MRxDAV - ok
18:53:16.0871 1844 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:53:16.0931 1844 mrxsmb - ok
18:53:17.0008 1844 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:53:17.0065 1844 mrxsmb10 - ok
18:53:17.0098 1844 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:53:17.0134 1844 mrxsmb20 - ok
18:53:17.0196 1844 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
18:53:17.0235 1844 msahci - ok
18:53:17.0270 1844 [ 2C563AEF15B8D0014C36C5F27742AC7B ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:53:17.0307 1844 msdsm - ok
18:53:17.0422 1844 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:53:17.0463 1844 MSDTC - ok
18:53:17.0495 1844 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:53:18.0550 1844 Msfs - ok
18:53:18.0680 1844 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:53:18.0770 1844 msisadrv - ok
18:53:18.0816 1844 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:53:19.0071 1844 MSiSCSI - ok
18:53:19.0076 1844 msiserver - ok
18:53:19.0110 1844 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:53:19.0242 1844 MSKSSRV - ok
18:53:19.0315 1844 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:53:19.0585 1844 MSPCLOCK - ok
18:53:19.0636 1844 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:53:19.0689 1844 MSPQM - ok
18:53:19.0751 1844 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:53:19.0789 1844 MsRPC - ok
18:53:19.0827 1844 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:53:19.0845 1844 mssmbios - ok
18:53:19.0901 1844 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:53:19.0976 1844 MSTEE - ok
18:53:20.0001 1844 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:53:20.0021 1844 Mup - ok
18:53:20.0103 1844 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:53:20.0224 1844 napagent - ok
18:53:20.0270 1844 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:53:20.0334 1844 NativeWifiP - ok
18:53:20.0409 1844 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:53:20.0696 1844 NDIS - ok
18:53:20.0720 1844 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:53:20.0758 1844 NdisTapi - ok
18:53:20.0834 1844 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:53:20.0895 1844 Ndisuio - ok
18:53:20.0938 1844 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:53:21.0037 1844 NdisWan - ok
18:53:21.0071 1844 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:53:21.0122 1844 NDProxy - ok
18:53:21.0221 1844 [ F7C14F5077BF2BC476C348B88A7F74E2 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:53:21.0269 1844 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:53:21.0269 1844 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:53:21.0337 1844 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:53:21.0399 1844 NetBIOS - ok
18:53:21.0422 1844 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:53:21.0567 1844 netbt - ok
18:53:21.0593 1844 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:53:21.0611 1844 Netlogon - ok
18:53:21.0716 1844 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:53:22.0042 1844 Netman - ok
18:53:22.0075 1844 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:53:22.0322 1844 NetMsmqActivator - ok
18:53:26.0389 1844 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:53:26.0637 1844 NetPipeActivator - ok
18:53:26.0818 1844 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:53:26.0922 1844 netprofm - ok
18:53:26.0969 1844 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:53:27.0117 1844 NetTcpActivator - ok
18:53:27.0141 1844 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:53:27.0256 1844 NetTcpPortSharing - ok
18:53:27.0304 1844 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:53:27.0327 1844 nfrd960 - ok
18:53:27.0434 1844 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:53:27.0593 1844 NlaSvc - ok
18:53:27.0653 1844 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:53:27.0672 1844 Npfs - ok
18:53:27.0731 1844 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:53:27.0827 1844 nsi - ok
18:53:27.0851 1844 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:53:27.0901 1844 nsiproxy - ok
18:53:28.0159 1844 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:53:28.0726 1844 Ntfs - ok
18:53:28.0809 1844 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:53:28.0911 1844 ntrigdigi - ok
18:53:28.0931 1844 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:53:28.0987 1844 Null - ok
18:53:29.0034 1844 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:53:29.0071 1844 nvraid - ok
18:53:29.0136 1844 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:53:29.0188 1844 nvstor - ok
18:53:29.0244 1844 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:53:29.0281 1844 nv_agp - ok
18:53:29.0285 1844 NwlnkFlt - ok
18:53:29.0289 1844 NwlnkFwd - ok
18:53:29.0342 1844 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:53:29.0399 1844 ohci1394 - ok
18:53:29.0515 1844 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:53:29.0593 1844 ose - ok
18:53:30.0223 1844 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:53:32.0305 1844 osppsvc - ok
18:53:32.0419 1844 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:53:32.0744 1844 p2pimsvc - ok
18:53:32.0821 1844 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:53:32.0928 1844 p2psvc - ok
18:53:32.0990 1844 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:53:33.0070 1844 Parport - ok
18:53:33.0132 1844 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:53:33.0152 1844 partmgr - ok
18:53:33.0211 1844 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:53:33.0291 1844 Parvdm - ok
18:53:33.0348 1844 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:53:33.0493 1844 PcaSvc - ok
18:53:33.0534 1844 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:53:33.0557 1844 pci - ok
18:53:33.0634 1844 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
18:53:33.0655 1844 pciide - ok
18:53:33.0698 1844 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:53:33.0739 1844 pcmcia - ok
18:53:33.0923 1844 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:53:34.0255 1844 PEAUTH - ok
18:53:34.0586 1844 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:53:35.0321 1844 pla - ok
18:53:35.0469 1844 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:53:35.0507 1844 PlugPlay - ok
18:53:35.0600 1844 [ E638656001C52A1FAA34F92E6D3A086B ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:53:35.0633 1844 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:53:35.0633 1844 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:53:35.0811 1844 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:53:35.0926 1844 PNRPAutoReg - ok
18:53:36.0029 1844 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:53:36.0075 1844 PNRPsvc - ok
18:53:36.0234 1844 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:53:36.0596 1844 PolicyAgent - ok
18:53:36.0656 1844 [ 836FE79DE8767D77136B6491A3D61089 ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
18:53:36.0704 1844 Power Manager DBC Service - ok
18:53:36.0753 1844 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:53:36.0828 1844 PptpMiniport - ok
18:53:36.0852 1844 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
18:53:36.0887 1844 Processor - ok
18:53:36.0945 1844 PROCEXP151 - ok
18:53:37.0019 1844 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:53:37.0103 1844 ProfSvc - ok
18:53:37.0137 1844 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:53:37.0150 1844 ProtectedStorage - ok
18:53:37.0202 1844 [ F8A25F1DD8B2C332CBC663E3579566E7 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
18:53:37.0227 1844 psadd - ok
18:53:37.0242 1844 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:53:37.0261 1844 PSched - ok
18:53:37.0494 1844 [ 576444157F1CB25AE2057EED586D4889 ] PwmEWSvc C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
18:53:37.0672 1844 PwmEWSvc - ok
18:53:37.0862 1844 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
18:53:37.0938 1844 PxHelp20 - ok
18:53:38.0146 1844 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:53:38.0261 1844 ql2300 - ok
18:53:38.0338 1844 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:53:38.0389 1844 ql40xx - ok
18:53:38.0456 1844 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:53:38.0570 1844 QWAVE - ok
18:53:38.0594 1844 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:53:38.0639 1844 QWAVEdrv - ok
18:53:38.0663 1844 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:53:38.0722 1844 RasAcd - ok
18:53:38.0802 1844 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:53:38.0884 1844 RasAuto - ok
18:53:38.0935 1844 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:53:38.0959 1844 Rasl2tp - ok
18:53:39.0052 1844 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:53:39.0115 1844 RasMan - ok
18:53:39.0349 1844 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:53:39.0455 1844 RasPppoe - ok
18:53:39.0509 1844 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:53:39.0544 1844 RasSstp - ok
18:53:39.0587 1844 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:53:39.0804 1844 rdbss - ok
18:53:39.0840 1844 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:53:39.0925 1844 RDPCDD - ok
18:53:39.0967 1844 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:53:40.0021 1844 rdpdr - ok
18:53:40.0026 1844 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:53:40.0059 1844 RDPENCDD - ok
18:53:40.0136 1844 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:53:40.0230 1844 RDPWD - ok
18:53:40.0285 1844 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:53:40.0468 1844 RemoteAccess - ok
18:53:40.0529 1844 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:53:40.0565 1844 RemoteRegistry - ok
18:53:40.0650 1844 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:53:40.0679 1844 RFCOMM - ok
18:53:40.0749 1844 [ C2EF513BBE069F0D4EE0938A76F975D3 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
18:53:40.0769 1844 rimmptsk - ok
18:53:40.0926 1844 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
18:53:40.0989 1844 rimsptsk - ok
18:53:41.0025 1844 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
18:53:41.0062 1844 rismxdp - ok
18:53:41.0251 1844 [ EB9EEB379848F356797EB9EF31114CA5 ] RoxMediaDB10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
18:53:41.0387 1844 RoxMediaDB10 - ok
18:53:41.0506 1844 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:53:41.0615 1844 RpcLocator - ok
18:53:41.0694 1844 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
18:53:41.0739 1844 RpcSs - ok
18:53:41.0979 1844 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:53:42.0092 1844 rspndr - ok
18:53:42.0252 1844 [ 587A60FD5FD7E7B149CEA5A7C5DD3FBF ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
18:53:42.0324 1844 rtl8192se - ok
18:53:42.0350 1844 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:53:42.0375 1844 SamSs - ok
18:53:42.0809 1844 [ 26A05F8833938BD989199E8681B53B86 ] SAVAdminService C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
18:53:42.0907 1844 SAVAdminService - ok
18:53:42.0967 1844 [ E2C05310219E327E232291543C348B73 ] SAVOnAccess C:\Windows\system32\DRIVERS\savonaccess.sys
18:53:43.0004 1844 SAVOnAccess - ok
18:53:43.0081 1844 [ B8A272D4E91EFB366E16BEA0FA42D7EE ] SAVService C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
18:53:43.0125 1844 SAVService - ok
18:53:43.0160 1844 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:53:43.0195 1844 sbp2port - ok
18:53:43.0271 1844 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:53:43.0448 1844 SCardSvr - ok
18:53:43.0618 1844 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:53:44.0082 1844 Schedule - ok
18:53:44.0156 1844 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:53:44.0197 1844 SCPolicySvc - ok
18:53:44.0294 1844 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
18:53:44.0337 1844 sdbus - ok
18:53:44.0388 1844 [ 4F21774E1259A546B992D9EAACDFD778 ] sdcfilter C:\Windows\system32\DRIVERS\sdcfilter.sys
18:53:44.0450 1844 sdcfilter - ok
18:53:44.0506 1844 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:53:44.0667 1844 SDRSVC - ok
18:53:44.0754 1844 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:53:44.0827 1844 secdrv - ok
18:53:44.0895 1844 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:53:44.0972 1844 seclogon - ok
18:53:45.0017 1844 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
18:53:45.0069 1844 SENS - ok
18:53:45.0108 1844 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:53:45.0174 1844 Serenum - ok
18:53:45.0290 1844 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:53:45.0377 1844 Serial - ok
18:53:45.0426 1844 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:53:45.0474 1844 sermouse - ok
18:53:45.0515 1844 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:53:45.0575 1844 SessionEnv - ok
18:53:45.0648 1844 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:53:45.0704 1844 sffdisk - ok
18:53:45.0728 1844 [ E5EAFE85815BD89095FEF3144A09AB68 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:53:45.0757 1844 sffp_mmc - ok
18:53:45.0798 1844 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:53:45.0860 1844 sffp_sd - ok
18:53:45.0912 1844 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:53:46.0007 1844 sfloppy - ok
18:53:46.0071 1844 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:53:46.0198 1844 SharedAccess - ok
18:53:46.0271 1844 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:53:46.0513 1844 ShellHWDetection - ok
18:53:46.0563 1844 [ 1624530D05155F4E5A4736531523BFF5 ] Shockprf C:\Windows\system32\DRIVERS\Apsx86.sys
18:53:46.0627 1844 Shockprf - ok
18:53:46.0664 1844 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:53:46.0700 1844 sisagp - ok
18:53:46.0730 1844 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:53:46.0771 1844 SiSRaid2 - ok
18:53:46.0802 1844 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:53:46.0864 1844 SiSRaid4 - ok
18:53:46.0912 1844 [ E407A8EEA2FD4BF560C05C0EBF1793B3 ] SKMScan C:\Windows\system32\DRIVERS\skmscan.sys
18:53:46.0944 1844 SKMScan - ok
18:53:47.0105 1844 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:53:47.0635 1844 SkypeUpdate - ok
18:53:48.0511 1844 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:53:48.0903 1844 slsvc - ok
18:53:48.0942 1844 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:53:49.0011 1844 SLUINotify - ok
18:53:49.0030 1844 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:53:49.0069 1844 Smb - ok
18:53:49.0105 1844 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:53:49.0147 1844 SNMPTRAP - ok
18:53:49.0285 1844 [ 3068CF091B4334B998380E9C877F5549 ] Sophos Agent C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
18:53:49.0328 1844 Sophos Agent - ok
18:53:49.0471 1844 [ 8A12AB5DE877B8F97D5EE70E16A5C9B2 ] Sophos AutoUpdate Service C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
18:53:49.0503 1844 Sophos AutoUpdate Service - ok
18:53:49.0588 1844 [ 1C3D8A4B93A97E3C46B3D01F6F321DC4 ] Sophos Message Router C:\Program Files\Sophos\Remote Management System\RouterNT.exe
18:53:49.0930 1844 Sophos Message Router - ok
18:53:50.0059 1844 [ BD03374253F79CE7A716A870DC85BD84 ] Sophos Web Control Service C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
18:53:50.0192 1844 Sophos Web Control Service - ok
18:53:50.0298 1844 [ F2B7BD04146B3E6A895A1919E1F5DA89 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
18:53:50.0309 1844 SophosBootDriver - ok
18:53:50.0397 1844 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:53:50.0421 1844 spldr - ok
18:53:50.0547 1844 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:53:50.0619 1844 Spooler - ok
18:53:50.0873 1844 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:53:50.0899 1844 srv - ok
18:53:50.0941 1844 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:53:50.0999 1844 srv2 - ok
18:53:51.0053 1844 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:53:51.0104 1844 srvnet - ok
18:53:51.0178 1844 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:53:51.0296 1844 SSDPSRV - ok
18:53:51.0383 1844 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:53:51.0523 1844 SstpSvc - ok
18:53:51.0643 1844 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:53:51.0906 1844 stisvc - ok
18:53:52.0002 1844 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
18:53:52.0054 1844 stllssvr - ok
18:53:52.0152 1844 [ C2191C1A5DFED0795E3D3B68905B195B ] SUService C:\Program Files\Lenovo\System Update\SUService.exe
18:53:52.0360 1844 SUService ( UnsignedFile.Multi.Generic ) - warning
18:53:52.0360 1844 SUService - detected UnsignedFile.Multi.Generic (1)
18:53:52.0409 1844 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:53:52.0432 1844 swenum - ok
18:53:52.0965 1844 [ B3379659D773BFDD3B631F5FEE2FF2B3 ] swi_service C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
18:53:53.0625 1844 swi_service - ok
18:53:54.0066 1844 [ BD8684D96EB9436EB145A6E03D693A45 ] swi_update C:\ProgramData\Sophos\Web Intelligence\swi_update.exe
18:53:55.0030 1844 swi_update - ok
18:53:55.0121 1844 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:53:55.0163 1844 swprv - ok
18:53:55.0210 1844 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:53:55.0246 1844 Symc8xx - ok
18:53:55.0277 1844 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:53:55.0314 1844 Sym_hi - ok
18:53:55.0332 1844 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:53:55.0367 1844 Sym_u3 - ok
18:53:55.0482 1844 [ 003358D830A76DFE3803FB353B8FD87B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:53:55.0536 1844 SynTP - ok
18:53:55.0633 1844 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:53:55.0819 1844 SysMain - ok
18:53:55.0878 1844 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:53:55.0914 1844 TabletInputService - ok
18:53:55.0931 1844 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:53:55.0978 1844 TapiSrv - ok
18:53:56.0069 1844 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:53:56.0147 1844 TBS - ok
18:53:56.0320 1844 [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:53:56.0437 1844 Tcpip - ok
18:53:56.0493 1844 [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:53:56.0841 1844 Tcpip6 - ok
18:53:56.0906 1844 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:53:56.0989 1844 tcpipreg - ok
18:53:57.0067 1844 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:53:57.0209 1844 TDPIPE - ok
18:53:57.0241 1844 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:53:57.0311 1844 TDTCP - ok
18:53:57.0351 1844 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:53:57.0395 1844 tdx - ok
18:53:57.0456 1844 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:53:57.0470 1844 TermDD - ok
18:53:57.0514 1844 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:53:57.0713 1844 TermService - ok
18:53:57.0775 1844 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:53:57.0793 1844 Themes - ok
18:53:58.0006 1844 [ 1C7B8E69BF9557A17A17F2120892ACF9 ] ThinkVantage Registry Monitor Service c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
18:53:58.0313 1844 ThinkVantage Registry Monitor Service - ok
18:53:58.0348 1844 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:53:58.0381 1844 THREADORDER - ok
18:53:58.0409 1844 [ D2378FBBD668D9FE9B6B5E3139D506D3 ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM86.sys
18:53:58.0430 1844 TPDIGIMN - ok
18:53:58.0497 1844 [ A34A1E6B5461273846D30F5898602A72 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG.exe
18:53:58.0553 1844 TPHDEXLGSVC - ok
18:53:58.0709 1844 [ 9CD364ECB3A10B24C7CAC8FF89993A67 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
18:53:58.0758 1844 TPHKLOAD - ok
18:53:58.0798 1844 [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
18:53:58.0850 1844 TPHKSVC - ok
18:53:58.0908 1844 [ CB258C2F726F1BE73C507022BE33EBB3 ] TPM C:\Windows\system32\drivers\tpm.sys
18:53:58.0943 1844 TPM - ok
18:53:59.0020 1844 [ C16EC6A5390904D3971179553852025B ] TPPWRIF C:\Windows\system32\drivers\Tppwr32v.sys
18:53:59.0050 1844 TPPWRIF - ok
18:53:59.0120 1844 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:53:59.0206 1844 TrkWks - ok
18:53:59.0350 1844 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:53:59.0436 1844 TrustedInstaller - ok
18:53:59.0647 1844 [ DDD4A2C9A37B93C7D8A539F785572565 ] TSSCoreService C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
18:54:13.0631 1844 TSSCoreService - ok
18:54:13.0679 1844 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:54:13.0727 1844 tssecsrv - ok
18:54:13.0799 1844 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:54:13.0853 1844 tunmp - ok
18:54:13.0904 1844 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:54:13.0947 1844 tunnel - ok
18:54:14.0307 1844 [ 550EB190CB6444C9E5DCAB810D2057BD ] TVT Backup Protection Service C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
18:54:14.0415 1844 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - warning
18:54:14.0415 1844 TVT Backup Protection Service - detected UnsignedFile.Multi.Generic (1)
18:54:14.0774 1844 [ 5C4894EB6E56DEE78522BB8DE00AA29A ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
18:54:15.0208 1844 TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
18:54:15.0208 1844 TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
18:54:15.0353 1844 [ 58BC366538A8A1F252D2750C1F5193B6 ] TVT Scheduler c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
18:54:15.0897 1844 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
18:54:15.0898 1844 TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
18:54:15.0937 1844 [ 49258A02A1E8D304ED88B0F1C56B1738 ] tvtfilter C:\Windows\system32\DRIVERS\tvtfilter.sys
18:54:15.0953 1844 tvtfilter ( UnsignedFile.Multi.Generic ) - warning
18:54:15.0953 1844 tvtfilter - detected UnsignedFile.Multi.Generic (1)
18:54:16.0023 1844 [ 7E66DDA1EF146BFC3A6E36E08E036602 ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
18:54:16.0050 1844 TVTI2C - ok
18:54:16.0099 1844 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:54:16.0124 1844 uagp35 - ok
18:54:16.0208 1844 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:54:16.0238 1844 udfs - ok
18:54:16.0294 1844 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:54:16.0415 1844 UI0Detect - ok
18:54:16.0470 1844 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:54:16.0494 1844 uliagpkx - ok
18:54:16.0548 1844 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:54:16.0596 1844 uliahci - ok
18:54:16.0625 1844 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:54:16.0660 1844 UlSata - ok
18:54:16.0715 1844 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:54:16.0751 1844 ulsata2 - ok
18:54:16.0777 1844 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:54:16.0837 1844 umbus - ok
18:54:16.0901 1844 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:54:17.0004 1844 upnphost - ok
18:54:17.0088 1844 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:54:17.0160 1844 USBAAPL - ok
18:54:17.0241 1844 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:54:17.0260 1844 usbaudio - ok
18:54:17.0319 1844 [ 922B2EBD5118B9AB120410807131A921 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:54:17.0333 1844 usbccgp - ok
18:54:17.0382 1844 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:54:17.0454 1844 usbcir - ok
18:54:17.0527 1844 [ 3D045EAA73414BE8F877F292A84ABBA2 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:54:17.0540 1844 usbehci - ok
18:54:17.0626 1844 [ 1AE77A4C4E4F526EF9759C31A123F2B0 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:54:17.0642 1844 usbhub - ok
18:54:17.0687 1844 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:54:17.0741 1844 usbohci - ok
18:54:17.0797 1844 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:54:17.0828 1844 usbprint - ok
18:54:17.0913 1844 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:54:17.0974 1844 usbscan - ok
18:54:18.0032 1844 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:54:18.0081 1844 USBSTOR - ok
18:54:18.0139 1844 [ F69C1AAD04F28415F3FBE99FBE56030B ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:54:18.0152 1844 usbuhci - ok
18:54:18.0187 1844 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:54:18.0292 1844 usbvideo - ok
18:54:18.0352 1844 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:54:18.0392 1844 UxSms - ok
18:54:18.0479 1844 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:54:18.0674 1844 vds - ok
18:54:18.0752 1844 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:54:18.0787 1844 vga - ok
18:54:18.0836 1844 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:54:18.0902 1844 VgaSave - ok
18:54:18.0939 1844 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:54:18.0962 1844 viaagp - ok
18:54:19.0015 1844 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:54:19.0059 1844 ViaC7 - ok
18:54:19.0109 1844 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
18:54:19.0138 1844 viaide - ok
18:54:19.0157 1844 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:54:19.0170 1844 volmgr - ok
18:54:19.0240 1844 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:54:19.0258 1844 volmgrx - ok
18:54:19.0344 1844 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:54:19.0361 1844 volsnap - ok
18:54:19.0422 1844 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:54:19.0460 1844 vsmraid - ok
18:54:19.0572 1844 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:54:20.0051 1844 VSS - ok
18:54:20.0160 1844 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:54:20.0396 1844 W32Time - ok
18:54:20.0412 1844 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:54:20.0491 1844 WacomPen - ok
18:54:20.0522 1844 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:54:20.0560 1844 Wanarp - ok
18:54:20.0588 1844 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:54:20.0608 1844 Wanarpv6 - ok
18:54:20.0686 1844 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:54:20.0830 1844 wcncsvc - ok
18:54:20.0864 1844 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:54:20.0964 1844 WcsPlugInService - ok
18:54:21.0008 1844 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
18:54:21.0032 1844 Wd - ok
18:54:21.0168 1844 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:54:21.0227 1844 Wdf01000 - ok
18:54:21.0318 1844 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:54:21.0369 1844 WdiServiceHost - ok
18:54:21.0393 1844 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:54:21.0420 1844 WdiSystemHost - ok
18:54:21.0450 1844 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:54:21.0510 1844 WebClient - ok
18:54:21.0563 1844 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:54:21.0671 1844 Wecsvc - ok
18:54:21.0701 1844 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:54:21.0773 1844 wercplsupport - ok
18:54:21.0815 1844 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:54:21.0856 1844 WerSvc - ok
18:54:21.0911 1844 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
18:54:21.0949 1844 WimFltr - ok
18:54:22.0042 1844 [ 253A9C2DF9A2A7B3B23146014959F2CD ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:54:22.0104 1844 winachsf - ok
18:54:22.0226 1844 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:54:22.0277 1844 WinDefend - ok
18:54:22.0282 1844 WinHttpAutoProxySvc - ok
18:54:22.0353 1844 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:54:22.0396 1844 Winmgmt - ok
18:54:22.0579 1844 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:54:23.0065 1844 WinRM - ok
18:54:23.0157 1844 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:54:23.0287 1844 Wlansvc - ok
18:54:23.0384 1844 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:54:23.0412 1844 WmiAcpi - ok
18:54:23.0496 1844 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:54:23.0612 1844 wmiApSrv - ok
18:54:23.0764 1844 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:54:23.0975 1844 WMPNetworkSvc - ok
18:54:24.0149 1844 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:54:24.0244 1844 WPCSvc - ok
18:54:24.0297 1844 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:54:24.0425 1844 WPDBusEnum - ok
18:54:24.0562 1844 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:54:24.0623 1844 WpdUsb - ok
18:54:24.0884 1844 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:54:25.0208 1844 WPFFontCache_v0400 - ok
18:54:25.0281 1844 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:54:25.0303 1844 ws2ifsl - ok
18:54:25.0341 1844 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
18:54:25.0357 1844 wscsvc - ok
18:54:25.0360 1844 WSearch - ok
18:54:25.0530 1844 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:54:25.0936 1844 wuauserv - ok
18:54:26.0003 1844 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:54:26.0087 1844 WUDFRd - ok
18:54:26.0168 1844 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:54:26.0228 1844 wudfsvc - ok
18:54:26.0264 1844 [ 894F963BE999BA9DB5AAC3AED55B115D ] XAudio C:\Windows\system32\DRIVERS\XAudio32.sys
18:54:26.0283 1844 XAudio - ok
18:54:26.0288 1844 ================ Scan global ===============================
18:54:26.0335 1844 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:54:26.0383 1844 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
18:54:26.0440 1844 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
18:54:26.0470 1844 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:54:26.0473 1844 [Global] - ok
18:54:26.0473 1844 ================ Scan MBR ==================================
18:54:26.0484 1844 [ AFAFDA1A10FF19507AAFBE6660AADA44 ] \Device\Harddisk0\DR0
18:54:27.0385 1844 \Device\Harddisk0\DR0 - ok
18:54:27.0386 1844 ================ Scan VBR ==================================
18:54:27.0418 1844 [ 858322DF44E91EE77B2A04BC5FFDCBF6 ] \Device\Harddisk0\DR0\Partition1
18:54:27.0471 1844 \Device\Harddisk0\DR0\Partition1 - ok
18:54:27.0507 1844 [ 49F63D1F0E1C3C996DB1E73C8C2D0817 ] \Device\Harddisk0\DR0\Partition2
18:54:27.0511 1844 \Device\Harddisk0\DR0\Partition2 - ok
18:54:27.0553 1844 [ E9576A4495B228260D854819508E6079 ] \Device\Harddisk0\DR0\Partition3
18:54:27.0592 1844 \Device\Harddisk0\DR0\Partition3 - ok
18:54:27.0593 1844 ============================================================
18:54:27.0593 1844 Scan finished
18:54:27.0593 1844 ============================================================
18:54:27.0622 0760 Detected object count: 10
18:54:27.0622 0760 Actual detected object count: 10
18:54:32.0948 0760 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:54:32.0948 0760 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:54:32.0948 0760 AcSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:54:32.0948 0760 AcSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:54:32.0950 0760 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:54:32.0950 0760 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:54:32.0950 0760 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:54:32.0950 0760 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:54:32.0951 0760 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:54:32.0951 0760 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:54:32.0953 0760 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
18:54:32.0953 0760 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:54:32.0955 0760 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:54:32.0955 0760 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:54:32.0956 0760 TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:54:32.0956 0760 TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:54:32.0957 0760 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
18:54:32.0957 0760 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:54:32.0962 0760 tvtfilter ( UnsignedFile.Multi.Generic ) - skipped by user
18:54:32.0963 0760 tvtfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip


MalwareBytes log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.04.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
College User :: LABLE-YKMBUOQWD [administrator]

7/4/2013 9:26:42 PM
mbam-log-2013-07-04 (21-26-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218489
Time elapsed: 12 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


FSS Log:
Farbar Service Scanner Version: 27-06-2013
Ran by College User (administrator) on 04-07-2013 at 21:52:03
Running from "C:\Users\College User\Desktop"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-06-19 03:15] - [2013-05-08 00:37] - 0905576 ____A (Microsoft Corporation) 548E198BAE21EFC21F8B5F0C1728AD27

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2012-01-02 15:40] - [2012-01-02 15:40] - 0584704 ____A (Microsoft Corporation) 0D4A07E5AC9998E4B251D603C96D4F20

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-06-19 03:04] - [2013-04-24 00:00] - 0133120 ____A (Microsoft Corporation) 3EDE4C1F9672C972479201544969ADCB

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Adobe Reader can't update itself to the next version number. If you are on 10.something it can give you the newest 10.something but not 11.0.03 which is the latest. You have to uninstall it then download the latest version from adobe.com being careful to uncheck the additional foistware before you download. Java should be at 7 update 25. If not then uninstall it and get the latest from java.com

I suspect your problems are from these add-on/extensions:

[2012/10/30 19:25:56 | 000,000,000 | ---D | M] (Vaudix) -- C:\Users\College User\AppData\Roaming\mozilla\Firefox\Profiles\c3ivqacj.default\extensions\[email protected]
[2012/01/06 14:01:09 | 000,021,093 | ---- | M] () (No name found) -- C:\Users\College User\AppData\Roaming\mozilla\firefox\profiles\c3ivqacj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/05/08 22:02:34 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\College User\AppData\Roaming\mozilla\firefox\profiles\c3ivqacj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Let's use OTL to remove them and see if that helps:



Copy the text in the code box by highlighting and Ctrl + c

:OTL
[2012/10/30 19:25:56 | 000,000,000 | ---D | M] (Vaudix) -- C:\Users\College User\AppData\Roaming\mozilla\Firefox\Profiles\c3ivqacj.default\extensions\[email protected]
[2012/01/06 14:01:09 | 000,021,093 | ---- | M] () (No name found) -- C:\Users\College User\AppData\Roaming\mozilla\firefox\profiles\c3ivqacj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/05/08 22:02:34 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\College User\AppData\Roaming\mozilla\firefox\profiles\c3ivqacj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\07052013-some number.log so look there if you don't see it.

My internet is coming and going today and was dead all day yesterday so sorry for any delays.
  • 0

#5
macelink

macelink

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
========== OTL ==========
C:\Users\College User\AppData\Roaming\mozilla\Firefox\Profiles\c3ivqacj.default\extensions\[email protected]\content folder moved successfully.
C:\Users\College User\AppData\Roaming\mozilla\Firefox\Profiles\c3ivqacj.default\extensions\[email protected] folder moved successfully.
C:\Users\College User\AppData\Roaming\mozilla\firefox\profiles\c3ivqacj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi moved successfully.
C:\Users\College User\AppData\Roaming\mozilla\firefox\profiles\c3ivqacj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: College User
->Flash cache emptied: 18421204 bytes

Total Flash Files Cleaned = 18.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: College User
->Java cache emptied: 2449207 bytes

Total Java Files Cleaned = 2.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07052013_142433
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Are you still getting the popups?
  • 0

#7
macelink

macelink

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
The popup has gone away, and the random ads on pages I visit seem to have disappeared too!
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
OK. It looks like it worked OK. Unless you see other problems I think we are done and can clean up

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator. (Pause your anti-virus)
then right click, Paste, then hit Enter.

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 9 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then you should install No-Script (Firefox) or Script-No add-ons (Chrome) and only use Firefox or Chrome to visit the site. You will need to tell No-Script/Script-No that the site is allowed to run Java.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works. http://support.microsoft.com/kb/294871

If you are feeling especially paranoid you can install the free firewall called Online Armor:
http://www.online-armor.com/


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP