# cannot get rid of a virus named services.exe and trojan.patchep!sys



## mathew206 (Aug 7, 2012)

Hello, 

I cannot seem to get rid of these viruses. I have tried to scan multiple times both in normal mode and safe mode. I have used MBAM, Norton Business security suite, Superantispyware, TDSS, mcafee scanner, and I cannot get rid of them. The viruses are detected at times, but the antivirus programs cannot delete them. Everytime I turn the computer off, it says that it is updating systems, which I'm assuming is the virus. :/ Please help. Thank you in advance for any of your help. My system specs are below.


System log:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3932 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1838 Mb
Hard Drives: C: Total - 465737 MB, Free - 328152 MB; Q: Total - 9999 MB, Free - 2239 MB;
Motherboard: LENOVO, 2842FBU
Antivirus: McAfee VirusScan Enterprise, Updated: No, On-Demand Scanner: Disabled


----------



## mathew206 (Aug 7, 2012)

Hey guys, 

I know that the site says to be patient. It has been a week since I first posted, but I just want to make sure that I am in line and have not been overlooked.  Any response would be greatly appreciated. Thanks!


----------



## Mark1956 (May 7, 2011)

Hi Mathew206, my name is Mark and I will be helping you.

At the top of the Malware forum there is a notice *Everyone MUST read this BEFORE posting for help in this forum*. Not following those instructions puts helpers off from assisting you. Also, there are not enough volunteers to help with the ever increasing demand for assistance. Those who follow the instructions tend to get priority. Please read those instructions thoroughly and post both logs from DDS, you need not post the logs from HJT or GMER.

You are probably infected with the ZeroAccess rootkit. As a precaution, if you use this PC for any on-line banking and/or signing into any financial institutions, you should change your passwords on a clean machine and not use this one to log into any of those sites until we are sure it is clean.

Please follow these instructions and post the log.

*STEP 1*

*NOTE:* If you have already used Combofix please delete the icon from your desktop.

Please download DeFogger and save it to your desktop.
Once downloaded, double-click on the *DeFogger* icon to start the tool.
The application window will appear.
You should now click on the *Disable* button to disable your CD Emulation drivers.
When it prompts you whether or not you want to continue, please click on the *Yes* button to continue.
When the program has completed you will see a *Finished!* message. Click on the *OK* button to exit the program.
If CD Emulation programs are present and have been disabled, *DeFogger* will now ask you to reboot the machine. Please allow it to do so by clicking on the *OK* button.
*STEP 2*

Please download *ComboFix*







from one of the locations below and *save it to your Desktop. <-Important!!!*

Download Mirror #1
Download Mirror #2
Be sure to print out and follow these instructions: *A guide and tutorial on using ComboFix*

*Vista*/*Windows 7* users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. *XP* users need to install the Recovery Console first.

Temporarily *disable* your *anti-virus*, script blocking and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_. Click this link to see a list of such programs and how to disable them.
If ComboFix detects an older version of itself, you will be asked to update the program.
ComboFix will begin by showing a Disclaimer. Read it and click *I Agree* if you want to continue.
Follow the prompts and click on *Yes* to continue scanning for malware.
If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the *Continue* button.
When finished, please copy and paste the contents of C:\*ComboFix.txt* (_which will open after reboot_) in your next reply.
Be sure to *re-enable* your anti-virus and other security programs.
_-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock._
_-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it._
_-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security._
If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "_How to Guide_" you printed out earlier.

*NOTE:* if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.


> *Do NOT use ComboFix* unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, *NOT for general public or personal use*. *Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again.* This site, sUBs and myself *will not* be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read *ComboFix's Disclaimer*.


----------



## mathew206 (Aug 7, 2012)

Dear Mark,

Thank you very much for your assistance. My apologies for the oversight on DDS. Lot of forums don't want you to do anything before seeking help. I will follow your directions to the best of my capabilities. 


You mentioned not to post from HJT, does that mean I do not need to scan with it either? 

DDS is attached below in the next post.


----------



## mathew206 (Aug 7, 2012)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by ChoysToy at 13:12:40 on 2012-08-16
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3933.2358 [GMT -7:00]
.
AV: Norton Business Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Business Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Business Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Norton Business Suite\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Business Suite\Engine\6.2.1.5\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lenovo.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Business Suite\Engine\6.2.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Business Suite\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Business Suite\Engine\6.2.1.5\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [TaskScheduler] C:\ProWin11\32bit\TaskSch.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{1558DF44-4292-4178-A5CA-A141778C5639} : DhcpNameServer = 10.11.28.10
TCP: Interfaces\{6181048D-F057-4692-A447-130C1484C7A4} : DhcpNameServer = 10.11.28.25
TCP: Interfaces\{6181048D-F057-4692-A447-130C1484C7A4}\05F607723702E4564777F627B6 : DhcpNameServer = 192.168.2.1 192.168.2.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{6181048D-F057-4692-A447-130C1484C7A4}\2375942554335353 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6181048D-F057-4692-A447-130C1484C7A4}\4656A7D616475736 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Business Suite\Engine\6.2.1.5\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Business Suite\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO-X64: Google Gears Helper - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Business Suite\Engine\6.2.1.5\coIEPlg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun-x64: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ChoysToy\AppData\Roaming\Mozilla\Firefox\Profiles\nfiidqxa.default\
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-13 1161376]
R1 ccSet_N360;Norton Business Suite Settings Manager;C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120718.001\IDSviA64.sys [2012-7-19 509088]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-7-11 138912]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
.
=============== Created Last 30 ================
.
2012-07-23 04:27:08	--------	d-----w-	C:\$RECYCLE.BIN
2012-07-22 17:11:53	208896	----a-w-	C:\Windows\MBR.exe
2012-07-22 17:11:50	256000	----a-w-	C:\Windows\PEV.exe
2012-07-22 17:11:49	98816	----a-w-	C:\Windows\sed.exe
2012-07-22 17:11:49	518144	----a-w-	C:\Windows\SWREG.exe
2012-07-19 06:03:57	--------	d-----w-	C:\FRST
.
==================== Find3M ====================
.
2012-07-13 22:40:47	116016	----a-w-	C:\Windows\System32\drivers\24097668.sys
2012-07-12 03:06:46	175736	----a-w-	C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-07-12 01:48:10	70344	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 01:48:10	426184	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-12 03:08:36	3148800	----a-w-	C:\Windows\System32\win32k.sys
2012-06-06 06:06:16	2004480	----a-w-	C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16	1881600	----a-w-	C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54	1133568	----a-w-	C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52	1390080	----a-w-	C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52	1236992	----a-w-	C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06	805376	----a-w-	C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42	186752	----a-w-	C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31	2622464	----a-w-	C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12	36864	----a-w-	C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08	99840	----a-w-	C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17	2311680	----a-w-	C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28	1392128	----a-w-	C:\Windows\System32\wininet.dll
2012-06-02 12:04:50	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25	1800192	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10	458704	----a-w-	C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16	95600	----a-w-	C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16	151920	----a-w-	C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31	340992	----a-w-	C:\Windows\System32\schannel.dll
2012-06-02 05:44:21	307200	----a-w-	C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42	22016	----a-w-	C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39	225280	----a-w-	C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10	219136	----a-w-	C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09	96768	----a-w-	C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 13:14:44.59 ===============


----------



## mathew206 (Aug 7, 2012)

Attach.txt as an attachment.

Also, I tried to run combofix, but it says that I have real time scanners running. I have Norton Business Suite, and I rechecked the settings for it. Everything showed that it was disabled or not checked. So I continued, and the Combofix said I was running at my own risk. It completed the scan, and the results are copied below. Thanks again, I will wait for your response.

ComboFix 12-08-16.01 - ChoysToy 08/16/2012 13:38:02.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3933.2369 [GMT -7:00]
Running from: c:\users\ChoysToy\Desktop\ComboFix.exe
AV: Norton Business Suite *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Business Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Business Suite *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\_desktop.ini
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\BIN\_desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 20:57 . 2012-08-16 20:57	--------	d-----w-	c:\users\Xiao Rui\AppData\Local\temp
2012-08-16 20:57 . 2012-08-16 20:57	--------	d-----w-	c:\users\TEMP\AppData\Local\temp
2012-08-16 20:57 . 2012-08-16 20:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-19 06:03 . 2012-07-19 06:04	--------	d-----w-	C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 22:40 . 2012-07-13 22:40	116016	----a-w-	c:\windows\system32\drivers\24097668.sys
2012-07-12 03:06 . 2012-07-12 03:06	175736	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-07-12 01:48 . 2012-04-12 00:58	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 01:48 . 2011-06-02 18:38	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 18:31 . 2010-03-28 20:35	59701280	----a-w-	c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-11 18:37	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 16:03	14172672	----a-w-	c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 16:04	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 16:04	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 16:03	1133568	----a-w-	c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 16:04	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 16:04	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 16:03	805376	----a-w-	c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-27 06:20	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-27 06:21	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-27 06:21	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-27 06:21	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-27 06:20	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-27 06:20	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-27 06:21	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-27 06:20	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-27 06:20	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 12:49 . 2012-07-11 18:30	17807360	----a-w-	c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 18:30	10924032	----a-w-	c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 18:30	2311680	----a-w-	c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 18:30	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 18:30	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 18:30	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 18:30	237056	----a-w-	c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 18:30	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 18:30	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 18:30	818688	----a-w-	c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 18:30	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 18:30	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 18:30	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 18:30	248320	----a-w-	c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 18:30	1800192	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 18:30	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 18:30	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 18:30	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 18:30	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 16:03	458704	----a-w-	c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 16:03	151920	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 16:03	95600	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 16:03	340992	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 16:03	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 16:03	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 16:03	225280	----a-w-	c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 16:03	219136	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 16:03	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( [email protected]_04.27.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-19 05:08 . 2012-08-16 21:01	57708 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-16 21:01	55234 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-27 03:52 . 2012-08-16 21:01	15010 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1784883445-1032603892-293820194-1003_UserData.bin
+ 2012-08-16 20:58 . 2012-08-16 20:58	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-23 04:14 . 2012-07-23 04:14	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-16 20:58 . 2012-08-16 20:58	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-23 04:14 . 2012-07-23 04:14	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-08-16 19:50	229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-22 07:50	229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-07-22 05:54	683588 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-16 20:16	683588 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-16 20:16	128518 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-22 05:54	128518 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-08-16 20:57	429176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-23 03:59	429176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-07-22 07:50	2080768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-16 19:50	2080768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-22 07:50	3997696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-16 19:50	3997696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-19 05:48 . 2012-08-16 20:57	2918368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-02-19 05:48 . 2012-07-23 04:00	2918368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-04-08 21:16 . 2012-07-22 18:30	6726292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1784883445-1032603892-293820194-1003-8192.dat
+ 2011-04-08 21:16 . 2012-08-16 20:57	6726292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1784883445-1032603892-293820194-1003-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskScheduler"="c:\prowin11\32bit\TaskSch.exe" [2012-05-28 443992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2009-12-10 1092968]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-30 124240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 136176]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-05 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-08-05 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-08-05 166384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-04-30 76696]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-08 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2009-12-10 75112]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-05 313840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-05 1124848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-19 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-07 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2011-11-24 1092728]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-06-29 23592]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-07-11 1161376]
S1 ccSet_N360;Norton Business Suite Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-04 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120718.001\IDSvia64.sys [2012-07-11 509088]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-12 57976]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2011-11-17 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2011-11-17 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 DDNIMSGService;DDNIMSGService;c:\program files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2010-07-20 171872]
S2 DDNIService;DDNIService;c:\program files (x86)\DDNI\DIBS\DDNIService.exe [2010-07-23 163680]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-04-30 19720]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-04-30 78992]
S2 N360;Norton Business Suite;c:\program files (x86)\Norton Business Suite\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-06-18 161024]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-07-12 138912]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 143320]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-03 15360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 01:48]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 04:51]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 04:51]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1784883445-1032603892-293820194-1003Core.job
- c:\users\ChoysToy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-08 06:29]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1784883445-1032603892-293820194-1003UA.job
- c:\users\ChoysToy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-08 06:29]
.
2012-05-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:44]
.
2012-08-16 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-10 7968800]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"TpShocks"="TpShocks.exe" [2009-07-09 380704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-11 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\ChoysToy\AppData\Roaming\Mozilla\Firefox\Profiles\nfiidqxa.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Business Suite\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Business Suite\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Completion time: 2012-08-16 14:08:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-16 21:08
ComboFix2.txt 2012-07-23 04:32
.
Pre-Run: 343,722,696,704 bytes free
Post-Run: 343,239,516,160 bytes free
.
- - End Of File - - 429067C2F319B30F134537A3A60E8C41


----------



## Mark1956 (May 7, 2011)

For a start please uninstall McAfee Agent and then run this 
McAfee Removal Tool

You need not run HJT, it doesn't fix anything, it only produces a log just like DDS, but DDS provides the same information plus a bit more.

Please post the log from the TDSSKiller scan, you will find it on your C: drive.

I can see you have used Farbar Recovery Scan Tool, did you obtain a log from it, if so please post it.

While I am helping you please do not attempt to run any scans that I have not requested as this can produce misleading results.

Combofix has not found anything so we need to run some other scans, we will start with this one:

Download RogueKiller (by tigzy) and save direct to your Desktop.

On the web page click on this:









Quit all running programs
Start RogueKiller.exe
Wait until Prescan has finished.
Ensure all boxes are ticked under "Report" tab.
Click on Scan.
Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
NOTE: *DO NOT attempt to remove anything that the scan detects.*


----------



## mathew206 (Aug 7, 2012)

Hey Mark,

I have not tried any other troubleshooting or cleaning programs since we have started. I will look for the logs for TDSSkiller and Farbar.

I have tried to uninstall Mcafee on multiple occasions, but I have not had any success. Everytime I try to uninstall, it states 
"McAfee Agent cannot be removed because other products are still using it. "

I actually got this version of Mcafee from school (University of California, Irvine) which was used in conjunction with Cisco Clean Access Agent.
I was able to uninstall Cisco Clean access agent, but not mcafee. I have tried MCPR.exe as well, but I was still unable to uninstall mcafee. Do you still want me to proceed with Rogue Killer? Or any other tips on getting rid of Mcafee?


----------



## mathew206 (Aug 7, 2012)

I found the TDSSKiller log, but I could not locate Farbar log. Would that also be under C: drive? Thanks Mark.

15:40:46.0558 2876	TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
15:40:47.0119 2876	============================================================
15:40:47.0119 2876	Current date / time: 2012/07/13 15:40:47.0119
15:40:47.0119 2876	SystemInfo:
15:40:47.0119 2876	
15:40:47.0119 2876	OS Version: 6.1.7601 ServicePack: 1.0
15:40:47.0119 2876	Product type: Workstation
15:40:47.0119 2876	ComputerName: CHOYSTOY-THINK
15:40:47.0119 2876	UserName: ChoysToy
15:40:47.0119 2876	Windows directory: C:\Windows
15:40:47.0119 2876	System windows directory: C:\Windows
15:40:47.0119 2876	Running under WOW64
15:40:47.0119 2876	Processor architecture: Intel x64
15:40:47.0119 2876	Number of processors: 2
15:40:47.0119 2876	Page size: 0x1000
15:40:47.0119 2876	Boot type: Safe boot with network
15:40:47.0119 2876	============================================================
15:40:47.0743 2876	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:40:47.0759 2876	============================================================
15:40:47.0759 2876	\Device\Harddisk0\DR0:
15:40:47.0759 2876	MBR partitions:
15:40:47.0759 2876	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
15:40:47.0759 2876	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x38DA4FF8
15:40:47.0759 2876	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38FFD800, BlocksNum 0x1388000
15:40:47.0759 2876	============================================================
15:40:47.0775 2876	C: <-> \Device\Harddisk0\DR0\Partition1
15:40:47.0821 2876	Q: <-> \Device\Harddisk0\DR0\Partition2
15:40:47.0821 2876	============================================================
15:40:47.0821 2876	Initialize success
15:40:47.0821 2876	============================================================
15:43:33.0260 2448	============================================================
15:43:33.0260 2448	Scan started
15:43:33.0260 2448	Mode: Manual; 
15:43:33.0260 2448	============================================================
15:43:35.0771 2448	!SASCORE (a0709b82fa3b5afad1467e565b8b3ba0) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:43:35.0771 2448	!SASCORE - ok
15:43:36.0614 2448	1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:43:36.0614 2448	1394ohci - ok
15:43:36.0879 2448	5U877 (7d497701bda1267ad5f86350925d2f10) C:\Windows\system32\DRIVERS\5U877.sys
15:43:36.0879 2448	5U877 - ok
15:43:37.0269 2448	ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:43:37.0269 2448	ACPI - ok
15:43:37.0363 2448	AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:43:37.0363 2448	AcpiPmi - ok
15:43:37.0737 2448	AcPrfMgrSvc (bcab739e5fea28407076d757044a629f) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
15:43:37.0753 2448	AcPrfMgrSvc - ok
15:43:37.0862 2448	AcSvc (d6dd4f1596c54afa5c6ccae6842f9e44) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
15:43:37.0862 2448	AcSvc - ok
15:43:38.0751 2448	AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:43:38.0751 2448	AdobeFlashPlayerUpdateSvc - ok
15:43:39.0188 2448	adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:43:39.0188 2448	adp94xx - ok
15:43:39.0515 2448	adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:43:39.0531 2448	adpahci - ok
15:43:39.0593 2448	adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:43:39.0593 2448	adpu320 - ok
15:43:39.0703 2448	AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:43:39.0703 2448	AeLookupSvc - ok
15:43:40.0186 2448	AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:43:40.0186 2448	AFD - ok
15:43:40.0280 2448	agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:43:40.0280 2448	agp440 - ok
15:43:40.0373 2448	ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:43:40.0373 2448	ALG - ok
15:43:40.0467 2448	aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:43:40.0467 2448	aliide - ok
15:43:40.0670 2448	amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:43:40.0670 2448	amdide - ok
15:43:41.0138 2448	AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:43:41.0138 2448	AmdK8 - ok
15:43:41.0263 2448	AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:43:41.0263 2448	AmdPPM - ok
15:43:41.0294 2448	amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:43:41.0294 2448	amdsata - ok
15:43:41.0341 2448	amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:43:41.0341 2448	amdsbs - ok
15:43:41.0387 2448	amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:43:41.0387 2448	amdxata - ok
15:43:41.0419 2448	AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:43:41.0419 2448	AppID - ok
15:43:41.0465 2448	AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:43:41.0465 2448	AppIDSvc - ok
15:43:41.0497 2448	Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:43:41.0497 2448	Appinfo - ok
15:43:41.0621 2448	Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:43:41.0621 2448	Apple Mobile Device - ok
15:43:41.0668 2448	AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:43:41.0668 2448	AppMgmt - ok
15:43:41.0731 2448	arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:43:41.0731 2448	arc - ok
15:43:41.0777 2448	arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:43:41.0777 2448	arcsas - ok
15:43:41.0824 2448	AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:43:41.0824 2448	AsyncMac - ok
15:43:41.0855 2448	atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:43:41.0855 2448	atapi - ok
15:43:41.0980 2448	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:43:41.0980 2448	AudioEndpointBuilder - ok
15:43:41.0996 2448	AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:43:41.0996 2448	AudioSrv - ok
15:43:42.0043 2448	AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:43:42.0043 2448	AxInstSV - ok
15:43:42.0121 2448	b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:43:42.0121 2448	b06bdrv - ok
15:43:42.0152 2448	b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:43:42.0152 2448	b57nd60a - ok
15:43:42.0230 2448	BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
15:43:42.0230 2448	BcmSqlStartupSvc - ok
15:43:42.0261 2448	BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:43:42.0261 2448	BDESVC - ok
15:43:42.0355 2448	Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:43:42.0355 2448	Beep - ok
15:43:42.0713 2448	BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
15:43:42.0713 2448	BHDrvx64 - ok
15:43:42.0901 2448	BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:43:42.0947 2448	BITS - ok
15:43:43.0025 2448	blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:43:43.0025 2448	blbdrive - ok
15:43:43.0150 2448	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:43:43.0166 2448	Bonjour Service - ok
15:43:43.0228 2448	bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:43:43.0228 2448	bowser - ok
15:43:43.0275 2448	BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:43:43.0275 2448	BrFiltLo - ok
15:43:43.0306 2448	BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:43:43.0306 2448	BrFiltUp - ok
15:43:43.0337 2448	Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:43:43.0337 2448	Browser - ok
15:43:43.0384 2448	Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:43:43.0384 2448	Brserid - ok
15:43:43.0400 2448	BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:43:43.0400 2448	BrSerWdm - ok
15:43:43.0415 2448	BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:43:43.0415 2448	BrUsbMdm - ok
15:43:43.0431 2448	BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:43:43.0431 2448	BrUsbSer - ok
15:43:43.0493 2448	BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:43:43.0493 2448	BthEnum - ok
15:43:43.0509 2448	BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:43:43.0509 2448	BTHMODEM - ok
15:43:43.0540 2448	BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:43:43.0540 2448	BthPan - ok
15:43:43.0571 2448	BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
15:43:43.0587 2448	BTHPORT - ok
15:43:43.0618 2448	bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:43:43.0618 2448	bthserv - ok
15:43:43.0665 2448	BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
15:43:43.0665 2448	BTHUSB - ok
15:43:43.0774 2448	ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys
15:43:43.0774 2448	ccSet_N360 - ok
15:43:43.0821 2448	cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:43:43.0821 2448	cdfs - ok
15:43:43.0868 2448	cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:43:43.0868 2448	cdrom - ok
15:43:43.0930 2448	CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:43:43.0930 2448	CertPropSvc - ok
15:43:43.0977 2448	circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:43:43.0977 2448	circlass - ok
15:43:44.0024 2448	CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:43:44.0024 2448	CLFS - ok
15:43:44.0117 2448	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:43:44.0117 2448	clr_optimization_v2.0.50727_32 - ok
15:43:44.0164 2448	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:43:44.0164 2448	clr_optimization_v2.0.50727_64 - ok
15:43:44.0258 2448	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:43:44.0289 2448	clr_optimization_v4.0.30319_32 - ok
15:43:44.0336 2448	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:43:44.0336 2448	clr_optimization_v4.0.30319_64 - ok
15:43:44.0383 2448	CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:43:44.0383 2448	CmBatt - ok
15:43:44.0414 2448	cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:43:44.0414 2448	cmdide - ok
15:43:44.0461 2448	CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
15:43:44.0461 2448	CNG - ok
15:43:44.0507 2448	Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:43:44.0507 2448	Compbatt - ok
15:43:44.0523 2448	CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:43:44.0539 2448	CompositeBus - ok
15:43:44.0539 2448	COMSysApp - ok
15:43:44.0570 2448	crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:43:44.0570 2448	crcdisk - ok
15:43:44.0601 2448	CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:43:44.0617 2448	CryptSvc - ok
15:43:44.0710 2448	CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:43:44.0710 2448	CSC - ok
15:43:44.0757 2448	CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:43:44.0757 2448	CscService - ok
15:43:44.0819 2448	DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:43:44.0851 2448	DcomLaunch - ok
15:43:44.0944 2448	DDNIMSGService (696c496ddab0a608d02894e9d4f62980) C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
15:43:44.0960 2448	DDNIMSGService - ok
15:43:44.0975 2448	DDNIService (a767a85632556477021d43259397b21a) C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe
15:43:44.0975 2448	DDNIService - ok
15:43:45.0007 2448	defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:43:45.0007 2448	defragsvc - ok
15:43:45.0100 2448	DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:43:45.0100 2448	DfsC - ok
15:43:45.0147 2448	Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:43:45.0147 2448	Dhcp - ok
15:43:45.0163 2448	discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:43:45.0163 2448	discache - ok
15:43:45.0178 2448	Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:43:45.0178 2448	Disk - ok
15:43:45.0225 2448	Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:43:45.0225 2448	Dnscache - ok
15:43:45.0287 2448	dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:43:45.0287 2448	dot3svc - ok
15:43:45.0350 2448	Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
15:43:45.0350 2448	Dot4 - ok
15:43:45.0365 2448	Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:43:45.0365 2448	Dot4Print - ok
15:43:45.0397 2448	dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
15:43:45.0397 2448	dot4usb - ok
15:43:45.0428 2448	DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:43:45.0428 2448	DPS - ok
15:43:45.0443 2448	drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:43:45.0443 2448	drmkaud - ok
15:43:45.0553 2448	DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:43:45.0553 2448	DXGKrnl - ok
15:43:45.0584 2448	EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:43:45.0599 2448	EapHost - ok
15:43:45.0755 2448	ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:43:45.0771 2448	ebdrv - ok
15:43:45.0865 2448	eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:43:45.0865 2448	eeCtrl - ok
15:43:45.0958 2448	EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:43:45.0974 2448	EFS - ok
15:43:46.0036 2448	ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:43:46.0052 2448	ehRecvr - ok
15:43:46.0083 2448	ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:43:46.0083 2448	ehSched - ok
15:43:46.0145 2448	elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:43:46.0161 2448	elxstor - ok
15:43:46.0255 2448	EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:43:46.0255 2448	EraserUtilRebootDrv - ok
15:43:46.0286 2448	ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:43:46.0286 2448	ErrDev - ok
15:43:46.0348 2448	EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:43:46.0348 2448	EventSystem - ok
15:43:46.0504 2448	EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:43:46.0520 2448	EvtEng - ok
15:43:46.0645 2448	exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:43:46.0645 2448	exfat - ok
15:43:46.0691 2448	fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:43:46.0691 2448	fastfat - ok
15:43:46.0785 2448	Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:43:46.0801 2448	Fax - ok
15:43:46.0801 2448	fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:43:46.0801 2448	fdc - ok
15:43:46.0832 2448	fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:43:46.0832 2448	fdPHost - ok
15:43:46.0847 2448	FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:43:46.0847 2448	FDResPub - ok
15:43:46.0879 2448	FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:43:46.0879 2448	FileInfo - ok
15:43:46.0879 2448	Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:43:46.0879 2448	Filetrace - ok
15:43:46.0972 2448	FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:43:46.0972 2448	FLEXnet Licensing Service - ok
15:43:47.0003 2448	flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:43:47.0003 2448	flpydisk - ok
15:43:47.0050 2448	FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:43:47.0050 2448	FltMgr - ok
15:43:47.0128 2448	FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:43:47.0144 2448	FontCache - ok
15:43:47.0206 2448	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:43:47.0206 2448	FontCache3.0.0.0 - ok
15:43:47.0269 2448	FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:43:47.0269 2448	FsDepends - ok
15:43:47.0315 2448	Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:43:47.0315 2448	Fs_Rec - ok
15:43:47.0362 2448	fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:43:47.0362 2448	fvevol - ok
15:43:47.0378 2448	gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:43:47.0378 2448	gagp30kx - ok
15:43:47.0425 2448	GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:43:47.0425 2448	GEARAspiWDM - ok
15:43:47.0487 2448	gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:43:47.0487 2448	gpsvc - ok
15:43:47.0596 2448	gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:43:47.0596 2448	gupdate - ok
15:43:47.0612 2448	gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:43:47.0627 2448	gupdatem - ok
15:43:47.0643 2448	hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:43:47.0643 2448	hcw85cir - ok
15:43:47.0705 2448	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:43:47.0705 2448	HdAudAddService - ok
15:43:47.0721 2448	HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:43:47.0721 2448	HDAudBus - ok
15:43:47.0737 2448	HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:43:47.0737 2448	HidBatt - ok
15:43:47.0752 2448	HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:43:47.0752 2448	HidBth - ok
15:43:47.0768 2448	HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:43:47.0768 2448	HidIr - ok
15:43:47.0783 2448	hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:43:47.0783 2448	hidserv - ok
15:43:47.0783 2448	HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:43:47.0783 2448	HidUsb - ok
15:43:47.0830 2448	hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:43:47.0830 2448	hkmsvc - ok
15:43:47.0861 2448	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:43:47.0877 2448	HomeGroupListener - ok
15:43:47.0924 2448	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:43:47.0924 2448	HomeGroupProvider - ok
15:43:48.0080 2448	hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
15:43:48.0080 2448	hpqcxs08 - ok
15:43:48.0127 2448	hpqddsvc (75cc8c5146a3fb76221a7606628778d5) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
15:43:48.0127 2448	hpqddsvc - ok
15:43:48.0173 2448	HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:43:48.0173 2448	HpSAMD - ok
15:43:48.0236 2448	HPSLPSVC (2adf33f93991c4e24e86ffa5f906417b) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
15:43:48.0251 2448	HPSLPSVC - ok
15:43:48.0361 2448	HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:43:48.0361 2448	HTTP - ok
15:43:48.0407 2448	hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:43:48.0407 2448	hwpolicy - ok
15:43:48.0470 2448	i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:43:48.0470 2448	i8042prt - ok
15:43:48.0563 2448	IAANTMON (0e899d0db39617aa0b2f992e7e95b5eb) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:43:48.0563 2448	IAANTMON - ok
15:43:48.0626 2448	iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
15:43:48.0626 2448	iaStor - ok
15:43:48.0688 2448	iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:43:48.0688 2448	iaStorV - ok
15:43:48.0766 2448	IBMPMDRV (b8e7ca64fff8b71636dea3a845cc23e5) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
15:43:48.0766 2448	IBMPMDRV - ok
15:43:48.0782 2448	IBMPMSVC (6daedf692b52b7c238c7199419318d16) C:\Windows\system32\ibmpmsvc.exe
15:43:48.0782 2448	IBMPMSVC - ok
15:43:48.0891 2448	idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:43:48.0907 2448	idsvc - ok
15:43:49.0172 2448	IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120712.001\IDSvia64.sys
15:43:49.0172 2448	IDSVia64 - ok
15:43:49.0515 2448	igfx (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:43:49.0562 2448	igfx - ok
15:43:49.0655 2448	iirsp  (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:43:49.0655 2448	iirsp - ok
15:43:49.0702 2448	IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:43:49.0718 2448	IKEEXT - ok
15:43:49.0827 2448	IntcAzAudAddService (3111a658416dc464ba1e48e3b2169952) C:\Windows\system32\drivers\RTKVHD64.sys
15:43:49.0827 2448	IntcAzAudAddService - ok
15:43:49.0921 2448	IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
15:43:49.0921 2448	IntcHdmiAddService - ok
15:43:49.0967 2448	intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:43:49.0967 2448	intelide - ok
15:43:49.0999 2448	intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:43:49.0999 2448	intelppm - ok
15:43:50.0045 2448	IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:43:50.0045 2448	IPBusEnum - ok
15:43:50.0077 2448	IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:43:50.0077 2448	IpFilterDriver - ok
15:43:50.0123 2448	IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:43:50.0123 2448	IPMIDRV - ok
15:43:50.0139 2448	IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:43:50.0139 2448	IPNAT - ok
15:43:50.0295 2448	iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
15:43:50.0295 2448	iPod Service - ok
15:43:50.0311 2448	IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:43:50.0311 2448	IRENUM - ok
15:43:50.0357 2448	isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:43:50.0357 2448	isapnp - ok
15:43:50.0373 2448	iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:43:50.0389 2448	iScsiPrt - ok
15:43:50.0435 2448	IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
15:43:50.0435 2448	IviRegMgr - ok
15:43:50.0529 2448	JMCR (80a1de467adf200390134d63e359937a) C:\Windows\system32\DRIVERS\jmcr.sys
15:43:50.0529 2448	JMCR - ok
15:43:50.0576 2448	kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:43:50.0576 2448	kbdclass - ok
15:43:50.0623 2448	kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:43:50.0623 2448	kbdhid - ok
15:43:50.0669 2448	KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:43:50.0669 2448	KeyIso - ok
15:43:50.0732 2448	KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
15:43:50.0747 2448	KMWDFILTER - ok
15:43:50.0779 2448	KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
15:43:50.0779 2448	KSecDD - ok
15:43:50.0825 2448	KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
15:43:50.0825 2448	KSecPkg - ok
15:43:50.0872 2448	ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:43:50.0872 2448	ksthunk - ok
15:43:50.0919 2448	KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:43:50.0919 2448	KtmRm - ok
15:43:50.0997 2448	LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:43:50.0997 2448	LanmanServer - ok
15:43:51.0044 2448	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:43:51.0044 2448	LanmanWorkstation - ok
15:43:51.0106 2448	LENOVO.MICMUTE (d584216c7767dcfb4b812b9b60a4a4e7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
15:43:51.0106 2448	LENOVO.MICMUTE - ok
15:43:51.0137 2448	lenovo.smi (5acff5823634bc2c4ebf559c3b33e18e) C:\Windows\system32\DRIVERS\smiifx64.sys
15:43:51.0137 2448	lenovo.smi - ok
15:43:51.0169 2448	lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:43:51.0184 2448	lltdio - ok
15:43:51.0231 2448	lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:43:51.0231 2448	lltdsvc - ok
15:43:51.0231 2448	lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:43:51.0231 2448	lmhosts - ok
15:43:51.0262 2448	LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:43:51.0262 2448	LSI_FC - ok
15:43:51.0278 2448	LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:43:51.0278 2448	LSI_SAS - ok
15:43:51.0293 2448	LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:43:51.0293 2448	LSI_SAS2 - ok
15:43:51.0309 2448	LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:43:51.0309 2448	LSI_SCSI - ok
15:43:51.0340 2448	luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:43:51.0340 2448	luafv - ok
15:43:51.0434 2448	McAfeeEngineService (c1dfabffd5c17a64a3e756313e5495d9) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
15:43:51.0434 2448	McAfeeEngineService - ok
15:43:51.0481 2448	McAfeeFramework (c341d64c9f3b39cb56f9712335c33717) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
15:43:51.0481 2448	McAfeeFramework - ok
15:43:51.0512 2448	McShield (683d79595af56b4b987ffc898c83c575) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
15:43:51.0512 2448	McShield - ok
15:43:51.0543 2448	McTaskManager (7984c3fe368abe31543a95fbf4965bb8) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
15:43:51.0559 2448	McTaskManager - ok
15:43:51.0605 2448	Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:43:51.0605 2448	Mcx2Svc - ok
15:43:51.0637 2448	megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:43:51.0637 2448	megasas - ok
15:43:51.0652 2448	MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:43:51.0652 2448	MegaSR - ok
15:43:51.0683 2448	mfeapfk (be32ddafc21b7ac0abeb5b0433cb2b22) C:\Windows\system32\drivers\mfeapfk.sys
15:43:51.0683 2448	mfeapfk - ok
15:43:51.0715 2448	mfeavfk (d1434fafe6e916f25d1669979c21cf5d) C:\Windows\system32\drivers\mfeavfk.sys
15:43:51.0715 2448	mfeavfk - ok
15:43:51.0761 2448	mfehidk (d0067b5e7d1a9ae6fe659eb03d6c9e34) C:\Windows\system32\drivers\mfehidk.sys
15:43:51.0761 2448	mfehidk - ok
15:43:51.0793 2448	mferkdet (b013e947563b509750023a1e6820908e) C:\Windows\system32\drivers\mferkdet.sys
15:43:51.0793 2448	mferkdet - ok
15:43:51.0824 2448	mfetdik (6fa1daa1ea0a3a467688f2598a625318) C:\Windows\system32\drivers\mfetdik.sys
15:43:51.0824 2448	mfetdik - ok
15:43:51.0839 2448	mfevtp (5c17c234f6cb7e6a6a9d175a71dd49a8) C:\Windows\system32\mfevtps.exe
15:43:51.0839 2448	mfevtp - ok
15:43:51.0964 2448	Microsoft SharePoint Workspace Audit Service - ok
15:43:51.0980 2448	MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:43:51.0980 2448	MMCSS - ok
15:43:52.0027 2448	Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:43:52.0027 2448	Modem - ok
15:43:52.0089 2448	monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:43:52.0089 2448	monitor - ok
15:43:52.0183 2448	mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:43:52.0183 2448	mouclass - ok
15:43:52.0214 2448	mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:43:52.0214 2448	mouhid - ok
15:43:52.0261 2448	mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:43:52.0261 2448	mountmgr - ok
15:43:52.0354 2448	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:43:52.0354 2448	MozillaMaintenance - ok
15:43:52.0401 2448	mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:43:52.0401 2448	mpio - ok
15:43:52.0432 2448	mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:43:52.0432 2448	mpsdrv - ok
15:43:52.0479 2448	MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:43:52.0479 2448	MRxDAV - ok
15:43:52.0557 2448	mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:43:52.0557 2448	mrxsmb - ok
15:43:52.0635 2448	mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:43:52.0635 2448	mrxsmb10 - ok
15:43:52.0697 2448	mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:43:52.0697 2448	mrxsmb20 - ok
15:43:52.0729 2448	msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:43:52.0729 2448	msahci - ok
15:43:52.0775 2448	msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:43:52.0775 2448	msdsm - ok
15:43:52.0807 2448	MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:43:52.0807 2448	MSDTC - ok
15:43:52.0869 2448	Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:43:52.0869 2448	Msfs - ok
15:43:52.0885 2448	mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:43:52.0885 2448	mshidkmdf - ok
15:43:52.0900 2448	msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:43:52.0900 2448	msisadrv - ok
15:43:52.0931 2448	MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:43:52.0931 2448	MSiSCSI - ok
15:43:52.0931 2448	msiserver - ok
15:43:52.0947 2448	MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:43:52.0947 2448	MSKSSRV - ok
15:43:52.0963 2448	MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:43:52.0963 2448	MSPCLOCK - ok
15:43:52.0978 2448	MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:43:52.0978 2448	MSPQM - ok
15:43:53.0025 2448	MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:43:53.0025 2448	MsRPC - ok
15:43:53.0072 2448	mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:43:53.0072 2448	mssmbios - ok
15:43:53.0165 2448	MSSQL$MSSMLBIZ - ok
15:43:53.0197 2448	MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:43:53.0197 2448	MSSQLServerADHelper - ok
15:43:53.0212 2448	MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:43:53.0228 2448	MSTEE - ok
15:43:53.0228 2448	MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:43:53.0228 2448	MTConfig - ok
15:43:53.0259 2448	Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:43:53.0259 2448	Mup - ok
15:43:53.0415 2448	N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Business Suite\Engine\6.2.1.5\ccSvcHst.exe
15:43:53.0415 2448	N360 - ok
15:43:53.0540 2448	NACAgent (20f2516bfac46d34a3c36210d6455c72) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
15:43:53.0540 2448	NACAgent - ok
15:43:53.0649 2448	napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:43:53.0649 2448	napagent - ok
15:43:53.0727 2448	NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:43:53.0727 2448	NativeWifiP - ok
15:43:53.0945 2448	NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120713.004\ENG64.SYS
15:43:53.0945 2448	NAVENG - ok
15:43:54.0039 2448	NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120713.004\EX64.SYS
15:43:54.0055 2448	NAVEX15 - ok
15:43:54.0179 2448	NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:43:54.0195 2448	NDIS - ok
15:43:54.0226 2448	NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:43:54.0226 2448	NdisCap - ok
15:43:54.0242 2448	NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:43:54.0257 2448	NdisTapi - ok
15:43:54.0304 2448	Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:43:54.0304 2448	Ndisuio - ok
15:43:54.0351 2448	NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:43:54.0351 2448	NdisWan - ok
15:43:54.0413 2448	NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:43:54.0413 2448	NDProxy - ok
15:43:54.0476 2448	Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
15:43:54.0476 2448	Net Driver HPZ12 - ok
15:43:54.0491 2448	NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:43:54.0491 2448	NetBIOS - ok
15:43:54.0538 2448	NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:43:54.0538 2448	NetBT - ok
15:43:54.0585 2448	Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:43:54.0585 2448	Netlogon - ok
15:43:54.0601 2448	Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:43:54.0601 2448	Netman - ok
15:43:54.0647 2448	netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:43:54.0647 2448	netprofm - ok
15:43:54.0694 2448	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:43:54.0694 2448	NetTcpPortSharing - ok
15:43:54.0959 2448	NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
15:43:54.0991 2448	NETw5s64 - ok
15:43:55.0287 2448	netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:43:55.0318 2448	netw5v64 - ok
15:43:55.0412 2448	nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:43:55.0412 2448	nfrd960 - ok
15:43:55.0459 2448	NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:43:55.0474 2448	NlaSvc - ok
15:43:55.0490 2448	Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:43:55.0490 2448	Npfs - ok
15:43:55.0505 2448	nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:43:55.0505 2448	nsi - ok
15:43:55.0537 2448	nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:43:55.0537 2448	nsiproxy - ok
15:43:55.0724 2448	Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:43:55.0724 2448	Ntfs - ok
15:43:55.0849 2448	Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:43:55.0849 2448	Null - ok
15:43:55.0895 2448	nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:43:55.0895 2448	nvraid - ok
15:43:55.0927 2448	nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:43:55.0927 2448	nvstor - ok
15:43:55.0973 2448	nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:43:55.0989 2448	nv_agp - ok
15:43:56.0036 2448	ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:43:56.0036 2448	ohci1394 - ok
15:43:56.0098 2448	ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:43:56.0098 2448	ose - ok
15:43:56.0363 2448	osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:43:56.0379 2448	osppsvc - ok
15:43:56.0488 2448	p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:43:56.0488 2448	p2pimsvc - ok
15:43:56.0504 2448	p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:43:56.0519 2448	p2psvc - ok
15:43:56.0566 2448	Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:43:56.0582 2448	Parport - ok
15:43:56.0613 2448	partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:43:56.0613 2448	partmgr - ok
15:43:56.0644 2448	PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:43:56.0644 2448	PcaSvc - ok
15:43:56.0691 2448	pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:43:56.0691 2448	pci - ok
15:43:56.0707 2448	pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:43:56.0707 2448	pciide - ok
15:43:56.0722 2448	pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:43:56.0722 2448	pcmcia - ok
15:43:56.0738 2448	pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:43:56.0738 2448	pcw - ok
15:43:56.0785 2448	PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:43:56.0785 2448	PEAUTH - ok
15:43:56.0863 2448	PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:43:56.0878 2448	PeerDistSvc - ok
15:43:56.0925 2448	PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:43:56.0956 2448	PerfHost - ok
15:43:57.0065 2448	pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:43:57.0081 2448	pla - ok
15:43:57.0159 2448	PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:43:57.0159 2448	PlugPlay - ok
15:43:57.0237 2448	Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
15:43:57.0237 2448	Pml Driver HPZ12 - ok
15:43:57.0315 2448	pneteth (fe74ba87cdaa80ac9261f49167f0608a) C:\Windows\system32\DRIVERS\pneteth.sys
15:43:57.0315 2448	pneteth - ok
15:43:57.0346 2448	PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:43:57.0346 2448	PNRPAutoReg - ok
15:43:57.0377 2448	PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:43:57.0377 2448	PNRPsvc - ok
15:43:57.0424 2448	Point64  (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
15:43:57.0424 2448	Point64 - ok
15:43:57.0471 2448	PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:43:57.0471 2448	PolicyAgent - ok
15:43:57.0502 2448	Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:43:57.0502 2448	Power - ok
15:43:57.0565 2448	Power Manager DBC Service (d07d33d2293e4acae0cbf13108b92a4f) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
15:43:57.0565 2448	Power Manager DBC Service - ok
15:43:57.0596 2448	PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:43:57.0596 2448	PptpMiniport - ok
15:43:57.0627 2448	Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:43:57.0627 2448	Processor - ok
15:43:57.0674 2448	ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:43:57.0674 2448	ProfSvc - ok
15:43:57.0705 2448	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:43:57.0705 2448	ProtectedStorage - ok
15:43:57.0736 2448	psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys
15:43:57.0736 2448	psadd - ok
15:43:57.0799 2448	Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:43:57.0799 2448	Psched - ok
15:43:57.0814 2448	PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:43:57.0830 2448	PxHlpa64 - ok
15:43:57.0892 2448	ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:43:57.0892 2448	ql2300 - ok
15:43:58.0001 2448	ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:43:58.0001 2448	ql40xx - ok
15:43:58.0033 2448	QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:43:58.0033 2448	QWAVE - ok
15:43:58.0048 2448	QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:43:58.0048 2448	QWAVEdrv - ok
15:43:58.0064 2448	RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:43:58.0064 2448	RasAcd - ok
15:43:58.0079 2448	RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:43:58.0079 2448	RasAgileVpn - ok
15:43:58.0111 2448	RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:43:58.0111 2448	RasAuto - ok
15:43:58.0157 2448	Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:43:58.0157 2448	Rasl2tp - ok
15:43:58.0220 2448	RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:43:58.0220 2448	RasMan - ok
15:43:58.0235 2448	RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:43:58.0235 2448	RasPppoe - ok
15:43:58.0251 2448	RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:43:58.0251 2448	RasSstp - ok
15:43:58.0329 2448	rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:43:58.0329 2448	rdbss - ok
15:43:58.0345 2448	rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:43:58.0345 2448	rdpbus - ok
15:43:58.0360 2448	RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:43:58.0360 2448	RDPCDD - ok
15:43:58.0423 2448	RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:43:58.0423 2448	RDPDR - ok
15:43:58.0454 2448	RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:43:58.0454 2448	RDPENCDD - ok
15:43:58.0485 2448	RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:43:58.0485 2448	RDPREFMP - ok
15:43:58.0547 2448	RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:43:58.0547 2448	RDPWD - ok
15:43:58.0563 2448	rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:43:58.0563 2448	rdyboost - ok
15:43:58.0641 2448	RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:43:58.0641 2448	RegSrvc - ok
15:43:58.0672 2448	RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:43:58.0672 2448	RemoteAccess - ok
15:43:58.0703 2448	RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:43:58.0703 2448	RemoteRegistry - ok
15:43:58.0766 2448	RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:43:58.0781 2448	RFCOMM - ok
15:43:58.0844 2448	Roxio UPnP Renderer 10 (14a99fd851272c73b758546ef8f0e641) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
15:43:58.0859 2448	Roxio UPnP Renderer 10 - ok
15:43:58.0875 2448	Roxio Upnp Server 10 (ba917f2f2bd5033e70823797c73cdfcb) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
15:43:58.0891 2448	Roxio Upnp Server 10 - ok
15:43:58.0937 2448	RoxLiveShare10 (8986d20cf294d794a79fb18ff697b68b) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
15:43:58.0953 2448	RoxLiveShare10 - ok
15:43:59.0000 2448	RoxMediaDB10 (d8c44229eb2495e774350529ed9be08d) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
15:43:59.0015 2448	RoxMediaDB10 - ok
15:43:59.0047 2448	RoxWatch10 (53716357f4b3c99112cf0a21932c5688) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
15:43:59.0047 2448	RoxWatch10 - ok
15:43:59.0125 2448	RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:43:59.0125 2448	RpcEptMapper - ok
15:43:59.0140 2448	RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:43:59.0140 2448	RpcLocator - ok
15:43:59.0187 2448	RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:43:59.0203 2448	RpcSs - ok
15:43:59.0249 2448	rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:43:59.0249 2448	rspndr - ok
15:43:59.0296 2448	RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:43:59.0296 2448	RTL8167 - ok
15:43:59.0343 2448	s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:43:59.0343 2448	s3cap - ok
15:43:59.0374 2448	SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:43:59.0374 2448	SamSs - ok
15:43:59.0452 2448	SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:43:59.0452 2448	SASDIFSV - ok
15:43:59.0468 2448	SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:43:59.0468 2448	SASKUTIL - ok
15:43:59.0515 2448	sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:43:59.0515 2448	sbp2port - ok
15:43:59.0546 2448	SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
15:43:59.0546 2448	SBRE - ok
15:43:59.0593 2448	SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:43:59.0593 2448	SCardSvr - ok
15:43:59.0639 2448	scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:43:59.0639 2448	scfilter - ok
15:43:59.0717 2448	Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:43:59.0717 2448	Schedule - ok
15:43:59.0749 2448	SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:43:59.0749 2448	SCPolicySvc - ok
15:43:59.0780 2448	sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:43:59.0780 2448	sdbus - ok
15:43:59.0827 2448	SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:43:59.0827 2448	SDRSVC - ok
15:43:59.0920 2448	SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:43:59.0920 2448	SeaPort - ok
15:43:59.0951 2448	secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:43:59.0951 2448	secdrv - ok
15:43:59.0983 2448	seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:43:59.0983 2448	seclogon - ok
15:43:59.0998 2448	SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:43:59.0998 2448	SENS - ok
15:44:00.0045 2448	SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:44:00.0045 2448	SensrSvc - ok
15:44:00.0061 2448	Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:44:00.0061 2448	Serenum - ok
15:44:00.0076 2448	Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:44:00.0076 2448	Serial - ok
15:44:00.0123 2448	sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:44:00.0123 2448	sermouse - ok
15:44:00.0170 2448	SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:44:00.0170 2448	SessionEnv - ok
15:44:00.0201 2448	sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:44:00.0201 2448	sffdisk - ok
15:44:00.0217 2448	sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:44:00.0217 2448	sffp_mmc - ok
15:44:00.0232 2448	sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:44:00.0248 2448	sffp_sd - ok
15:44:00.0263 2448	sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:44:00.0263 2448	sfloppy - ok
15:44:00.0341 2448	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:44:00.0341 2448	ShellHWDetection - ok
15:44:00.0373 2448	Shockprf (5a5346931ce61ea85f8338f7a03131f7) C:\Windows\system32\DRIVERS\Apsx64.sys
15:44:00.0373 2448	Shockprf - ok
15:44:00.0388 2448	SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:44:00.0388 2448	SiSRaid2 - ok
15:44:00.0419 2448	SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:44:00.0419 2448	SiSRaid4 - ok
15:44:00.0466 2448	Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:44:00.0466 2448	Smb - ok
15:44:00.0513 2448	SMR300 (10bc9f077fc149e4e0a40bae1d42a259) C:\Windows\system32\drivers\SMR300.SYS
15:44:00.0513 2448	SMR300 - ok
15:44:00.0560 2448	SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:44:00.0560 2448	SNMPTRAP - ok
15:44:00.0591 2448	spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:44:00.0591 2448	spldr - ok
15:44:00.0669 2448	Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:44:00.0669 2448	Spooler - ok
15:44:00.0872 2448	sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:44:00.0903 2448	sppsvc - ok
15:44:00.0981 2448	sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:44:00.0981 2448	sppuinotify - ok
15:44:01.0075 2448	SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:44:01.0075 2448	SQLBrowser - ok
15:44:01.0137 2448	SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:44:01.0137 2448	SQLWriter - ok
15:44:01.0277 2448	SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS
15:44:01.0293 2448	SRTSP - ok
15:44:01.0324 2448	SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
15:44:01.0324 2448	SRTSPX - ok
15:44:01.0371 2448	srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:44:01.0371 2448	srv - ok
15:44:01.0449 2448	srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:44:01.0449 2448	srv2 - ok
15:44:01.0496 2448	SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:44:01.0496 2448	SrvHsfHDA - ok
15:44:01.0543 2448	SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:44:01.0558 2448	SrvHsfV92 - ok
15:44:01.0683 2448	SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:44:01.0683 2448	SrvHsfWinac - ok
15:44:01.0714 2448	srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:44:01.0730 2448	srvnet - ok
15:44:01.0761 2448	sscdbus (1612881760c9df7fbb09b6cf1d3ba0df) C:\Windows\system32\DRIVERS\sscdbus.sys
15:44:01.0761 2448	sscdbus - ok
15:44:01.0792 2448	sscdmdfl (d7803a687e85189ea2b525cc22093521) C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:44:01.0792 2448	sscdmdfl - ok
15:44:01.0823 2448	sscdmdm (06db3d5eb2444083c7f5af7874765505) C:\Windows\system32\DRIVERS\sscdmdm.sys
15:44:01.0823 2448	sscdmdm - ok
15:44:01.0823 2448	sscdserd (23ebb395609d9cdb8b1074a12254119b) C:\Windows\system32\DRIVERS\sscdserd.sys
15:44:01.0823 2448	sscdserd - ok
15:44:01.0855 2448	SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:44:01.0855 2448	SSDPSRV - ok
15:44:01.0886 2448	SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:44:01.0886 2448	SstpSvc - ok
15:44:01.0901 2448	stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:44:01.0901 2448	stexstor - ok
15:44:01.0948 2448	StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
15:44:01.0948 2448	StillCam - ok
15:44:02.0011 2448	stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:44:02.0026 2448	stisvc - ok
15:44:02.0104 2448	stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
15:44:02.0104 2448	stllssvr - ok
15:44:02.0151 2448	storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:44:02.0151 2448	storflt - ok
15:44:02.0198 2448	StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:44:02.0198 2448	StorSvc - ok
15:44:02.0213 2448	storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:44:02.0213 2448	storvsc - ok
15:44:02.0276 2448	SUService (3119e9bc5fad5ea1cd31ae200a1da591) c:\Program Files (x86)\Lenovo\System Update\SUService.exe
15:44:02.0276 2448	SUService - ok
15:44:02.0307 2448	swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:44:02.0307 2448	swenum - ok
15:44:02.0323 2448	swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:44:02.0338 2448	swprv - ok
15:44:02.0432 2448	SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
15:44:02.0432 2448	SymDS - ok
15:44:02.0525 2448	SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
15:44:02.0525 2448	SymEFA - ok
15:44:02.0588 2448	SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:44:02.0588 2448	SymEvent - ok
15:44:02.0619 2448	SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS
15:44:02.0619 2448	SymIRON - ok
15:44:02.0666 2448	SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS
15:44:02.0666 2448	SymNetS - ok
15:44:02.0775 2448	SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
15:44:02.0775 2448	SynTP - ok
15:44:02.0869 2448	SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:44:02.0884 2448	SysMain - ok
15:44:02.0962 2448	szkg5 (8598e4a12eaa945b35365dd2750b9777) C:\Windows\syswow64\DRIVERS\szkg64.sys
15:44:02.0962 2448	szkg5 - ok
15:44:03.0040 2448	szserver (8fdaf81240a4057162cad255f02a844e) C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
15:44:03.0040 2448	szserver - ok
15:44:03.0118 2448	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:44:03.0118 2448	TabletInputService - ok
15:44:03.0149 2448	TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:44:03.0149 2448	TapiSrv - ok
15:44:03.0181 2448	TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:44:03.0181 2448	TBS - ok
15:44:03.0337 2448	Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:44:03.0337 2448	Tcpip - ok
15:44:03.0524 2448	TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:44:03.0524 2448	TCPIP6 - ok
15:44:03.0633 2448	tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:44:03.0633 2448	tcpipreg - ok
15:44:03.0649 2448	TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:44:03.0649 2448	TDPIPE - ok
15:44:03.0695 2448	TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:44:03.0695 2448	TDTCP - ok
15:44:03.0742 2448	tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:44:03.0742 2448	tdx - ok
15:44:03.0789 2448	TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:44:03.0789 2448	TermDD - ok
15:44:03.0820 2448	TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:44:03.0836 2448	TermService - ok
15:44:03.0851 2448	Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:44:03.0851 2448	Themes - ok
15:44:03.0961 2448	ThinkVantage Registry Monitor Service (39ac444e07fdbd8c2e8e291a65d515d3) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
15:44:03.0961 2448	ThinkVantage Registry Monitor Service - ok
15:44:03.0992 2448	THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:44:03.0992 2448	THREADORDER - ok
15:44:04.0039 2448	TPDIGIMN (7e25f9ae51daac0791df1eb949a58dbe) C:\Windows\system32\DRIVERS\ApsHM64.sys
15:44:04.0039 2448	TPDIGIMN - ok
15:44:04.0070 2448	TPHDEXLGSVC (dd96de244cb186207149bc897e67217a) C:\Windows\system32\TPHDEXLG64.exe
15:44:04.0070 2448	TPHDEXLGSVC - ok
15:44:04.0117 2448	TPHKSVC (3c6a42a8494d74f44f048bb7f9f2db44) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
15:44:04.0117 2448	TPHKSVC - ok
15:44:04.0148 2448	TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
15:44:04.0148 2448	TPM - ok
15:44:04.0179 2448	TPPWRIF (2c067e01d6bbccc88b233b868e210907) C:\Windows\system32\drivers\Tppwr64v.sys
15:44:04.0179 2448	TPPWRIF - ok
15:44:04.0195 2448	TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:44:04.0195 2448	TrkWks - ok
15:44:04.0257 2448	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:44:04.0257 2448	TrustedInstaller - ok
15:44:04.0304 2448	tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:44:04.0304 2448	tssecsrv - ok
15:44:04.0351 2448	TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:44:04.0351 2448	TsUsbFlt - ok
15:44:04.0460 2448	tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:44:04.0460 2448	tunnel - ok
15:44:04.0616 2448	TVT Backup Service (b56da1aa776c15043d10f82b32aa000d) C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
15:44:04.0631 2448	TVT Backup Service - ok
15:44:04.0741 2448	uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:44:04.0741 2448	uagp35 - ok
15:44:04.0787 2448	udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:44:04.0787 2448	udfs - ok
15:44:04.0834 2448	UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:44:04.0834 2448	UI0Detect - ok
15:44:04.0881 2448	uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:44:04.0881 2448	uliagpkx - ok
15:44:04.0912 2448	umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:44:04.0912 2448	umbus - ok
15:44:04.0943 2448	UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:44:04.0943 2448	UmPass - ok
15:44:04.0959 2448	UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:44:04.0959 2448	UmRdpService - ok
15:44:04.0990 2448	upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:44:05.0006 2448	upnphost - ok
15:44:05.0068 2448	USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
15:44:05.0068 2448	USBAAPL64 - ok
15:44:05.0115 2448	usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:44:05.0115 2448	usbaudio - ok
15:44:05.0146 2448	usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:44:05.0146 2448	usbccgp - ok
15:44:05.0177 2448	usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:44:05.0177 2448	usbcir - ok
15:44:05.0209 2448	usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:44:05.0209 2448	usbehci - ok
15:44:05.0240 2448	usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:44:05.0240 2448	usbhub - ok
15:44:05.0271 2448	usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
15:44:05.0271 2448	usbohci - ok
15:44:05.0287 2448	usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:44:05.0287 2448	usbprint - ok
15:44:05.0333 2448	usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:44:05.0333 2448	usbscan - ok
15:44:05.0380 2448	USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:44:05.0380 2448	USBSTOR - ok
15:44:05.0396 2448	usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:44:05.0396 2448	usbuhci - ok
15:44:05.0443 2448	usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:44:05.0443 2448	usbvideo - ok
15:44:05.0474 2448	UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:44:05.0474 2448	UxSms - ok
15:44:05.0521 2448	VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:44:05.0521 2448	VaultSvc - ok
15:44:05.0567 2448	vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:44:05.0567 2448	vdrvroot - ok
15:44:05.0661 2448	vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:44:05.0661 2448	vds - ok
15:44:05.0723 2448	vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:44:05.0723 2448	vga - ok
15:44:05.0739 2448	VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:44:05.0739 2448	VgaSave - ok
15:44:05.0770 2448	vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:44:05.0770 2448	vhdmp - ok
15:44:05.0817 2448	viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:44:05.0817 2448	viaide - ok
15:44:05.0879 2448	vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:44:05.0879 2448	vmbus - ok
15:44:05.0911 2448	VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:44:05.0911 2448	VMBusHID - ok
15:44:05.0926 2448	volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:44:05.0926 2448	volmgr - ok
15:44:05.0973 2448	volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:44:05.0973 2448	volmgrx - ok
15:44:06.0035 2448	volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:44:06.0035 2448	volsnap - ok
15:44:06.0067 2448	vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:44:06.0067 2448	vsmraid - ok
15:44:06.0145 2448	VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:44:06.0160 2448	VSS - ok
15:44:06.0254 2448	vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:44:06.0254 2448	vwifibus - ok
15:44:06.0285 2448	vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:44:06.0285 2448	vwififlt - ok
15:44:06.0285 2448	vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:44:06.0285 2448	vwifimp - ok
15:44:06.0347 2448	W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:44:06.0347 2448	W32Time - ok
15:44:06.0363 2448	WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:44:06.0379 2448	WacomPen - ok
15:44:06.0457 2448	WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:44:06.0457 2448	WANARP - ok
15:44:06.0457 2448	Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:44:06.0457 2448	Wanarpv6 - ok
15:44:06.0581 2448	WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:44:06.0597 2448	WatAdminSvc - ok
15:44:06.0722 2448	wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:44:06.0722 2448	wbengine - ok
15:44:06.0847 2448	WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:44:06.0862 2448	WbioSrvc - ok
15:44:06.0909 2448	wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:44:06.0925 2448	wcncsvc - ok
15:44:06.0940 2448	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:44:06.0940 2448	WcsPlugInService - ok
15:44:07.0018 2448	Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:44:07.0018 2448	Wd - ok
15:44:07.0096 2448	Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:44:07.0096 2448	Wdf01000 - ok
15:44:07.0143 2448	WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:44:07.0143 2448	WdiServiceHost - ok
15:44:07.0143 2448	WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:44:07.0159 2448	WdiSystemHost - ok
15:44:07.0205 2448	WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:44:07.0205 2448	WebClient - ok
15:44:07.0237 2448	Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:44:07.0237 2448	Wecsvc - ok
15:44:07.0268 2448	wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:44:07.0268 2448	wercplsupport - ok
15:44:07.0315 2448	WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:44:07.0315 2448	WerSvc - ok
15:44:07.0393 2448	WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:44:07.0393 2448	WfpLwf - ok
15:44:07.0439 2448	WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:44:07.0439 2448	WIMMount - ok
15:44:07.0455 2448	WinHttpAutoProxySvc - ok
15:44:07.0533 2448	Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:44:07.0533 2448	Winmgmt - ok
15:44:07.0642 2448	WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:44:07.0658 2448	WinRM - ok
15:44:07.0798 2448	WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
15:44:07.0798 2448	WinUSB - ok
15:44:07.0861 2448	Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:44:07.0861 2448	Wlansvc - ok
15:44:08.0032 2448	wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:44:08.0032 2448	wlidsvc - ok
15:44:08.0141 2448	WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:44:08.0141 2448	WmiAcpi - ok
15:44:08.0173 2448	wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:44:08.0173 2448	wmiApSrv - ok
15:44:08.0204 2448	WMPNetworkSvc - ok
15:44:08.0235 2448	WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:44:08.0235 2448	WPCSvc - ok
15:44:08.0282 2448	WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:44:08.0282 2448	WPDBusEnum - ok
15:44:08.0313 2448	ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:44:08.0313 2448	ws2ifsl - ok
15:44:08.0360 2448	WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
15:44:08.0360 2448	WSDPrintDevice - ok
15:44:08.0375 2448	WSearch - ok
15:44:08.0594 2448	wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:44:08.0609 2448	wuauserv - ok
15:44:08.0765 2448	WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:44:08.0765 2448	WudfPf - ok
15:44:08.0797 2448	WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:44:08.0797 2448	WUDFRd - ok
15:44:08.0843 2448	wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:44:08.0843 2448	wudfsvc - ok
15:44:08.0875 2448	WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:44:08.0890 2448	WwanSvc - ok
15:44:08.0937 2448	MBR (0x1B8) (799385149a78d64a37d711f052eead64) \Device\Harddisk0\DR0
15:44:09.0093 2448	\Device\Harddisk0\DR0 - ok
15:44:09.0093 2448	Boot (0x1200) (1ea833e6b60e28e326c303bb7106a034) \Device\Harddisk0\DR0\Partition0
15:44:09.0093 2448	\Device\Harddisk0\DR0\Partition0 - ok
15:44:09.0109 2448	Boot (0x1200) (d30cf8d03224be751d5b405e67105faf) \Device\Harddisk0\DR0\Partition1
15:44:09.0109 2448	\Device\Harddisk0\DR0\Partition1 - ok
15:44:09.0140 2448	Boot (0x1200) (586cf448fa74ec9d7179558761e36ca9) \Device\Harddisk0\DR0\Partition2
15:44:09.0140 2448	\Device\Harddisk0\DR0\Partition2 - ok
15:44:09.0140 2448	============================================================
15:44:09.0140 2448	Scan finished
15:44:09.0140 2448	============================================================
15:44:09.0155 2424	Detected object count: 0
15:44:09.0155 2424	Actual detected object count: 0
15:48:38.0364 2344	============================================================
15:48:38.0364 2344	Scan started
15:48:38.0364 2344	Mode: Manual; TDLFS; 
15:48:38.0364 2344	============================================================
15:48:39.0741 2344	!SASCORE (a0709b82fa3b5afad1467e565b8b3ba0) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:48:39.0742 2344	!SASCORE - ok
15:48:39.0794 2344	1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:48:39.0796 2344	1394ohci - ok
15:48:39.0851 2344	5U877 (7d497701bda1267ad5f86350925d2f10) C:\Windows\system32\DRIVERS\5U877.sys
15:48:39.0852 2344	5U877 - ok
15:48:39.0898 2344	ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:48:39.0900 2344	ACPI - ok
15:48:39.0927 2344	AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:48:39.0927 2344	AcpiPmi - ok
15:48:40.0056 2344	AcPrfMgrSvc (bcab739e5fea28407076d757044a629f) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
15:48:40.0057 2344	AcPrfMgrSvc - ok
15:48:40.0100 2344	AcSvc (d6dd4f1596c54afa5c6ccae6842f9e44) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
15:48:40.0102 2344	AcSvc - ok
15:48:40.0232 2344	AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:48:40.0233 2344	AdobeFlashPlayerUpdateSvc - ok
15:48:40.0288 2344	adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:48:40.0293 2344	adp94xx - ok
15:48:40.0333 2344	adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:48:40.0335 2344	adpahci - ok
15:48:40.0368 2344	adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:48:40.0370 2344	adpu320 - ok
15:48:40.0423 2344	AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:48:40.0424 2344	AeLookupSvc - ok
15:48:40.0477 2344	AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:48:40.0480 2344	AFD - ok
15:48:40.0524 2344	agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:48:40.0524 2344	agp440 - ok
15:48:40.0532 2344	ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:48:40.0533 2344	ALG - ok
15:48:40.0567 2344	aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:48:40.0567 2344	aliide - ok
15:48:40.0610 2344	amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:48:40.0610 2344	amdide - ok
15:48:40.0636 2344	AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:48:40.0637 2344	AmdK8 - ok
15:48:40.0662 2344	AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:48:40.0663 2344	AmdPPM - ok
15:48:40.0709 2344	amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:48:40.0710 2344	amdsata - ok
15:48:40.0738 2344	amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:48:40.0739 2344	amdsbs - ok
15:48:40.0782 2344	amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:48:40.0783 2344	amdxata - ok
15:48:40.0817 2344	AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:48:40.0818 2344	AppID - ok
15:48:40.0847 2344	AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:48:40.0848 2344	AppIDSvc - ok
15:48:40.0907 2344	Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:48:40.0908 2344	Appinfo - ok
15:48:41.0092 2344	Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:48:41.0093 2344	Apple Mobile Device - ok
15:48:41.0117 2344	AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:48:41.0118 2344	AppMgmt - ok
15:48:41.0165 2344	arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:48:41.0166 2344	arc - ok
15:48:41.0198 2344	arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:48:41.0198 2344	arcsas - ok
15:48:41.0237 2344	AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:48:41.0238 2344	AsyncMac - ok
15:48:41.0262 2344	atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:48:41.0262 2344	atapi - ok
15:48:41.0339 2344	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:48:41.0343 2344	AudioEndpointBuilder - ok
15:48:41.0353 2344	AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:48:41.0357 2344	AudioSrv - ok
15:48:41.0390 2344	AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:48:41.0391 2344	AxInstSV - ok
15:48:41.0467 2344	b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:48:41.0470 2344	b06bdrv - ok
15:48:41.0527 2344	b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:48:41.0529 2344	b57nd60a - ok
15:48:41.0790 2344	BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
15:48:41.0790 2344	BcmSqlStartupSvc - ok
15:48:41.0942 2344	BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:48:41.0943 2344	BDESVC - ok
15:48:42.0036 2344	Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:48:42.0036 2344	Beep - ok
15:48:43.0528 2344	BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
15:48:43.0535 2344	BHDrvx64 - ok
15:48:43.0984 2344	BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:48:43.0990 2344	BITS - ok
15:48:44.0060 2344	blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:48:44.0060 2344	blbdrive - ok
15:48:44.0143 2344	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:48:44.0146 2344	Bonjour Service - ok
15:48:44.0183 2344	bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:48:44.0184 2344	bowser - ok
15:48:44.0210 2344	BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:48:44.0210 2344	BrFiltLo - ok
15:48:44.0221 2344	BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:48:44.0222 2344	BrFiltUp - ok
15:48:44.0285 2344	Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:48:44.0287 2344	Browser - ok
15:48:44.0340 2344	Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:48:44.0342 2344	Brserid - ok
15:48:44.0363 2344	BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:48:44.0364 2344	BrSerWdm - ok
15:48:44.0395 2344	BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:48:44.0395 2344	BrUsbMdm - ok
15:48:44.0433 2344	BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:48:44.0433 2344	BrUsbSer - ok
15:48:44.0472 2344	BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:48:44.0473 2344	BthEnum - ok
15:48:44.0510 2344	BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:48:44.0510 2344	BTHMODEM - ok
15:48:44.0551 2344	BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:48:44.0552 2344	BthPan - ok
15:48:44.0607 2344	BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
15:48:44.0610 2344	BTHPORT - ok
15:48:44.0659 2344	bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:48:44.0660 2344	bthserv - ok
15:48:44.0699 2344	BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
15:48:44.0699 2344	BTHUSB - ok
15:48:44.0770 2344	ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys
15:48:44.0771 2344	ccSet_N360 - ok
15:48:44.0812 2344	cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:48:44.0812 2344	cdfs - ok
15:48:44.0843 2344	cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:48:44.0845 2344	cdrom - ok
15:48:44.0899 2344	CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:48:44.0900 2344	CertPropSvc - ok
15:48:44.0934 2344	circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:48:44.0935 2344	circlass - ok
15:48:44.0959 2344	CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:48:44.0962 2344	CLFS - ok
15:48:45.0049 2344	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:48:45.0050 2344	clr_optimization_v2.0.50727_32 - ok
15:48:45.0084 2344	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:48:45.0085 2344	clr_optimization_v2.0.50727_64 - ok
15:48:45.0170 2344	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:48:45.0171 2344	clr_optimization_v4.0.30319_32 - ok
15:48:45.0238 2344	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:48:45.0239 2344	clr_optimization_v4.0.30319_64 - ok
15:48:45.0276 2344	CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:48:45.0276 2344	CmBatt - ok
15:48:45.0314 2344	cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:48:45.0314 2344	cmdide - ok
15:48:45.0362 2344	CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
15:48:45.0365 2344	CNG - ok
15:48:45.0401 2344	Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:48:45.0402 2344	Compbatt - ok
15:48:45.0427 2344	CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:48:45.0428 2344	CompositeBus - ok
15:48:45.0435 2344	COMSysApp - ok
15:48:45.0462 2344	crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:48:45.0462 2344	crcdisk - ok
15:48:45.0515 2344	CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:48:45.0517 2344	CryptSvc - ok
15:48:45.0580 2344	CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:48:45.0583 2344	CSC - ok
15:48:45.0661 2344	CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:48:45.0666 2344	CscService - ok
15:48:45.0710 2344	DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:48:45.0714 2344	DcomLaunch - ok
15:48:45.0803 2344	DDNIMSGService (696c496ddab0a608d02894e9d4f62980) C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
15:48:45.0805 2344	DDNIMSGService - ok
15:48:45.0835 2344	DDNIService (a767a85632556477021d43259397b21a) C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe
15:48:45.0836 2344	DDNIService - ok
15:48:45.0878 2344	defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:48:45.0880 2344	defragsvc - ok
15:48:45.0956 2344	DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:48:45.0957 2344	DfsC - ok
15:48:46.0007 2344	Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:48:46.0009 2344	Dhcp - ok
15:48:46.0050 2344	discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:48:46.0051 2344	discache - ok
15:48:46.0091 2344	Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:48:46.0091 2344	Disk - ok
15:48:46.0138 2344	Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:48:46.0139 2344	Dnscache - ok
15:48:46.0179 2344	dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:48:46.0181 2344	dot3svc - ok
15:48:46.0241 2344	Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
15:48:46.0242 2344	Dot4 - ok
15:48:46.0279 2344	Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:48:46.0280 2344	Dot4Print - ok
15:48:46.0322 2344	dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
15:48:46.0323 2344	dot4usb - ok
15:48:46.0358 2344	DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:48:46.0360 2344	DPS - ok
15:48:46.0400 2344	drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:48:46.0400 2344	drmkaud - ok
15:48:46.0493 2344	DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:48:46.0503 2344	DXGKrnl - ok
15:48:46.0553 2344	EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:48:46.0553 2344	EapHost - ok
15:48:46.0813 2344	ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:48:46.0833 2344	ebdrv - ok
15:48:46.0913 2344	eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:48:46.0923 2344	eeCtrl - ok
15:48:47.0043 2344	EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:48:47.0043 2344	EFS - ok
15:48:47.0143 2344	ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:48:47.0153 2344	ehRecvr - ok
15:48:47.0183 2344	ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:48:47.0183 2344	ehSched - ok
15:48:47.0263 2344	elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:48:47.0273 2344	elxstor - ok
15:48:47.0343 2344	EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:48:47.0353 2344	EraserUtilRebootDrv - ok
15:48:47.0413 2344	ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:48:47.0413 2344	ErrDev - ok
15:48:47.0483 2344	EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:48:47.0493 2344	EventSystem - ok
15:48:47.0683 2344	EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:48:47.0693 2344	EvtEng - ok
15:48:47.0798 2344	exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:48:47.0799 2344	exfat - ok
15:48:47.0814 2344	fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:48:47.0816 2344	fastfat - ok
15:48:47.0878 2344	Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:48:47.0883 2344	Fax - ok
15:48:47.0904 2344	fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:48:47.0905 2344	fdc - ok
15:48:47.0931 2344	fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:48:47.0932 2344	fdPHost - ok
15:48:47.0941 2344	FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:48:47.0942 2344	FDResPub - ok
15:48:47.0959 2344	FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:48:47.0960 2344	FileInfo - ok
15:48:47.0979 2344	Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:48:47.0979 2344	Filetrace - ok
15:48:48.0072 2344	FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:48:48.0076 2344	FLEXnet Licensing Service - ok
15:48:48.0107 2344	flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:48:48.0107 2344	flpydisk - ok
15:48:48.0155 2344	FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:48:48.0156 2344	FltMgr - ok
15:48:48.0232 2344	FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:48:48.0240 2344	FontCache - ok
15:48:48.0302 2344	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:48:48.0302 2344	FontCache3.0.0.0 - ok
15:48:48.0363 2344	FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:48:48.0363 2344	FsDepends - ok
15:48:48.0441 2344	Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:48:48.0442 2344	Fs_Rec - ok
15:48:48.0505 2344	fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:48:48.0507 2344	fvevol - ok
15:48:48.0541 2344	gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:48:48.0541 2344	gagp30kx - ok
15:48:48.0578 2344	GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:48:48.0579 2344	GEARAspiWDM - ok
15:48:48.0655 2344	gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:48:48.0660 2344	gpsvc - ok
15:48:48.0777 2344	gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:48:48.0778 2344	gupdate - ok
15:48:48.0783 2344	gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:48:48.0784 2344	gupdatem - ok
15:48:48.0823 2344	hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:48:48.0824 2344	hcw85cir - ok
15:48:48.0873 2344	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:48:48.0876 2344	HdAudAddService - ok
15:48:48.0908 2344	HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:48:48.0909 2344	HDAudBus - ok
15:48:48.0946 2344	HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:48:48.0946 2344	HidBatt - ok
15:48:48.0962 2344	HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:48:48.0962 2344	HidBth - ok
15:48:49.0014 2344	HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:48:49.0014 2344	HidIr - ok
15:48:49.0035 2344	hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:48:49.0036 2344	hidserv - ok
15:48:49.0041 2344	HidUsb  (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:48:49.0042 2344	HidUsb - ok
15:48:49.0092 2344	hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:48:49.0094 2344	hkmsvc - ok
15:48:49.0134 2344	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:48:49.0136 2344	HomeGroupListener - ok
15:48:49.0198 2344	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:48:49.0200 2344	HomeGroupProvider - ok
15:48:49.0345 2344	hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
15:48:49.0346 2344	hpqcxs08 - ok
15:48:49.0383 2344	hpqddsvc (75cc8c5146a3fb76221a7606628778d5) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
15:48:49.0385 2344	hpqddsvc - ok
15:48:49.0425 2344	HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:48:49.0425 2344	HpSAMD - ok
15:48:49.0513 2344	HPSLPSVC (2adf33f93991c4e24e86ffa5f906417b) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
15:48:49.0520 2344	HPSLPSVC - ok
15:48:49.0614 2344	HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:48:49.0618 2344	HTTP - ok
15:48:49.0666 2344	hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:48:49.0666 2344	hwpolicy - ok
15:48:49.0705 2344	i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:48:49.0706 2344	i8042prt - ok
15:48:49.0786 2344	IAANTMON (0e899d0db39617aa0b2f992e7e95b5eb) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:48:49.0789 2344	IAANTMON - ok
15:48:49.0848 2344	iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
15:48:49.0850 2344	iaStor - ok
15:48:49.0922 2344	iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:48:49.0924 2344	iaStorV - ok
15:48:49.0957 2344	IBMPMDRV (b8e7ca64fff8b71636dea3a845cc23e5) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
15:48:49.0958 2344	IBMPMDRV - ok
15:48:49.0981 2344	IBMPMSVC (6daedf692b52b7c238c7199419318d16) C:\Windows\system32\ibmpmsvc.exe
15:48:49.0982 2344	IBMPMSVC - ok
15:48:50.0078 2344	idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:48:50.0083 2344	idsvc - ok
15:48:50.0339 2344	IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120712.001\IDSvia64.sys
15:48:50.0342 2344	IDSVia64 - ok
15:48:51.0175 2344	igfx (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:48:51.0219 2344	igfx - ok
15:48:51.0311 2344	iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:48:51.0312 2344	iirsp - ok
15:48:51.0372 2344	IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:48:51.0377 2344	IKEEXT - ok
15:48:51.0473 2344	IntcAzAudAddService (3111a658416dc464ba1e48e3b2169952) C:\Windows\system32\drivers\RTKVHD64.sys
15:48:51.0484 2344	IntcAzAudAddService - ok
15:48:51.0573 2344	IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
15:48:51.0574 2344	IntcHdmiAddService - ok
15:48:51.0616 2344	intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:48:51.0617 2344	intelide - ok
15:48:51.0644 2344	intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:48:51.0645 2344	intelppm - ok
15:48:51.0670 2344	IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:48:51.0672 2344	IPBusEnum - ok
15:48:51.0714 2344	IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:48:51.0714 2344	IpFilterDriver - ok
15:48:51.0731 2344	IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:48:51.0731 2344	IPMIDRV - ok
15:48:51.0754 2344	IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:48:51.0755 2344	IPNAT - ok
15:48:51.0852 2344	iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
15:48:51.0857 2344	iPod Service - ok
15:48:51.0886 2344	IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:48:51.0887 2344	IRENUM - ok
15:48:51.0926 2344	isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:48:51.0926 2344	isapnp - ok
15:48:51.0954 2344	iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:48:51.0956 2344	iScsiPrt - ok
15:48:52.0010 2344	IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
15:48:52.0011 2344	IviRegMgr - ok
15:48:52.0039 2344	JMCR (80a1de467adf200390134d63e359937a) C:\Windows\system32\DRIVERS\jmcr.sys
15:48:52.0040 2344	JMCR - ok
15:48:52.0057 2344	kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:48:52.0058 2344	kbdclass - ok
15:48:52.0088 2344	kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:48:52.0088 2344	kbdhid - ok
15:48:52.0129 2344	KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:48:52.0130 2344	KeyIso - ok
15:48:52.0170 2344	KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
15:48:52.0170 2344	KMWDFILTER - ok
15:48:52.0208 2344	KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
15:48:52.0209 2344	KSecDD - ok
15:48:52.0246 2344	KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
15:48:52.0247 2344	KSecPkg - ok
15:48:52.0274 2344	ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:48:52.0274 2344	ksthunk - ok
15:48:52.0310 2344	KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:48:52.0313 2344	KtmRm - ok
15:48:52.0351 2344	LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:48:52.0354 2344	LanmanServer - ok
15:48:52.0432 2344	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:48:52.0434 2344	LanmanWorkstation - ok
15:48:52.0498 2344	LENOVO.MICMUTE (d584216c7767dcfb4b812b9b60a4a4e7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
15:48:52.0499 2344	LENOVO.MICMUTE - ok
15:48:52.0516 2344	lenovo.smi (5acff5823634bc2c4ebf559c3b33e18e) C:\Windows\system32\DRIVERS\smiifx64.sys
15:48:52.0516 2344	lenovo.smi - ok
15:48:52.0540 2344	lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:48:52.0540 2344	lltdio - ok
15:48:52.0577 2344	lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:48:52.0580 2344	lltdsvc - ok
15:48:52.0587 2344	lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:48:52.0588 2344	lmhosts - ok
15:48:52.0632 2344	LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:48:52.0633 2344	LSI_FC - ok
15:48:52.0691 2344	LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:48:52.0692 2344	LSI_SAS - ok
15:48:52.0749 2344	LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:48:52.0750 2344	LSI_SAS2 - ok
15:48:52.0771 2344	LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:48:52.0772 2344	LSI_SCSI - ok
15:48:52.0798 2344	luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:48:52.0800 2344	luafv - ok
15:48:52.0894 2344	McAfeeEngineService (c1dfabffd5c17a64a3e756313e5495d9) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
15:48:52.0895 2344	McAfeeEngineService - ok
15:48:52.0946 2344	McAfeeFramework (c341d64c9f3b39cb56f9712335c33717) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
15:48:52.0947 2344	McAfeeFramework - ok
15:48:52.0971 2344	McShield (683d79595af56b4b987ffc898c83c575) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
15:48:52.0972 2344	McShield - ok
15:48:53.0010 2344	McTaskManager (7984c3fe368abe31543a95fbf4965bb8) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
15:48:53.0011 2344	McTaskManager - ok
15:48:53.0057 2344	Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:48:53.0059 2344	Mcx2Svc - ok
15:48:53.0095 2344	megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:48:53.0095 2344	megasas - ok
15:48:53.0126 2344	MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:48:53.0128 2344	MegaSR - ok
15:48:53.0155 2344	mfeapfk (be32ddafc21b7ac0abeb5b0433cb2b22) C:\Windows\system32\drivers\mfeapfk.sys
15:48:53.0155 2344	mfeapfk - ok
15:48:53.0179 2344	mfeavfk (d1434fafe6e916f25d1669979c21cf5d) C:\Windows\system32\drivers\mfeavfk.sys
15:48:53.0180 2344	mfeavfk - ok
15:48:53.0236 2344	mfehidk (d0067b5e7d1a9ae6fe659eb03d6c9e34) C:\Windows\system32\drivers\mfehidk.sys
15:48:53.0239 2344	mfehidk - ok
15:48:53.0260 2344	mferkdet (b013e947563b509750023a1e6820908e) C:\Windows\system32\drivers\mferkdet.sys
15:48:53.0261 2344	mferkdet - ok
15:48:53.0285 2344	mfetdik (6fa1daa1ea0a3a467688f2598a625318) C:\Windows\system32\drivers\mfetdik.sys
15:48:53.0286 2344	mfetdik - ok
15:48:53.0304 2344	mfevtp (5c17c234f6cb7e6a6a9d175a71dd49a8) C:\Windows\system32\mfevtps.exe
15:48:53.0306 2344	mfevtp - ok
15:48:53.0395 2344	Microsoft SharePoint Workspace Audit Service - ok
15:48:53.0414 2344	MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:48:53.0416 2344	MMCSS - ok
15:48:53.0450 2344	Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:48:53.0451 2344	Modem - ok
15:48:53.0486 2344	monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:48:53.0487 2344	monitor - ok
15:48:53.0531 2344	mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:48:53.0532 2344	mouclass - ok
15:48:53.0545 2344	mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:48:53.0546 2344	mouhid - ok
15:48:53.0594 2344	mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:48:53.0595 2344	mountmgr - ok
15:48:53.0685 2344	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:48:53.0686 2344	MozillaMaintenance - ok
15:48:53.0730 2344	mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:48:53.0731 2344	mpio - ok
15:48:53.0763 2344	mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:48:53.0764 2344	mpsdrv - ok
15:48:53.0804 2344	MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:48:53.0806 2344	MRxDAV - ok
15:48:53.0847 2344	mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:48:53.0849 2344	mrxsmb - ok
15:48:53.0901 2344	mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:48:53.0903 2344	mrxsmb10 - ok
15:48:53.0918 2344	mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:48:53.0920 2344	mrxsmb20 - ok
15:48:53.0954 2344	msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:48:53.0955 2344	msahci - ok
15:48:53.0992 2344	msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:48:53.0993 2344	msdsm - ok
15:48:54.0031 2344	MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:48:54.0033 2344	MSDTC - ok
15:48:54.0063 2344	Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:48:54.0064 2344	Msfs - ok
15:48:54.0081 2344	mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:48:54.0081 2344	mshidkmdf - ok
15:48:54.0096 2344	msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:48:54.0096 2344	msisadrv - ok
15:48:54.0173 2344	MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:48:54.0174 2344	MSiSCSI - ok
15:48:54.0179 2344	msiserver - ok
15:48:54.0200 2344	MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:48:54.0201 2344	MSKSSRV - ok
15:48:54.0222 2344	MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:48:54.0223 2344	MSPCLOCK - ok
15:48:54.0236 2344	MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:48:54.0236 2344	MSPQM - ok
15:48:54.0285 2344	MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:48:54.0288 2344	MsRPC - ok
15:48:54.0318 2344	mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:48:54.0319 2344	mssmbios - ok
15:48:54.0473 2344	MSSQL$MSSMLBIZ - ok
15:48:54.0577 2344	MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:48:54.0578 2344	MSSQLServerADHelper - ok
15:48:54.0605 2344	MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:48:54.0606 2344	MSTEE - ok
15:48:54.0619 2344	MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:48:54.0619 2344	MTConfig - ok
15:48:54.0638 2344	Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:48:54.0638 2344	Mup - ok
15:48:54.0938 2344	N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Business Suite\Engine\6.2.1.5\ccSvcHst.exe
15:48:54.0939 2344	N360 - ok
15:48:55.0143 2344	NACAgent (20f2516bfac46d34a3c36210d6455c72) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
15:48:55.0154 2344	NACAgent - ok
15:48:55.0314 2344	napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:48:55.0318 2344	napagent - ok
15:48:55.0393 2344	NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:48:55.0395 2344	NativeWifiP - ok
15:48:55.0613 2344	NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120713.004\ENG64.SYS
15:48:55.0614 2344	NAVENG - ok
15:48:55.0721 2344	NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120713.004\EX64.SYS
15:48:55.0733 2344	NAVEX15 - ok
15:48:55.0908 2344	NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:48:55.0914 2344	NDIS - ok
15:48:55.0949 2344	NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:48:55.0949 2344	NdisCap - ok
15:48:55.0968 2344	NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:48:55.0969 2344	NdisTapi - ok
15:48:56.0068 2344	Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:48:56.0069 2344	Ndisuio - ok
15:48:56.0114 2344	NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:48:56.0115 2344	NdisWan - ok
15:48:56.0155 2344	NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:48:56.0156 2344	NDProxy - ok
15:48:56.0200 2344	Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
15:48:56.0201 2344	Net Driver HPZ12 - ok
15:48:56.0224 2344	NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:48:56.0225 2344	NetBIOS - ok
15:48:56.0270 2344	NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:48:56.0272 2344	NetBT - ok
15:48:56.0307 2344	Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:48:56.0308 2344	Netlogon - ok
15:48:56.0336 2344	Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:48:56.0339 2344	Netman - ok
15:48:56.0363 2344	netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:48:56.0367 2344	netprofm - ok
15:48:56.0492 2344	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:48:56.0493 2344	NetTcpPortSharing - ok
15:48:56.0981 2344	NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
15:48:57.0022 2344	NETw5s64 - ok
15:48:57.0305 2344	netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:48:57.0338 2344	netw5v64 - ok
15:48:57.0434 2344	nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:48:57.0435 2344	nfrd960 - ok
15:48:57.0484 2344	NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:48:57.0487 2344	NlaSvc - ok
15:48:57.0501 2344	Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:48:57.0502 2344	Npfs - ok
15:48:57.0540 2344	nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:48:57.0542 2344	nsi - ok
15:48:57.0563 2344	nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:48:57.0564 2344	nsiproxy - ok
15:48:57.0701 2344	Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:48:57.0712 2344	Ntfs - ok
15:48:57.0814 2344	Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:48:57.0814 2344	Null - ok
15:48:57.0864 2344	nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:48:57.0865 2344	nvraid - ok
15:48:57.0888 2344	nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:48:57.0890 2344	nvstor - ok
15:48:57.0933 2344	nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:48:57.0934 2344	nv_agp - ok
15:48:57.0959 2344	ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:48:57.0960 2344	ohci1394 - ok
15:48:58.0018 2344	ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:48:58.0019 2344	ose - ok
15:48:58.0359 2344	osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:48:58.0389 2344	osppsvc - ok
15:48:58.0523 2344	p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:48:58.0526 2344	p2pimsvc - ok
15:48:58.0577 2344	p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:48:58.0581 2344	p2psvc - ok
15:48:58.0647 2344	Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:48:58.0648 2344	Parport - ok
15:48:58.0694 2344	partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:48:58.0695 2344	partmgr - ok
15:48:58.0740 2344	PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:48:58.0742 2344	PcaSvc - ok
15:48:58.0796 2344	pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:48:58.0798 2344	pci - ok
15:48:58.0829 2344	pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:48:58.0830 2344	pciide - ok
15:48:58.0871 2344	pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:48:58.0872 2344	pcmcia - ok
15:48:58.0911 2344	pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:48:58.0912 2344	pcw - ok
15:48:58.0986 2344	PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:48:58.0990 2344	PEAUTH - ok
15:48:59.0105 2344	PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:48:59.0114 2344	PeerDistSvc - ok
15:48:59.0179 2344	PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:48:59.0180 2344	PerfHost - ok
15:48:59.0387 2344	pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:48:59.0397 2344	pla - ok
15:48:59.0456 2344	PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:48:59.0460 2344	PlugPlay - ok
15:48:59.0511 2344	Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
15:48:59.0512 2344	Pml Driver HPZ12 - ok
15:48:59.0592 2344	pneteth (fe74ba87cdaa80ac9261f49167f0608a) C:\Windows\system32\DRIVERS\pneteth.sys
15:48:59.0593 2344	pneteth - ok
15:48:59.0620 2344	PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:48:59.0621 2344	PNRPAutoReg - ok
15:48:59.0691 2344	PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:48:59.0694 2344	PNRPsvc - ok
15:48:59.0738 2344	Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
15:48:59.0738 2344	Point64 - ok
15:48:59.0790 2344	PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:48:59.0795 2344	PolicyAgent - ok
15:48:59.0844 2344	Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:48:59.0847 2344	Power - ok
15:48:59.0902 2344	Power Manager DBC Service (d07d33d2293e4acae0cbf13108b92a4f) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
15:48:59.0903 2344	Power Manager DBC Service - ok
15:48:59.0953 2344	PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:48:59.0955 2344	PptpMiniport - ok
15:48:59.0975 2344	Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:48:59.0975 2344	Processor - ok
15:49:00.0022 2344	ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:49:00.0025 2344	ProfSvc - ok
15:49:00.0074 2344	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:49:00.0076 2344	ProtectedStorage - ok
15:49:00.0128 2344	psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys
15:49:00.0129 2344	psadd - ok
15:49:00.0200 2344	Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:49:00.0201 2344	Psched - ok
15:49:00.0229 2344	PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:49:00.0231 2344	PxHlpa64 - ok
15:49:00.0338 2344	ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:49:00.0348 2344	ql2300 - ok
15:49:00.0553 2344	ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:49:00.0554 2344	ql40xx - ok
15:49:00.0619 2344	QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:49:00.0622 2344	QWAVE - ok
15:49:00.0654 2344	QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:49:00.0655 2344	QWAVEdrv - ok
15:49:00.0682 2344	RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:49:00.0682 2344	RasAcd - ok
15:49:00.0702 2344	RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:49:00.0703 2344	RasAgileVpn - ok
15:49:00.0723 2344	RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:49:00.0724 2344	RasAuto - ok
15:49:00.0773 2344	Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:49:00.0774 2344	Rasl2tp - ok
15:49:00.0832 2344	RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:49:00.0835 2344	RasMan - ok
15:49:00.0884 2344	RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:49:00.0885 2344	RasPppoe - ok
15:49:00.0919 2344	RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:49:00.0920 2344	RasSstp - ok
15:49:00.0975 2344	rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:49:00.0977 2344	rdbss - ok
15:49:01.0015 2344	rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:49:01.0015 2344	rdpbus - ok
15:49:01.0028 2344	RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:49:01.0029 2344	RDPCDD - ok
15:49:01.0069 2344	RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:49:01.0070 2344	RDPDR - ok
15:49:01.0099 2344	RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:49:01.0099 2344	RDPENCDD - ok
15:49:01.0133 2344	RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:49:01.0133 2344	RDPREFMP - ok
15:49:01.0181 2344	RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:49:01.0183 2344	RDPWD - ok
15:49:01.0211 2344	rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:49:01.0212 2344	rdyboost - ok
15:49:01.0337 2344	RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:49:01.0342 2344	RegSrvc - ok
15:49:01.0385 2344	RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:49:01.0386 2344	RemoteAccess - ok
15:49:01.0423 2344	RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:49:01.0425 2344	RemoteRegistry - ok
15:49:01.0547 2344	RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:49:01.0548 2344	RFCOMM - ok
15:49:01.0648 2344	Roxio UPnP Renderer 10 (14a99fd851272c73b758546ef8f0e641) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
15:49:01.0650 2344	Roxio UPnP Renderer 10 - ok
15:49:01.0694 2344	Roxio Upnp Server 10 (ba917f2f2bd5033e70823797c73cdfcb) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
15:49:01.0697 2344	Roxio Upnp Server 10 - ok
15:49:01.0806 2344	RoxLiveShare10 (8986d20cf294d794a79fb18ff697b68b) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
15:49:01.0809 2344	RoxLiveShare10 - ok
15:49:01.0946 2344	RoxMediaDB10 (d8c44229eb2495e774350529ed9be08d) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
15:49:01.0953 2344	RoxMediaDB10 - ok
15:49:02.0040 2344	RoxWatch10 (53716357f4b3c99112cf0a21932c5688) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
15:49:02.0041 2344	RoxWatch10 - ok
15:49:02.0151 2344	RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:49:02.0153 2344	RpcEptMapper - ok
15:49:02.0177 2344	RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:49:02.0178 2344	RpcLocator - ok
15:49:02.0235 2344	RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:49:02.0240 2344	RpcSs - ok
15:49:02.0295 2344	rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:49:02.0295 2344	rspndr - ok
15:49:02.0336 2344	RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:49:02.0340 2344	RTL8167 - ok
15:49:02.0404 2344	s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:49:02.0405 2344	s3cap - ok
15:49:02.0509 2344	SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:49:02.0510 2344	SamSs - ok
15:49:02.0580 2344	SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:49:02.0580 2344	SASDIFSV - ok
15:49:02.0596 2344	SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:49:02.0596 2344	SASKUTIL - ok
15:49:02.0642 2344	sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:49:02.0643 2344	sbp2port - ok
15:49:02.0681 2344	SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
15:49:02.0682 2344	SBRE - ok
15:49:02.0723 2344	SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:49:02.0725 2344	SCardSvr - ok
15:49:02.0776 2344	scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:49:02.0777 2344	scfilter - ok
15:49:02.0945 2344	Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:49:02.0953 2344	Schedule - ok
15:49:03.0001 2344	SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:49:03.0002 2344	SCPolicySvc - ok
15:49:03.0059 2344	sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:49:03.0060 2344	sdbus - ok
15:49:03.0103 2344	SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:49:03.0106 2344	SDRSVC - ok
15:49:03.0193 2344	SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:49:03.0194 2344	SeaPort - ok
15:49:03.0241 2344	secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:49:03.0241 2344	secdrv - ok
15:49:03.0278 2344	seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:49:03.0280 2344	seclogon - ok
15:49:03.0300 2344	SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:49:03.0302 2344	SENS - ok
15:49:03.0334 2344	SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:49:03.0335 2344	SensrSvc - ok
15:49:03.0350 2344	Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:49:03.0350 2344	Serenum - ok
15:49:03.0368 2344	Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:49:03.0369 2344	Serial - ok
15:49:03.0414 2344	sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:49:03.0414 2344	sermouse - ok
15:49:03.0460 2344	SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:49:03.0462 2344	SessionEnv - ok
15:49:03.0503 2344	sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:49:03.0504 2344	sffdisk - ok
15:49:03.0517 2344	sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:49:03.0518 2344	sffp_mmc - ok
15:49:03.0525 2344	sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:49:03.0525 2344	sffp_sd - ok
15:49:03.0584 2344	sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:49:03.0585 2344	sfloppy - ok
15:49:03.0645 2344	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:49:03.0649 2344	ShellHWDetection - ok
15:49:03.0690 2344	Shockprf (5a5346931ce61ea85f8338f7a03131f7) C:\Windows\system32\DRIVERS\Apsx64.sys
15:49:03.0691 2344	Shockprf - ok
15:49:03.0724 2344	SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:49:03.0725 2344	SiSRaid2 - ok
15:49:03.0756 2344	SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:49:03.0757 2344	SiSRaid4 - ok
15:49:03.0790 2344	Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:49:03.0791 2344	Smb - ok
15:49:03.0829 2344	SMR300 (10bc9f077fc149e4e0a40bae1d42a259) C:\Windows\system32\drivers\SMR300.SYS
15:49:03.0830 2344	SMR300 - ok
15:49:03.0884 2344	SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:49:03.0886 2344	SNMPTRAP - ok
15:49:03.0912 2344	spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:49:03.0913 2344	spldr - ok
15:49:03.0974 2344	Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:49:03.0978 2344	Spooler - ok
15:49:04.0141 2344	sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:49:04.0163 2344	sppsvc - ok
15:49:04.0237 2344	sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:49:04.0239 2344	sppuinotify - ok
15:49:04.0330 2344	SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:49:04.0332 2344	SQLBrowser - ok
15:49:04.0892 2344	SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:49:04.0893 2344	SQLWriter - ok
15:49:05.0026 2344	SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS
15:49:05.0030 2344	SRTSP - ok
15:49:05.0081 2344	SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
15:49:05.0082 2344	SRTSPX - ok
15:49:05.0122 2344	srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:49:05.0126 2344	srv - ok
15:49:05.0165 2344	srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:49:05.0168 2344	srv2 - ok
15:49:05.0222 2344	SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:49:05.0224 2344	SrvHsfHDA - ok
15:49:05.0302 2344	SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:49:05.0311 2344	SrvHsfV92 - ok
15:49:05.0432 2344	SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:49:05.0440 2344	SrvHsfWinac - ok
15:49:05.0486 2344	srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:49:05.0487 2344	srvnet - ok
15:49:05.0514 2344	sscdbus (1612881760c9df7fbb09b6cf1d3ba0df) C:\Windows\system32\DRIVERS\sscdbus.sys
15:49:05.0515 2344	sscdbus - ok
15:49:05.0539 2344	sscdmdfl (d7803a687e85189ea2b525cc22093521) C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:49:05.0540 2344	sscdmdfl - ok
15:49:05.0562 2344	sscdmdm (06db3d5eb2444083c7f5af7874765505) C:\Windows\system32\DRIVERS\sscdmdm.sys
15:49:05.0563 2344	sscdmdm - ok
15:49:05.0582 2344	sscdserd (23ebb395609d9cdb8b1074a12254119b) C:\Windows\system32\DRIVERS\sscdserd.sys
15:49:05.0583 2344	sscdserd - ok
15:49:05.0606 2344	SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:49:05.0608 2344	SSDPSRV - ok
15:49:05.0625 2344	SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:49:05.0627 2344	SstpSvc - ok
15:49:05.0642 2344	stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:49:05.0643 2344	stexstor - ok
15:49:05.0686 2344	StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
15:49:05.0687 2344	StillCam - ok
15:49:05.0747 2344	stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:49:05.0751 2344	stisvc - ok
15:49:05.0816 2344	stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
15:49:05.0817 2344	stllssvr - ok
15:49:05.0864 2344	storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:49:05.0865 2344	storflt - ok
15:49:05.0883 2344	StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:49:05.0885 2344	StorSvc - ok
15:49:05.0903 2344	storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:49:05.0903 2344	storvsc - ok
15:49:05.0958 2344	SUService (3119e9bc5fad5ea1cd31ae200a1da591) c:\Program Files (x86)\Lenovo\System Update\SUService.exe
15:49:05.0959 2344	SUService - ok
15:49:05.0975 2344	swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:49:05.0976 2344	swenum - ok
15:49:06.0004 2344	swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:49:06.0008 2344	swprv - ok
15:49:06.0086 2344	SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
15:49:06.0088 2344	SymDS - ok
15:49:06.0135 2344	SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
15:49:06.0142 2344	SymEFA - ok
15:49:06.0187 2344	SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:49:06.0189 2344	SymEvent - ok
15:49:06.0218 2344	SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS
15:49:06.0219 2344	SymIRON - ok
15:49:06.0251 2344	SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS
15:49:06.0254 2344	SymNetS - ok
15:49:06.0304 2344	SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
15:49:06.0306 2344	SynTP - ok
15:49:06.0513 2344	SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:49:06.0525 2344	SysMain - ok
15:49:06.0641 2344	szkg5 (8598e4a12eaa945b35365dd2750b9777) C:\Windows\syswow64\DRIVERS\szkg64.sys
15:49:06.0642 2344	szkg5 - ok
15:49:06.0708 2344	szserver (8fdaf81240a4057162cad255f02a844e) C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
15:49:06.0708 2344	szserver - ok
15:49:06.0797 2344	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:49:06.0799 2344	TabletInputService - ok
15:49:06.0845 2344	TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:49:06.0848 2344	TapiSrv - ok
15:49:06.0906 2344	TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:49:06.0907 2344	TBS - ok
15:49:07.0125 2344	Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:49:07.0138 2344	Tcpip - ok
15:49:07.0329 2344	TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:49:07.0340 2344	TCPIP6 - ok
15:49:07.0444 2344	tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:49:07.0444 2344	tcpipreg - ok
15:49:07.0464 2344	TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:49:07.0464 2344	TDPIPE - ok
15:49:07.0506 2344	TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:49:07.0506 2344	TDTCP - ok
15:49:07.0542 2344	tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:49:07.0543 2344	tdx - ok
15:49:07.0582 2344	TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:49:07.0583 2344	TermDD - ok
15:49:07.0630 2344	TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:49:07.0637 2344	TermService - ok
15:49:07.0657 2344	Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:49:07.0659 2344	Themes - ok
15:49:07.0779 2344	ThinkVantage Registry Monitor Service (39ac444e07fdbd8c2e8e291a65d515d3) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
15:49:07.0785 2344	ThinkVantage Registry Monitor Service - ok
15:49:07.0804 2344	THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:49:07.0806 2344	THREADORDER - ok
15:49:07.0865 2344	TPDIGIMN (7e25f9ae51daac0791df1eb949a58dbe) C:\Windows\system32\DRIVERS\ApsHM64.sys
15:49:07.0866 2344	TPDIGIMN - ok
15:49:07.0885 2344	TPHDEXLGSVC (dd96de244cb186207149bc897e67217a) C:\Windows\system32\TPHDEXLG64.exe
15:49:07.0886 2344	TPHDEXLGSVC - ok
15:49:07.0940 2344	TPHKSVC (3c6a42a8494d74f44f048bb7f9f2db44) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
15:49:07.0940 2344	TPHKSVC - ok
15:49:07.0965 2344	TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
15:49:07.0965 2344	TPM - ok
15:49:07.0994 2344	TPPWRIF (2c067e01d6bbccc88b233b868e210907) C:\Windows\system32\drivers\Tppwr64v.sys
15:49:07.0994 2344	TPPWRIF - ok
15:49:08.0028 2344	TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:49:08.0030 2344	TrkWks - ok
15:49:08.0089 2344	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:49:08.0090 2344	TrustedInstaller - ok
15:49:08.0135 2344	tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:49:08.0136 2344	tssecsrv - ok
15:49:08.0176 2344	TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:49:08.0177 2344	TsUsbFlt - ok
15:49:08.0220 2344	tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:49:08.0221 2344	tunnel - ok
15:49:08.0350 2344	TVT Backup Service (b56da1aa776c15043d10f82b32aa000d) C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
15:49:08.0359 2344	TVT Backup Service - ok
15:49:08.0554 2344	uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:49:08.0554 2344	uagp35 - ok
15:49:08.0615 2344	udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:49:08.0618 2344	udfs - ok
15:49:08.0679 2344	UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:49:08.0681 2344	UI0Detect - ok
15:49:08.0738 2344	uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:49:08.0739 2344	uliagpkx - ok
15:49:08.0783 2344	umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:49:08.0784 2344	umbus - ok
15:49:08.0828 2344	UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:49:08.0829 2344	UmPass - ok
15:49:08.0847 2344	UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:49:08.0849 2344	UmRdpService - ok
15:49:08.0893 2344	upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:49:08.0897 2344	upnphost - ok
15:49:08.0959 2344	USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
15:49:08.0959 2344	USBAAPL64 - ok
15:49:09.0030 2344	usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:49:09.0031 2344	usbaudio - ok
15:49:09.0084 2344	usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:49:09.0085 2344	usbccgp - ok
15:49:09.0121 2344	usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:49:09.0122 2344	usbcir - ok
15:49:09.0148 2344	usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:49:09.0149 2344	usbehci - ok
15:49:09.0177 2344	usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:49:09.0180 2344	usbhub - ok
15:49:09.0200 2344	usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
15:49:09.0200 2344	usbohci - ok
15:49:09.0221 2344	usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:49:09.0221 2344	usbprint - ok
15:49:09.0264 2344	usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:49:09.0265 2344	usbscan - ok
15:49:09.0309 2344	USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:49:09.0310 2344	USBSTOR - ok
15:49:09.0330 2344	usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:49:09.0330 2344	usbuhci - ok
15:49:09.0369 2344	usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:49:09.0370 2344	usbvideo - ok
15:49:09.0401 2344	UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:49:09.0402 2344	UxSms - ok
15:49:09.0442 2344	VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:49:09.0443 2344	VaultSvc - ok
15:49:09.0484 2344	vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:49:09.0485 2344	vdrvroot - ok
15:49:09.0547 2344	vds  (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:49:09.0551 2344	vds - ok
15:49:09.0581 2344	vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:49:09.0582 2344	vga - ok
15:49:09.0594 2344	VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:49:09.0594 2344	VgaSave - ok
15:49:09.0623 2344	vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:49:09.0625 2344	vhdmp - ok
15:49:09.0643 2344	viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:49:09.0644 2344	viaide - ok
15:49:09.0690 2344	vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:49:09.0692 2344	vmbus - ok
15:49:09.0708 2344	VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:49:09.0709 2344	VMBusHID - ok
15:49:09.0727 2344	volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:49:09.0728 2344	volmgr - ok
15:49:09.0770 2344	volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:49:09.0773 2344	volmgrx - ok
15:49:09.0803 2344	volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:49:09.0805 2344	volsnap - ok
15:49:09.0825 2344	vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:49:09.0826 2344	vsmraid - ok
15:49:09.0923 2344	VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:49:09.0934 2344	VSS - ok
15:49:10.0023 2344	vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:49:10.0024 2344	vwifibus - ok
15:49:10.0034 2344	vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:49:10.0035 2344	vwififlt - ok
15:49:10.0045 2344	vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:49:10.0045 2344	vwifimp - ok
15:49:10.0087 2344	W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:49:10.0090 2344	W32Time - ok
15:49:10.0112 2344	WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:49:10.0113 2344	WacomPen - ok
15:49:10.0148 2344	WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:49:10.0149 2344	WANARP - ok
15:49:10.0153 2344	Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:49:10.0154 2344	Wanarpv6 - ok
15:49:10.0236 2344	WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:49:10.0243 2344	WatAdminSvc - ok
15:49:10.0328 2344	wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:49:10.0339 2344	wbengine - ok
15:49:10.0461 2344	WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:49:10.0463 2344	WbioSrvc - ok
15:49:10.0523 2344	wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:49:10.0526 2344	wcncsvc - ok
15:49:10.0556 2344	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:49:10.0558 2344	WcsPlugInService - ok
15:49:10.0644 2344	Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:49:10.0645 2344	Wd - ok
15:49:10.0744 2344	Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:49:10.0748 2344	Wdf01000 - ok
15:49:10.0796 2344	WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:49:10.0799 2344	WdiServiceHost - ok
15:49:10.0805 2344	WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:49:10.0807 2344	WdiSystemHost - ok
15:49:10.0874 2344	WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:49:10.0877 2344	WebClient - ok
15:49:10.0899 2344	Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:49:10.0902 2344	Wecsvc - ok
15:49:10.0919 2344	wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:49:10.0921 2344	wercplsupport - ok
15:49:10.0942 2344	WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:49:10.0944 2344	WerSvc - ok
15:49:10.0996 2344	WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:49:10.0997 2344	WfpLwf - ok
15:49:11.0014 2344	WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:49:11.0015 2344	WIMMount - ok
15:49:11.0024 2344	WinHttpAutoProxySvc - ok
15:49:11.0075 2344	Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:49:11.0076 2344	Winmgmt - ok
15:49:11.0191 2344	WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:49:11.0204 2344	WinRM - ok
15:49:11.0312 2344	WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
15:49:11.0313 2344	WinUSB - ok
15:49:11.0364 2344	Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:49:11.0371 2344	Wlansvc - ok
15:49:11.0512 2344	wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:49:11.0525 2344	wlidsvc - ok
15:49:11.0621 2344	WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:49:11.0622 2344	WmiAcpi - ok
15:49:11.0657 2344	wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:49:11.0659 2344	wmiApSrv - ok
15:49:11.0683 2344	WMPNetworkSvc - ok
15:49:11.0707 2344	WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:49:11.0709 2344	WPCSvc - ok
15:49:11.0751 2344	WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:49:11.0753 2344	WPDBusEnum - ok
15:49:11.0780 2344	ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:49:11.0781 2344	ws2ifsl - ok
15:49:11.0816 2344	WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
15:49:11.0817 2344	WSDPrintDevice - ok
15:49:11.0821 2344	WSearch - ok
15:49:11.0946 2344	wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:49:11.0962 2344	wuauserv - ok
15:49:12.0070 2344	WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:49:12.0071 2344	WudfPf - ok
15:49:12.0094 2344	WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:49:12.0095 2344	WUDFRd - ok
15:49:12.0133 2344	wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:49:12.0135 2344	wudfsvc - ok
15:49:12.0166 2344	WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:49:12.0169 2344	WwanSvc - ok
15:49:12.0204 2344	MBR (0x1B8) (799385149a78d64a37d711f052eead64) \Device\Harddisk0\DR0
15:49:12.0454 2344	\Device\Harddisk0\DR0 - ok
15:49:12.0458 2344	Boot (0x1200) (1ea833e6b60e28e326c303bb7106a034) \Device\Harddisk0\DR0\Partition0
15:49:12.0459 2344	\Device\Harddisk0\DR0\Partition0 - ok
15:49:12.0491 2344	Boot (0x1200) (d30cf8d03224be751d5b405e67105faf) \Device\Harddisk0\DR0\Partition1
15:49:12.0492 2344	\Device\Harddisk0\DR0\Partition1 - ok
15:49:12.0526 2344	Boot (0x1200) (586cf448fa74ec9d7179558761e36ca9) \Device\Harddisk0\DR0\Partition2
15:49:12.0527 2344	\Device\Harddisk0\DR0\Partition2 - ok
15:49:12.0528 2344	============================================================
15:49:12.0528 2344	Scan finished
15:49:12.0528 2344	============================================================
15:49:12.0542 2240	Detected object count: 0
15:49:12.0542 2240	Actual detected object count: 0
15:49:16.0757 2872	Deinitialize success


----------



## Mark1956 (May 7, 2011)

So far everything is coming up clean, don't worry about the FRST log. We can deal with McAfee later. Please go ahead and run RogueKiller and post the log.


----------



## mathew206 (Aug 7, 2012)

Hey Mark, I actually do have the frst64 log, but I cannot get it until tomorrow as it is on another flash drive. I know you said not to worry, but if you want me to post it tomorrow, I can.

Here is the rogue killer report. It appears that it did catch a few things. I have not attempted to fix anything.

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: ChoysToy [Admin rights]
Mode: Scan -- Date: 08/16/2012 23:13:35

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{9867ed17-947a-e440-13f8-372d5a958ab1}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{9867ed17-947a-e440-13f8-372d5a958ab1}\L --> FOUND
[ZeroAccess][FILE] @ : c:\users\choystoy\appdata\local\{9867ed17-947a-e440-13f8-372d5a958ab1}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\choystoy\appdata\local\{9867ed17-947a-e440-13f8-372d5a958ab1}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\choystoy\appdata\local\{9867ed17-947a-e440-13f8-372d5a958ab1}\L --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HITACHI HTS545050B9A300 +++++
--- User ---
[MBR] a9b701eb7dd85cbeca9ebb098e6f2a3a
[BSP] 86d84489c985e4e60089373306b3b6b9 : Lenovo tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


----------



## Mark1956 (May 7, 2011)

Please try this to remove McAfee. Click on Ctrl Alt Delete keys at the same time and then select the Task Manager. Find these three running processes:

*FrameworkService.exe
VsTskMgr.exe
naPrdMgr.exe*

Select each one in turn and click on the End Process button. Once done go into Programs and Features and try to uninstall the program again, then run the Removal tool.

Next please do another scan with RogueKiller and select all of the ZeroAccess detections, then click on the Delete button. Post the resulting log.

Then follow these instructions:


Windows 7 System File Checker
Click on *Start* and type *cmd* in the search box. Right click on *cmd* in the popup menu and select *Run as Administrator*.
Another box will open, at the Command Prompt, type *sfc /scannow* and press Enter. (Note the gap between the c and the /) 
Let the check run to completion.
*To find the log*
Copy & Paste the following command at the Command Prompt and press Enter:
* findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt* 
This will place a file on your desktop called *sfcdetails.txt* which contains the results of the scan.
Zip up the file and attach it to your next post.


----------



## mathew206 (Aug 7, 2012)

I actually could not find any of those three items in processes. However, I did find the following under the Services tab: McAfee EngineService, McAfeeFramework, McShield, McTaskManager.

Shall I still proceed with roguekiller? I actually did not even close the program yet, so I could just delete from the first scan. Let me know if this is okay, or to rescan. Thanks.


----------



## Mark1956 (May 7, 2011)

You can go ahead with deleting the detections witout restarting RogueKiller, post the log when done.

In respect of McAfee, I thought those .exe files would be seen in the Processes list, nevertheless please disable and stop anything you can find related to McAfee, it should then allow you to uninstall it.


----------



## mathew206 (Aug 7, 2012)

Mcafee removal - I tried to stop the services related to Mcafee. What I did was, find the item under the Services tab, right click, then click stop service. (the options it has is 1. start service, 2. stop service, 3. go to process).

When I clicked stop service, a window opens up and says, "The operation could not be completed. Access is denied." 
When I tried go to process, it just opens up the processes tab, but nothing is highlighted, and nothing happens.

Start service is greyed out and and I cannot click that option.

Quick question for you, Should I keep my computer in sleep mode or on between trouble shooting? Everytime I turn it off, it says that updates are being updated/installed. I believe that is the virus as I did not see any windows updates.

Here is the second Rogue Killer log after hitting delete.

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: ChoysToy [Admin rights]
Mode: Remove -- Date: 08/17/2012 08:09:40

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{9867ed17-947a-e440-13f8-372d5a958ab1}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\windows\installer\{9867ed17-947a-e440-13f8-372d5a958ab1}\L --> REMOVED
[ZeroAccess][FILE] @ : c:\users\choystoy\appdata\local\{9867ed17-947a-e440-13f8-372d5a958ab1}\@ --> REMOVED
[ZeroAccess][FOLDER] U : c:\users\choystoy\appdata\local\{9867ed17-947a-e440-13f8-372d5a958ab1}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\users\choystoy\appdata\local\{9867ed17-947a-e440-13f8-372d5a958ab1}\L --> REMOVED

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HITACHI HTS545050B9A300 +++++
--- User ---
[MBR] a9b701eb7dd85cbeca9ebb098e6f2a3a
[BSP] 86d84489c985e4e60089373306b3b6b9 : Lenovo tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


----------



## mathew206 (Aug 7, 2012)

Here is the system file checker report


----------



## Mark1956 (May 7, 2011)

Please reboot the PC if you have not done so already. Run another scan with RogueKiller and post the log.


----------



## mathew206 (Aug 7, 2012)

It looks clean. Computer does still seem slow though, but still much better than before. Waiting for your commands! lol

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: ChoysToy [Admin rights]
Mode: Scan -- Date: 08/17/2012 16:59:00

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HITACHI HTS545050B9A300 +++++
--- User ---
[MBR] a9b701eb7dd85cbeca9ebb098e6f2a3a
[BSP] 86d84489c985e4e60089373306b3b6b9 : Lenovo tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt


----------



## Mark1956 (May 7, 2011)

That log is now clean so things are looking up. Please run the following scan for a final check and post the log from Security Check. We can then deal with McAfee.

*Eset online scan instructions.*
*IMPORTANT --->* Please make sure you follow the instruction to *uncheck* the box next to *Remove found threats*. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.

Disable your existing Anti Virus following these instructions.
Please go here to use the Eset Online Scanner.
When the web page opens click on this button








If you are not using *Internet Explorer* you will see a message box open asking you to to download the *ESET Smart Installer*, click on the link and allow it to download and then run it. Accept the *Terms of use* and click on *Start*. The required components will download.
If using Internet Explorer the *Terms of use* box will open immediately, accept it and click on *Start*.
After the download is complete the *Computer scan settings* window will open, *IMPORTANT ---->* *uncheck* the box next to *Remove found threats* and click on *Start*. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. *Do not* interrupt it, be patient and let it finish.
A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select *Paste* and the report will appear, add any comments you have and post the reply.
Back on the *Eset* window, click the *Back* button and then click on *Finish*.

__________________________________________________________________

Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


----------



## mathew206 (Aug 7, 2012)

It appears that we are still infected. Here are the results:


C:\Qoobox\Quarantine\C\Windows\Installer\{9867ed17-947a-e440-13f8-372d5a958ab1}\U\[email protected] Win64/Sirefef.AN trojan
C:\Users\ChoysToy\AppData\Local\CDDB\ktkakedt.dll a variant of Win32/Kryptik.AIFZ trojan
C:\Users\ChoysToy\Downloads\cnet2_BullzipPDFPrinter_4_0_0_463_zip.exe a variant of Win32/InstallCore.D application


----------



## mathew206 (Aug 7, 2012)

The file automatically saved and ran from downloads before I got a chance to move it to desktop. Shall I rerun the file?

* Results of screen317's Security Check version 0.99.46 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 9 
``````````````Antivirus/Firewall Check:`````````````` 
Windows Firewall Enabled! 
Norton Business Suite 
WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
Malwarebytes Anti-Malware version 1.61.0.1400 
Java(TM) 6 Update 31 
Java version out of Date! 
Adobe Reader 9 Adobe Reader out of Date! 
Mozilla Firefox 13.0.1 Firefox out of Date! 
Google Chrome 20.0.1132.57 
Google Chrome 21.0.1180.79 
````````Process Check: objlist.exe by Laurent```````` 
Norton ccSvcHst.exe 
McAfee VirusScan Enterprise x64 EngineServer.exe 
McAfee VirusScan Enterprise VsTskMgr.exe 
McAfee VirusScan Enterprise x64 McShield.exe 
McAfee VirusScan Enterprise x64 mfeann.exe 
McAfee VirusScan Enterprise shstat.exe 
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe 
`````````````````System Health check````````````````` 
Total Fragmentation on Drive C: 0% 
````````````````````End of Log``````````````````````

*


----------



## Mark1956 (May 7, 2011)

The Eset result shows three files. One is in the Qoobox Quarantine so is safely out of harms way. The other two we need to check.

Go to one of the following online services that analyzes suspicious files:

*Jotti's virusscan*
*VirusTotal*
*VirSCAN*
In the "*File to Scan*" (Upload or Submit) box, click the "*browse*" button and locate the following files:

C:\Users\ChoysToy\AppData\Local\CDDB\*ktkakedt.dll* _<- this file_ C:\Users\ChoysToy\Downloads\*cnet2_BullzipPDFPrinter_4_0_0_463_zip.exe* _<- this file_

Click "*Open*", then click the "*Submit*" button. If you get a message saying "_File has already been analyzed_", click *Reanalyze* or *Scan again*.
-- Post back with the results of the file analysis in your next reply.
_________________________________________________________________

I found in the Combofix log a locked registry key relating to McAfee please follow these instructions which will unlock it.

Once Combofix has been run have another go at uninstalling McAfee and let me know what happens.
Try to stop all the services you previously found and look for this one *mferkdet.sys*, also include in your search all the .exe files relating to McAfee shown in Security Check if not found in services look under the processes tab.

We are now going to run ComboFix a different way.
Open Notepad by clicking on







and in the *Search* box type: *Notepad.exe* and hit *Enter*.
Copy and paste everything in the *code box* below into it.
_-- Note: Make sure Word Wrap is *unchecked* in Notepad by clicking on *Format* in the top menu._

```
KillAll::
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
ClearJavaCache::
Reboot::
```

Save the file as *CFScript.txt* by choosing _Save As..._ in the File Menu, and save it to your Desktop where the ComboFix icon is also located.
Close your browser and* disconnect* from the Internet.
Now use your mouse to *drag*, then *drop* the CFScript.txt file on top of ComboFix.exe as seen in the image below.








This will start ComboFix again and launch the script.
ComboFix may reboot your system when it finishes. This is normal.
A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of *ComboFix.txt* in your next reply.
Be sure to *re-enable* your anti-virus and other security programs *after* the scan is complete.
NOTE: if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.


----------



## mathew206 (Aug 7, 2012)

SHA256:4462caf175f71b2146926eee29d453fa6cf99b30c193015988be4011d54caecdSHA1:f0eab223d14705165dfa59fa1954424ccfbfba0aMD5:d5a7ef7068b30ea8a18a4fc228317290File size:452.2 KB ( 463080 bytes ) File name:cnet2_BullzipPDFPrinter_4_0_0_463_zip.exeFile type:Win32 EXEDetection ratio:9 / 41Analysis date:2012-08-19 18:03:20 UTC ( 1 minute ago ) 








0

0

More details
AntivirusResultUpdatenProtect-20120819CAT-QuickHeal-20120819McAfee-20120819K7AntiVirusUnwanted-Program20120818TheHacker-20120818VirusBuster-20120819F-ProtW32/InstallCore.B20120819Symantec-20120819Norman-20120819TotalDefense-20120819TrendMicro-HouseCall-20120819AvastWin32:InstallCore-AM [PUP]20120819eSafeWin32.Trojan20120816ClamAV-20120819Kasperskynot-a-virus:HEUR:WebToolbar.Win32.InstallCore.gen20120819BitDefender-20120819ViRobot-20120819Sophos-20120819Comodo-20120819F-Secure-20120819DrWebAdware.Downware.13020120819VIPRE-20120819AntiVir-20120819TrendMicro-20120819McAfee-GW-Edition-20120819EmsisoftRiskware.Win32.InstallCore.AMN!A220120819Jiangmin-20120819Antiy-AVL-20120817Microsoft-20120819SUPERAntiSpyware-20120819AhnLab-V3-20120819GData-20120819Commtouch-20120819ByteHero-20120814VBA32WebToolbar.InstallCore.gen20120817ESET-NOD32a variant of Win32/InstallCore.D20120819Rising-20120817Ikarus-20120818Fortinet-20120818AVG-20120819Panda-20120819


Comments
Votes
Additional information
No comments


----------



## mathew206 (Aug 7, 2012)

SHA256:1b4f24a272633fba019decb277ea0bf705ca785dcc2212ef4170964cdbd01785SHA1:bb45492d20e7f31a9867106795369436753f347fMD5:da12d6588b49369d08394f62056636c7File size:304.0 KB ( 311296 bytes ) File name:ktkakedt.dllFile type:Win32 DLLDetection ratio:19 / 38Analysis date:2012-08-19 18:14:27 UTC ( 1 minute ago ) 








0

0

More details
AntivirusResultUpdateAntiVirTR/Obfuscate.ZY20120819Antiy-AVL-20120817AvastWin32:Malware-gen20120819AVGCrypt.AYJB20120819ByteHero-20120814CAT-QuickHeal-20120819ClamAV-20120819Commtouch-20120819ComodoUnclassifiedMalware20120819DrWeb-20120819EmsisoftTrojan.Win32.Tracur!IK20120819eSafe-20120816ESET-NOD32a variant of Win32/Kryptik.AIFZ20120819F-Prot-20120819F-SecureTrojan.Generic.KDV.67684120120819FortinetW32/Kryptik.AIFZ20120818GDataTrojan.Generic.KDV.67684120120819IkarusTrojan.Win32.Tracur20120818Jiangmin-20120819K7AntiVirusRiskware20120818Kaspersky-20120819McAfeeArtemis!DA12D6588B4920120819McAfee-GW-EditionArtemis!DA12D6588B4920120819MicrosoftVirTool:Win32/Obfuscator.ZY20120819NormanW32/Vundo.GTY20120819PandaGeneric Malware20120819Rising-20120817Sophos-20120819SUPERAntiSpyware-20120819Symantec-20120819TheHackerTrojan/Kryptik.aifz20120818TotalDefense-20120819TrendMicro-20120819TrendMicro-HouseCallTROJ_GEN.RCBB1GU20120819VBA32-20120817VIPRETrojan.Win32.Generic!BT20120819ViRobot-20120819VirusBuster-


----------



## Mark1956 (May 7, 2011)

Difficult to read those reports, how many hits did each one get out of all the different scanners.


----------



## mathew206 (Aug 7, 2012)

Sorry, I know the copy and paste did not come out very clean. It appears the table format did not transfer over. Bullzip Had 9/41 I believe. And the ktkakedt.dll had 19/38. Let me know if those are the numbers you were looking for. 

I ran the CFSrcipt with combofix, and the computer restarted. The log will be posted on the next post.

I am still unable to stop the services for Mcafee. I am getting the same error. I tried to uninstall the program as well, but still received the same error message.

I looked for mferkdet.sys, but could not find the file.


----------



## mathew206 (Aug 7, 2012)

I believe this is the right log. I had to restart the computer again to get rid of the illegal operation error message. I found the log under C: and it had the correct time and date stamp.

ComboFix 12-08-16.01 - ChoysToy 08/19/2012 11:27:50.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3933.1883 [GMT -7:00]
Running from: c:\users\ChoysToy\Desktop\ComboFix.exe
Command switches used :: c:\users\ChoysToy\Desktop\CFScript.txt
AV: Norton Business Suite *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Business Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Business Suite *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 )))))))))))))))))))))))))))))))
.
.
2012-08-19 18:43 . 2012-08-19 18:43 -------- d-----w- c:\users\Xiao Rui\AppData\Local\temp
2012-08-19 18:43 . 2012-08-19 18:43 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-08-19 18:43 . 2012-08-19 18:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-18 16:02 . 2012-08-18 16:02 -------- d-----w- c:\program files (x86)\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-19 18:00 . 2010-03-28 20:35 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-18 17:48 . 2012-04-12 00:58 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-18 17:48 . 2011-06-02 18:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 22:40 . 2012-07-13 22:40 116016 ----a-w- c:\windows\system32\drivers\24097668.sys
2012-07-12 03:06 . 2012-07-12 03:06 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-12 03:08 . 2012-07-11 18:37 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 16:03 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 15:49 . 2012-06-06 15:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 16:04 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 16:04 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 16:03 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 16:04 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 16:04 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 16:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-27 06:20 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-27 06:21 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-27 06:21 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-27 06:21 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-27 06:20 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-27 06:20 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-27 06:21 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-27 06:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-27 06:20 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:49 . 2012-07-11 18:30 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 18:30 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 18:30 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 18:30 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 18:30 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 18:30 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 18:30 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 18:30 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 18:30 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 18:30 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 18:30 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 18:30 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 18:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 18:30 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 18:30 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 18:30 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 18:30 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 18:30 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 18:30 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 16:03 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 16:03 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 16:03 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 16:03 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 16:03 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 16:03 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 16:03 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 16:03 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 16:03 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( [email protected]_04.27.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-19 05:08 . 2012-08-19 19:00 57892 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-19 19:00 55578 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-27 03:52 . 2012-08-19 19:00 15150 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1784883445-1032603892-293820194-1003_UserData.bin
+ 2009-07-14 05:30 . 2012-08-19 18:43 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-06-27 06:24 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-07-13 16:08 . 2011-04-28 03:54 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\BTHUSB.SYS
+ 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthenum.sys
+ 2010-03-23 20:45 . 2012-08-18 17:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-23 20:45 . 2012-07-12 22:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-23 20:45 . 2012-08-18 17:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-23 20:45 . 2012-07-12 22:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-12 22:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-18 17:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-25 08:23 . 2012-08-19 18:13 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-07-25 08:23 . 2012-07-11 18:35 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-07-25 08:23 . 2012-08-19 18:13 43608 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe
- 2010-07-25 08:23 . 2012-07-11 18:35 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-07-25 08:23 . 2012-08-19 18:13 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-08-19 18:55 . 2012-08-19 18:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-23 04:14 . 2012-07-23 04:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-19 18:55 . 2012-08-19 18:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-23 04:14 . 2012-07-23 04:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-18 17:48 . 2012-08-18 17:48 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe
+ 2012-08-18 16:59 . 2012-08-18 16:59 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
+ 2012-08-18 16:59 . 2012-08-18 16:59 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll
- 2012-04-12 00:58 . 2012-07-12 01:48 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-12 00:58 . 2012-08-18 17:48 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2009-07-14 04:54 . 2012-07-22 07:50 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-18 17:48 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-23 18:02 . 2012-08-19 13:34 511560 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-08-18 00:08 683588 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-22 05:54 683588 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-18 00:08 128518 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-22 05:54 128518 c:\windows\system32\perfc009.dat
+ 2012-08-18 17:48 . 2012-08-18 17:48 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_Plugin.exe
+ 2012-08-18 16:59 . 2012-08-18 16:59 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.exe
+ 2012-08-18 16:59 . 2012-08-18 16:59 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.dll
- 2009-07-14 05:30 . 2012-06-27 06:24 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-08-19 18:43 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-08-19 18:43 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-06-27 06:24 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-04-05 19:20 . 2010-11-20 13:24 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\fsquirt.exe
+ 2012-08-19 18:14 . 2012-07-06 20:07 552960 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthport.sys
- 2009-07-14 05:01 . 2012-07-23 03:59 429176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-19 18:54 429176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-04 14:59 . 2012-07-04 14:59 261120 c:\windows\Installer\9103132.msp
+ 2010-07-25 08:23 . 2012-08-19 18:13 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2010-07-25 08:23 . 2012-07-11 18:35 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-07-25 08:23 . 2012-08-19 18:13 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2010-07-25 08:23 . 2012-07-11 18:35 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-07-25 08:23 . 2012-08-19 18:13 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2010-07-25 08:23 . 2012-07-11 18:35 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2010-07-25 08:23 . 2012-07-11 18:35 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-07-25 08:23 . 2012-08-19 18:13 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-07-25 08:23 . 2012-08-19 18:13 470616 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2010-07-25 08:23 . 2012-07-11 18:35 470616 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-07-25 08:23 . 2012-08-19 18:13 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
- 2010-07-25 08:23 . 2012-07-11 18:35 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
- 2012-04-12 13:43 . 2012-04-12 13:43 135168 c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2012-08-19 18:15 . 2012-08-19 18:15 135168 c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-01-07 17:38 . 2011-01-07 17:38 121208 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\MSCONV97.DLL
+ 2012-08-18 17:48 . 2012-08-18 17:48 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
+ 2012-08-18 17:48 . 2012-08-18 17:48 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
- 2009-07-14 04:54 . 2012-07-22 07:50 2080768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-18 17:48 2080768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-22 07:50 3997696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-18 17:48 3997696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-19 05:48 . 2012-07-23 04:00 2918368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-02-19 05:48 . 2012-08-19 18:54 2918368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-08 21:16 . 2012-08-19 18:43 6726292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1784883445-1032603892-293820194-1003-8192.dat
- 2011-04-08 21:16 . 2012-07-22 18:30 6726292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1784883445-1032603892-293820194-1003-8192.dat
+ 2011-04-15 20:06 . 2012-08-17 23:52 3445396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1784883445-1032603892-293820194-1003-12288.dat
+ 2012-07-19 09:45 . 2012-07-19 09:45 3464704 c:\windows\Installer\91031b9.msp
+ 2012-07-04 15:04 . 2012-07-04 15:04 1292288 c:\windows\Installer\91031a2.msp
+ 2012-07-04 15:12 . 2012-07-04 15:12 4772352 c:\windows\Installer\9103198.msp
+ 2012-07-04 15:09 . 2012-07-04 15:09 1284096 c:\windows\Installer\9103180.msp
+ 2012-07-04 15:01 . 2012-07-04 15:01 9082368 c:\windows\Installer\9103169.msp
+ 2012-07-04 14:58 . 2012-07-04 14:58 6163456 c:\windows\Installer\910314a.msp
+ 2012-08-07 21:42 . 2012-08-07 21:42 7937024 c:\windows\Installer\37cf425.msi
- 2010-07-25 08:23 . 2012-07-11 18:35 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-07-25 08:23 . 2012-08-19 18:13 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-07-25 08:23 . 2012-07-11 18:35 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-07-25 08:23 . 2012-08-19 18:13 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-07-25 08:23 . 2012-07-11 18:35 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-07-25 08:23 . 2012-08-19 18:13 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2010-07-25 08:23 . 2012-07-11 18:35 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-07-25 08:23 . 2012-08-19 18:13 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-08-18 17:48 . 2012-08-18 17:48 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll
+ 2012-07-17 17:17 . 2012-07-17 17:17 22363136 c:\windows\Installer\91031c5.msp
+ 2012-08-19 18:21 . 2012-08-19 18:21 11059200 c:\windows\erdnt\Hiv-backup\SCHEMA.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskScheduler"="c:\prowin11\32bit\TaskSch.exe" [2012-05-28 443992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2009-12-10 1092968]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-30 124240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 136176]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-05 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-08-05 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-08-05 166384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-18 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-04-30 76696]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-08 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2009-12-10 75112]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-05 313840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-05 1124848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-19 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-07 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2011-11-24 1092728]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-06-29 23592]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-07-11 1161376]
S1 ccSet_N360;Norton Business Suite Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-04 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120718.001\IDSvia64.sys [2012-07-11 509088]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-12 57976]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2011-11-17 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2011-11-17 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 DDNIMSGService;DDNIMSGService;c:\program files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2010-07-20 171872]
S2 DDNIService;DDNIService;c:\program files (x86)\DDNI\DIBS\DDNIService.exe [2010-07-23 163680]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-04-30 19720]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-04-30 78992]
S2 N360;Norton Business Suite;c:\program files (x86)\Norton Business Suite\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-06-18 161024]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-07-12 138912]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 143320]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-03 15360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 17:48]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 04:51]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 04:51]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1784883445-1032603892-293820194-1003Core.job
- c:\users\ChoysToy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-08 06:29]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1784883445-1032603892-293820194-1003UA.job
- c:\users\ChoysToy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-08 06:29]
.
2012-05-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:44]
.
2012-08-18 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-10 7968800]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"TpShocks"="TpShocks.exe" [2009-07-09 380704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-11 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\ChoysToy\AppData\Roaming\Mozilla\Firefox\Profiles\nfiidqxa.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Business Suite\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Business Suite\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
.
**************************************************************************
.
Completion time: 2012-08-19 12:07:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-19 19:07
ComboFix2.txt 2012-08-16 21:08
ComboFix3.txt 2012-07-23 04:32
.
Pre-Run: 342,393,634,816 bytes free
Post-Run: 341,947,846,656 bytes free
.
- - End Of File - - 7F70F3F416F5985236229F10651820C0


----------



## mathew206 (Aug 7, 2012)

Hey Mark,

I did some research online, and I think this might work. Like I said before, this version of mcafee was installed at school because it was required to use their network. Let me know what you think. I know I'm not supposed to do anything without your "okay" first.

https://kc.mcafee.com/corporate/index?page=content&id=KB60556


----------



## Mark1956 (May 7, 2011)

Good job, both the tested files have sufficient bad results to warrant removing them. Please use Windows Explorer to navigate to both files in turn, right click on the file and select Delete.

Please go ahead and use the information you have found about removing the McAfee software, if it does not work then follow this:

The locked registry key is still showing in Combofix as being locked. We need to hit this a bit harder. First create a System Restore point, instructions here: Windows 7 System Restore Guide.

Next download this: Revo Uninstaller. Run it and locate the McAfee program and remove it, follow this by allowing Revo to search for any remnants and then select any that are found and remove them.

Let me know how this goes.


----------



## mathew206 (Aug 7, 2012)

The method I tried to follow via the link did not work. It could not find that file that they wanted me to run. 

I deleted the two files per your instructions. I ran revo uninstaller. I am supposed to have the pro version and using it via a 30 day trial, right?

I went through the process, I found the Mcafee program and ran the uninstall program. It gave me the same error I have when I try to do it via windows uninstall programs. Shall I try it again via Forced uninstall?


----------



## Mark1956 (May 7, 2011)

Either version of Revo is ok. Yes, use the forced uninstall. McAfee sure don't make it easy to remove this program


----------



## mathew206 (Aug 7, 2012)

no they dont. :/ So I clicked the forced uninstall, but revo wants me to choose the full path for the uninstall. (probably an .exe file) I'm really not sure which one to look for given there are so many. I chose browse to C: -> program files =-> Mcafee, but then it opens up all of the mcafee files, which there are many different programs to choose from. I am kind of at a loss. Should I try to manually delete the entire mcafee folder?


----------



## Mark1956 (May 7, 2011)

If you open the tools section and then select Autorun Manager. See if the McAfee program is in the list. If it is kill the process. Right click on it and select the option to Copy Launch path, then go back to forced uninstall and paste the launch path in.

Must admit I am using a bit of guesswork here as I cannot emulate the situation on my own PC. You might just have to experiment.

To play safe I would create a restore point before going into the unknown Windows 7 System Restore Guide. You could try deleting all the McAfee folders if all else fails, but that will leave a lot of orphan registry entries, but Revo may be able to seek them out.


----------



## Mark1956 (May 7, 2011)

I've just been looking back over the last few posts and the guide you found for the removal, I think you may have misunderstood this part.


> To take the computer out of Managed Mode, run the following command on the client computer, while logged on as an Administrator:
> 
> *frminst.exe /remove=agent*


This command line has to be run from the command prompt to get it to work.

Click on the Windows and R key on your keyboard and type CMD and hit OK.

Copy and past the command line at the flashing cursor and hit Enter. It should confirm the operation.

Then go into Programs and Features and try a normal uninstall of McAfee.

If that still fails I have found another guide here: http://www.ehow.com/how_6588713_uninstall-mcafee-agent.html
Tread very carefully with this as it involves registry editing so even more important to make a Restore Point before doing this. I would recommend you print out the instructions or have another PC next to you with the instructions displayed.

These instructions will give you a full registry back up which may be the best thing to do before touching the registry.








*Backup Registry with ERUNT*
This tool will create a complete backup of your registry. A backup is created to ensure we have backup so encase anything goes wrong we can deal with it. Do not delete these backups until we are finished.

Please download *Erunt-setup.exe* and save it to your *desktop*. 
Double click *erunt-setup.exe*. If you are using Vista or Windows 7, please right-click and select *Run as Administrator*.
Follow the prompts and allow *Erunt* to be installed.
When asked for the location for it to be installed in, let it be installed at the default. (C:\Program Files\Erunt)
If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an *Erunt* entry in the startup folder, answer *Yes*. 
*Erunt* will open when the installation is finished. Check *all items *to be backed up in the default location and click *OK*.
Close the program once the registry backup is complete.
You can find a complete guide to using the program here:http://www.larshederer.homepage.t-online.de/erunt/erunt.txt[/url]


----------



## mathew206 (Aug 7, 2012)

You are right, I had to actually find the full path to make the *frminst.exe /remove=agent

*work. However, I instead of remove agent command, I used that path with the force uninstall via REvo uninstaller pro. Nothing happened. So I used it directly under the Run command. the Frminst.exe file is gone. I rebooted, but Mcafee was still there.

I used this run command as well.
msiexec /x {147BCE03-C0F1-4C9F-8157-6A89B6D2D973} REMOVE=ALL REBOOT=R /q

It seemed to work, but I am not completely sure what happened. I went to remove programs, but Mcafee is not there. However, Mcafee is still running under task manager and services. :/

I think I will try the Manual removal next. I will be sure to backup the registry and do a system restore point.

Just for your info, I have McAfee agent version 8.7i. Thanks for the followup, I will update you as I work on the manual removal. I have another computer I can use to follow instructions.


----------



## Mark1956 (May 7, 2011)

> Frminst.exe file is gone. I rebooted, but Mcafee was still there.


Running that command was only the first step and was not intended to remove the software the next step was to then uninstall the McAfee software in the normal way from Programs and Features.

Having run the second command, according to the McAfee guide, that should have removed the program, but from what you have found that does not appear to be the case, this could be due to the running of the other command first. I suspect the McAfee guides for removal are not intended to be used together, they are optional methods for the programs removal.

Best of luck, I'll wait to hear how you have got on with it.


----------



## mathew206 (Aug 7, 2012)

Looking at the C: and Common Framework folder, All of the contents are gone. I'm thinking the uninstall did work to some degree. However the Viruscan Enterprise folder is very much still there with all the files in it. I am going to continue with the Registry removal process now.


----------



## mathew206 (Aug 7, 2012)

I believe Mcafee is pretty much gone. lol, but We will need some work cleaning up the registry a little bit. I think you said running Revo might help. What programs do I need to run to make sure we can move on? Thanks, MArk!


----------



## Mark1956 (May 7, 2011)

First thing I would warn you against is being tempted to use any kind of Registry Cleaner as they can make mistakes.

The instructions that you first came across looked like the best option but as you strayed away from them you could have a lot of leftovers in the registry.

Simply running the command: *frminst.exe /remove=agent* from the command prompt would have taken the system out of Managed Mode and should have then allowed you to uninstall the entire program in the conventional way from Programs and Features.

If I was in the same situation I would play safe and restore the registry back up and start again by running that command and uninstall the program in the conventional way.

I do have tools that can search for related registry entries but there is no guarantee it will find everything and there could be a large number of them to deal with. Revo may be able to do the same but I've never used it for a situation like this one.

On the other hand, if the system is running without any hitches leaving a bunch of orphan entries in the Registry can do no harm.

So, you have two clear options, leave as is and see how well the system runs, or go back and start again and stick to the instructions.

Either way we still have some updating to do and the clean up of all the tools used, but you need to decide first which way you are going to go with McAfee.


----------



## mathew206 (Aug 7, 2012)

Okay, It sounds like to me that getting rid of McAfee is one of our final procedures? I will try to go back and try the above again. I think you are right, and I think I can get it to uninstall the program entirely. I will have another go at it. 

One of the issues I ran into with the directions is that they all said to open mcafee to disable the program. I cannot find the exact directions at the moment. But my version did not give me the option to do that. I did, however, figure out how to disable mcshield, and some of the other running tasks via the taskbar -> services tab -> services button, then disable from there. 

I will try to do a system restore. Do I also need to load to a previous registry backup? or is that automatically done? I've actually never had to use system restore before. :X Thanks Mark.


----------



## Mark1956 (May 7, 2011)

System Restore is all you will need to do, it should return all the registry settings back to where they were before you did anything with McAfee. Simply select the Restore Point that you created earlier following the instructions in the link I gave in post 33.

Just follow the instructions I gave in post 34.



> This command line has to be run from the command prompt to get it to work.
> Click on the Windows and R key on your keyboard and type CMD and hit OK.
> Copy and paste the command line *frminst.exe /remove=agent *at the flashing cursor and hit Enter. It should confirm the operation.
> Then go into Programs and Features and try a normal uninstall of McAfee.


Do exactly as instructed above, don't try anything else and let me know what happens.

All you should need to use is the command line in bold, do not add anything to it.


----------



## mathew206 (Aug 7, 2012)

Okay, system restore was successful. I ran the remove agent command above. It worked successfully. I disabled as many mcafee services as I could find by going through task manager then services. 

I still get the error that mcafee is in use....


----------



## mathew206 (Aug 7, 2012)

Oops, sorry I went on a little further. I can do the system restore again if you'd like. I did not delete any files or anything yet.


----------



## Mark1956 (May 7, 2011)

Ok, I understand the temptation to try other things but we need to take this one step at a time or I will loose track of what you are doing.

Before trying the next step we need to check that the msiexec.exe file exists.

Please download *SystemLook* for your operating system from one of the links below and save it to your Desktop.

*Link 1: SystemLook (32-bit)*
Link 2: SystemLook (32-bit)
*Link 1: SystemLook (64-bit)*
Link 2: SystemLook (64-bit)

Double-click *SystemLook.exe* to run it.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
Copy and paste everything in the codebox below into the main textfield:

```
:filefind
msiexec.exe
```

Click the Look button to start the scan.
When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
Please copy and paste the contents of that log in your next reply.


----------



## mathew206 (Aug 7, 2012)

SystemLook 30.07.11 by jpshortstuff
Log created at 14:28 on 21/08/2012 by ChoysToy
Administrator - Elevation successful

========== filefind ==========

Searching for "msiexec.exe"
C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.17514_none_a7a77a3b9cb96ce6\msiexec.exe --a---- 128000 bytes [18:51 05/04/2011] [13:24 20/11/2010] A190DA6546501CB4146BBCC0B6A3F48B
C:\Windows\SoftwareDistribution\Download\e2f8ec1abbe2ddd27a68bbc083445bc1\x86_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.17514_none_4b88deb7e45bfbb0\msiexec.exe --a---- 73216 bytes [18:51 05/04/2011] [12:17 20/11/2010] EEE470F2A771FC0B543BDEEF74FCECA0
C:\Windows\System32\msiexec.exe --a---- 128000 bytes [19:20 05/04/2011] [13:24 20/11/2010] A190DA6546501CB4146BBCC0B6A3F48B
C:\Windows\SysWOW64\msiexec.exe --a---- 73216 bytes [19:20 05/04/2011] [12:17 20/11/2010] EEE470F2A771FC0B543BDEEF74FCECA0
C:\Windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7600.16385_none_a57666739fcae94c\msiexec.exe ------- 127488 bytes [23:48 13/07/2009] [01:39 14/07/2009] 228577912C977E2CBE04920F6172C39E
C:\Windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.17514_none_a7a77a3b9cb96ce6\msiexec.exe --a---- 128000 bytes [19:20 05/04/2011] [13:24 20/11/2010] A190DA6546501CB4146BBCC0B6A3F48B
C:\Windows\winsxs\x86_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7600.16385_none_4957caefe76d7816\msiexec.exe ------- 73216 bytes [23:31 13/07/2009] [01:14 14/07/2009] A8492E3929E7B981DA541286709C8479
C:\Windows\winsxs\x86_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.17514_none_4b88deb7e45bfbb0\msiexec.exe --a---- 73216 bytes [19:20 05/04/2011] [12:17 20/11/2010] EEE470F2A771FC0B543BDEEF74FCECA0

-= EOF =-


----------



## Mark1956 (May 7, 2011)

Looks good.

Now hit the Windows and R key on your keyboard and paste the following command into the box:

msiexec /i {147BCE03-C0F1-4C9F-8157-6A89B6D2D973} REMOVE=All REBOOT=R /q


This should launch the user interface that will allow you to Repair, Remove or Modify the program. Select Remove.

Let me know how this goes.

None of the instructions I have read so far say anything about the need to disable any of the McAfee services or processes. If the command does not work then re-enable everything you disabled, reboot and try it again.


----------



## mathew206 (Aug 7, 2012)

hmm, processor looks like its running, but there was no ui that opened up. I believe the "/q" makes it a quiet command. I think that's what I read before. Mcafee program files all appear to be there. Do you still want me to renable, reboot and run again?


----------



## mathew206 (Aug 7, 2012)

i think it was "/x" that launches the ui...


----------



## Mark1956 (May 7, 2011)

Hi, I am just posting these links for quick referral:

This is for the main instructions and Manual removal: https://kc.mcafee.com/corporate/index?page=content&id=kb59996

And this one: https://kc.mcafee.com/corporate/index?page=content&id=KB52648 shows how to use the msiexec.exe command line.

As you can see the 'i' switch is supposed to launch the User Interface and the 'x' is supposed to remove the program. I intentionally went for the 'i' switch to be sure the UI would open. If it is not appearing this would suggest that the program is incomplete and therefore may not be able to uninstall itself.

The only other option is to follow the instructions for the Manual Uninstall, we can use some of the Tools I have to hand for the Registry work, but not all of it.

Is there any chance that you can re-install this program so it becomes complete again as that will save a lot of time doing the Manual method, it would have to be the same version as you already have. With the program complete again it should uninstall using the instructions that we have just tried.

If we have to go for the Manual method please stick with my guidance or we will end up in a mess, I'll wait to hear what you want to do.


----------



## mathew206 (Aug 7, 2012)

Thanks for the references, I have not yet run msiexec after reenabling McAfee services. Would you like me to try that again first? 

I unfortunately cannot get mcafee again as it was from school, which made it mandatory to download and use if we were to use their network. I suppose if it does not work again, we will be stuck with the manual method. If we go down that route, I will definitely not deviate from your guidance. I know what a pita registries can be. 

Let me know about trying to run msiexec one more time.

I was also thinking, with REVO uninstaller, what if we gave the above path to the force uninstall? Do you think that might work?


----------



## Mark1956 (May 7, 2011)

Yes, give the msiexec one more try with the 'i' switch.

If that does not bring up the UI then we may as well try it with the 'x' switch as we have nothing to loose.

I think even if we use Nero it may not work as Nero needs to find the programs uninstall package. If the msiexec command does not work then Revo is also likely to fail.

There is however one other option to consider. You have restore points that (you will have to confirm this) go back to your first attempt to remove the program. If we use System Restore back to that time before the program was touched it may uninstall ok. All we will have to repeat is the Malware removal and we know exactly what we are looking for. 

That would be a gamble but could save a lot of work.


----------



## mathew206 (Aug 7, 2012)

Also, I was under the impression that the switch at the end is what changed the options? Right now we utilized /q which I thought was the quiet switch (I do see the /i right after the misexec as well)

msiexec /i {147BCE03-C0F1-4C9F-8157-6A89B6D2D973} REMOVE=All REBOOT=R */q*

Not trying to undermine you in anyway, just trying to understand.  If I start asking too many questions, feel free to let me know. Thanks Mark.


----------



## mathew206 (Aug 7, 2012)

And I probably do have restore points that go way back before any of the work we did, and any of the work I have tried with other forums as well. However, MCAFEE used to work hand in hand with another program called Cisco NAC agent. I'm not really sure what they did, but That program was uninstalled via the remove programs with windows. Do I want to go that far?


----------



## mathew206 (Aug 7, 2012)

Okay so this is the command I did:

msiexec /i {147BCE03-C0F1-4C9F-8157-6A89B6D2D973} REMOVE=All REBOOT=R /i

And this window popped open. However, there's only an "ok" button at the bottom.

Windows ® Installer. V 5.0.7601.17514

msiexec /Option <Required Parameter> [Optional Parameter]

Install Options
</package | /i> <Product.msi>
Installs or configures a product
/a <Product.msi>
Administrative install - Installs a product on the network
/j<u|m> <Product.msi> [/t <Transform List>] [/g <Language ID>]
Advertises a product - m to all users, u to current user
</uninstall | /x> <Product.msi | ProductCode>
Uninstalls the product
Display Options
/quiet
Quiet mode, no user interaction
/passive
Unattended mode - progress bar only
/q[n|b|r|f]
Sets user interface level
n - No UI
b - Basic UI
r - Reduced UI
f - Full UI (default)
/help
Help information
Restart Options
/norestart
Do not restart after the installation is complete
/promptrestart
Prompts the user for restart if necessary
/forcerestart
Always restart the computer after installation
Logging Options
/l[i|w|e|a|r|u|c|m|o|p|v|x|+|!|*] <LogFile>
i - Status messages
w - Nonfatal warnings
e - All error messages
a - Start up of actions
r - Action-specific records
u - User requests
c - Initial UI parameters
m - Out-of-memory or fatal exit information
o - Out-of-disk-space messages
p - Terminal properties
v - Verbose output
x - Extra debugging information
+ - Append to existing log file
! - Flush each line to the log
* - Log all information, except for v and x options
/log <LogFile>
Equivalent of /l* <LogFile>
Update Options
/update <Update1.msp>[;Update2.msp]
Applies update(s)
/uninstall <PatchCodeGuid>[;Update2.msp] /package <Product.msi | ProductCode>
Remove update(s) for a product
Repair Options
/f[p|e|c|m|s|o|d|a|u|v] <Product.msi | ProductCode>
Repairs a product
p - only if file is missing
o - if file is missing or an older version is installed (default)
e - if file is missing or an equal or older version is installed
d - if file is missing or a different version is installed
c - if file is missing or checksum does not match the calculated value
a - forces all files to be reinstalled
u - all required user-specific registry entries (default)
m - all required computer-specific registry entries (default)
s - all existing shortcuts (default)
v - runs from source and recaches local package
Setting Public Properties
[PROPERTY=PropertyValue]

Consult the Windows ® Installer SDK for additional documentation on the
command line syntax.

Copyright © Microsoft Corporation. All rights reserved.
Portions of this software are based in part on the work of the Independent JPEG Group.


----------



## Mark1956 (May 7, 2011)

The switches used are to control the way msiexec behaves and are written immediately after the process. msiexec.exe is a Windows Installer and is not part of the McAfee program, there are many more switches for this process that the guide does not mention.

If we are going down the road of System Restore I think we may as well go all the way back to before Cisco NAC Agent was uninstalled.

There is a distinct possibility that the infection damaged McAfee as they can target security software. As soon the Restore is done we need to immediately remove the infection which is highly likely to still be there.


----------



## mathew206 (Aug 7, 2012)

Okay sounds good, so is the above windows somewhat useless to us?


----------



## Mark1956 (May 7, 2011)

We jumped posts, please read my last one.

You have entered the command with an edited switch on the end, this needs to be *q.*

What you are seeing is all the information about the msiexec command.


----------



## mathew206 (Aug 7, 2012)

Okay, then I am ready to do a system restore as the attempt to run that command still has had no effect. I will run a system restore to a point where NAC agent is still present on my computer. What is the game plan after that? Shall I put immediately in sleep mode and wait for you? I typically leave networking off when working with the infected machine.


----------



## Mark1956 (May 7, 2011)

Ok, as soon as you have completed the System Restore, run RogueKiller and delete everything it finds, then follow it with Combofix and post both the logs.

I'm not 100% sure that both of those programs will still be there after the restore so download them again if need be following the original instructions on page 1 of this thread.


----------



## mathew206 (Aug 7, 2012)

Apparently my oldest system restore does not have NAC agent. :/ Shall I still go back to try a point in which McAfee was still running? (prior to our attempt at deleting it?


----------



## Mark1956 (May 7, 2011)

Yes.


----------



## mathew206 (Aug 7, 2012)

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: ChoysToy [Admin rights]
Mode: Remove -- Date: 08/22/2012 20:31:41

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HITACHI HTS545050B9A300 +++++
--- User ---
[MBR] a9b701eb7dd85cbeca9ebb098e6f2a3a
[BSP] 86d84489c985e4e60089373306b3b6b9 : Lenovo tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt


----------



## mathew206 (Aug 7, 2012)

running combofix atm, shall I reboot when done?


----------



## mathew206 (Aug 7, 2012)

ComboFix 12-08-22.03 - ChoysToy 08/22/2012 20:49:01.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3933.2026 [GMT -7:00]
Running from: c:\users\ChoysToy\Downloads\ComboFix.exe
AV: Norton Business Suite *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Business Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Business Suite *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 )))))))))))))))))))))))))))))))
.
.
2012-08-20 22:04 . 2012-08-21 20:42 -------- d-----w- c:\program files (x86)\ERUNT
2012-08-19 22:30 . 2012-08-19 22:30 -------- d-----w- c:\program files\VS Revo Group
2012-08-18 16:02 . 2012-08-18 16:02 -------- d-----w- c:\program files (x86)\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 22:40 . 2012-07-13 22:40 116016 ----a-w- c:\windows\system32\drivers\24097668.sys
2012-07-12 03:06 . 2012-07-12 03:06 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-07-12 01:48 . 2012-04-12 00:58 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 01:48 . 2011-06-02 18:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 18:31 . 2010-03-28 20:35 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-11 18:37 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 16:03 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 16:04 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 16:04 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 16:03 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 16:04 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 16:04 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 16:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-27 06:20 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-27 06:21 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-27 06:21 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-27 06:21 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-27 06:20 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-27 06:20 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-27 06:21 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-27 06:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-27 06:20 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:49 . 2012-07-11 18:30 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 18:30 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 18:30 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 18:30 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 18:30 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 18:30 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 18:30 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 18:30 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 18:30 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 18:30 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 18:30 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 18:30 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 18:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 18:30 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 18:30 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 18:30 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 18:30 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 18:30 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 18:30 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 16:03 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 16:03 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 16:03 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 16:03 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 16:03 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 16:03 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 16:03 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 16:03 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 16:03 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( [email protected]_04.27.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-19 05:08 . 2012-08-23 04:14 58686 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-23 04:14 56574 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-27 03:52 . 2012-08-23 04:14 15726 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1784883445-1032603892-293820194-1003_UserData.bin
- 2010-03-23 20:45 . 2012-07-12 22:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-23 20:45 . 2012-08-23 03:22 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-23 20:45 . 2012-08-23 03:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-23 20:45 . 2012-07-12 22:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-12 22:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-23 03:22 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-23 04:14 . 2012-07-23 04:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-23 04:11 . 2012-08-23 04:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-23 04:11 . 2012-08-23 04:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-23 04:14 . 2012-07-23 04:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-08-23 03:12 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-22 07:50 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-30 15:23 . 2012-08-20 15:31 323252 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-03-23 18:02 . 2012-08-23 02:34 517018 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-22 05:54 683588 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-16 20:16 683588 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-22 05:54 128518 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-16 20:16 128518 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:46 . 2012-08-23 03:17 111312 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-07-23 03:59 429176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-23 04:09 429176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-08-23 03:12 2080768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-22 07:50 2080768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-22 07:50 3997696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-23 03:12 3997696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:45 . 2012-07-11 21:53 7569530 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-08-23 03:16 7569530 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-02-19 05:48 . 2012-08-23 04:10 3427328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-08 21:16 . 2012-08-23 04:09 7155960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1784883445-1032603892-293820194-1003-8192.dat
+ 2011-04-15 20:06 . 2012-08-23 04:10 4001190 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1784883445-1032603892-293820194-1003-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskScheduler"="c:\prowin11\32bit\TaskSch.exe" [2012-05-28 443992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2009-12-10 1092968]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-30 124240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 136176]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-05 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-08-05 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-08-05 166384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-04-30 76696]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-08 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2009-12-10 75112]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-05 313840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-05 1124848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-19 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-07 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2011-11-24 1092728]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-06-29 23592]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-07-11 1161376]
S1 ccSet_N360;Norton Business Suite Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-04 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120718.001\IDSvia64.sys [2012-07-11 509088]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-12 57976]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2011-11-17 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2011-11-17 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 DDNIMSGService;DDNIMSGService;c:\program files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2010-07-20 171872]
S2 DDNIService;DDNIService;c:\program files (x86)\DDNI\DIBS\DDNIService.exe [2010-07-23 163680]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-04-30 19720]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-04-30 78992]
S2 N360;Norton Business Suite;c:\program files (x86)\Norton Business Suite\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-06-18 161024]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-07-12 138912]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 143320]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-03 15360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 01:48]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 04:51]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 04:51]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1784883445-1032603892-293820194-1003Core.job
- c:\users\ChoysToy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-08 06:29]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1784883445-1032603892-293820194-1003UA.job
- c:\users\ChoysToy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-08 06:29]
.
2012-05-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:44]
.
2012-07-19 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-10 7968800]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"TpShocks"="TpShocks.exe" [2009-07-09 380704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-11 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.11.28.10
FF - ProfilePath - c:\users\ChoysToy\AppData\Roaming\Mozilla\Firefox\Profiles\nfiidqxa.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Business Suite\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Business Suite\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe
c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\program files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Completion time: 2012-08-22 21:38:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-23 04:38
ComboFix2.txt 2012-08-19 19:07
ComboFix3.txt 2012-08-16 21:08
ComboFix4.txt 2012-07-23 04:32
.
Pre-Run: 342,498,844,672 bytes free
Post-Run: 341,769,035,776 bytes free
.
- - End Of File - - 01A83F059D26C0E2E36FDA9CEF5C06EF


----------



## Mark1956 (May 7, 2011)

Both those scans have come up clean, now do a scan with Eset and post the log.


----------



## mathew206 (Aug 7, 2012)

Great, my cpu restarted itself for adobe updates. Is there a way to view the latest log for ESET? I know it had 3 detections when I want to sleep.


----------



## mathew206 (Aug 7, 2012)

nevermind found it. Here is the log:


[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=32264749be6b9444b8d289e30763357b
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-18 07:13:20
# local_time=2012-08-18 12:13:20 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3589 16777213 80 71 2416152 95882286 0 0
# compatibility_mode=5893 16776574 100 94 42732342 96849640 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=230426
# found=3
# cleaned=0
# scan_time=11011
C:\Qoobox\Quarantine\C\Windows\Installer\{9867ed17-947a-e440-13f8-372d5a958ab1}\U\[email protected] Win64/Sirefef.AN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\ChoysToy\AppData\Local\CDDB\ktkakedt.dll a variant of Win32/Kryptik.AIFZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\ChoysToy\Downloads\cnet2_BullzipPDFPrinter_4_0_0_463_zip.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=414ffc02221d4f4faba944f7976c312a
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-23 08:07:10
# local_time=2012-08-23 01:07:10 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3589 16777213 80 71 2810264 96276398 0 0
# compatibility_mode=5893 16776574 100 94 43126454 97243752 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=230465
# found=3
# cleaned=0
# scan_time=8930
C:\Qoobox\Quarantine\C\Windows\Installer\{9867ed17-947a-e440-13f8-372d5a958ab1}\U\[email protected] Win64/Sirefef.AN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\ChoysToy\AppData\Local\CDDB\ktkakedt.dll a variant of Win32/Kryptik.AIFZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\ChoysToy\Downloads\cnet2_BullzipPDFPrinter_4_0_0_463_zip.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I


----------



## mathew206 (Aug 7, 2012)

I'm assuming we'll be doing the same thing as before? They are all the same viruses. Waiting for your command.


----------



## Mark1956 (May 7, 2011)

Yes, go ahead and delete them as previously directed.

EDIT that, the log is from 5 days ago, see if you can find the new one.


----------



## Mark1956 (May 7, 2011)

If you cannot find todays log please run it again just to play safe.


----------



## mathew206 (Aug 7, 2012)

Yet it says last modified 8/23/12 at 1:03 am. So weird. I'll run the scan again.


----------



## mathew206 (Aug 7, 2012)

C:\$RECYCLE.BIN\S-1-5-21-1784883445-1032603892-293820194-1003\$R1ZK3SZ.exe a variant of Win32/InstallCore.D application
C:\$RECYCLE.BIN\S-1-5-21-1784883445-1032603892-293820194-1003\$RW2QRFZ.dll a variant of Win32/Kryptik.AIFZ trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{9867ed17-947a-e440-13f8-372d5a958ab1}\U\[email protected] Win64/Sirefef.AN trojan

I forgot to restore the files before rescanning. I deleted the files prior to seeing the second post. I also didn't use windows explorer to delete them. Shall I restore and then REdelete them using windows explorer?


----------



## Mark1956 (May 7, 2011)

Those last three detections you have posted are all safe, one is in Quarantine and the other two are in the Recycle bin, just empty the recycle bin.

Just before we move on I think a scan with Combofix would be a wise precaution, post the log when done and wait for my response.


----------



## mathew206 (Aug 7, 2012)

ComboFix 12-08-22.03 - ChoysToy 08/23/2012 15:13:13.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3933.2565 [GMT -7:00]
Running from: c:\users\ChoysToy\Downloads\ComboFix.exe
AV: Norton Business Suite *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Business Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Business Suite *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\_desktop.ini
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\BIN\_desktop.ini
c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 )))))))))))))))))))))))))))))))
.
.
2012-08-23 22:28 . 2012-08-23 22:28 -------- d-----w- c:\users\Xiao Rui\AppData\Local\temp
2012-08-23 22:28 . 2012-08-23 22:28 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-08-23 22:28 . 2012-08-23 22:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-23 22:28 . 2012-08-23 22:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-23 15:54 . 2012-08-23 15:53 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-23 10:09 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-23 03:25 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-23 03:25 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-23 03:25 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-23 03:25 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-23 03:25 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-23 03:25 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-23 03:24 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-23 03:24 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-23 03:24 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-23 03:24 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-23 03:24 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-23 03:23 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-20 22:04 . 2012-08-21 20:42 -------- d-----w- c:\program files (x86)\ERUNT
2012-08-19 22:30 . 2012-08-19 22:30 -------- d-----w- c:\users\ChoysToy\AppData\Local\VS Revo Group
2012-08-19 22:30 . 2012-08-19 22:30 -------- d-----w- c:\program files\VS Revo Group
2012-08-18 16:02 . 2012-08-18 16:02 -------- d-----w- c:\program files (x86)\ESET
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-23 15:53 . 2010-04-24 00:52 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-23 10:01 . 2010-03-28 20:35 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-23 05:48 . 2012-04-12 00:58 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-23 05:48 . 2011-06-02 18:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 22:40 . 2012-07-13 22:40 116016 ----a-w- c:\windows\system32\drivers\24097668.sys
2012-07-12 03:06 . 2012-07-12 03:06 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-09 05:43 . 2012-07-11 16:03 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 15:49 . 2012-06-06 15:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 16:04 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 16:04 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 16:03 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 16:04 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 16:04 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 16:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-27 06:20 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-27 06:21 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-27 06:21 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-27 06:21 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-27 06:20 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-27 06:20 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-27 06:21 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-27 06:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-27 06:20 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:50 . 2012-07-11 16:03 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 16:03 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 16:03 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 16:03 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 16:03 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 16:03 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 16:03 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 16:03 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 16:03 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( [email protected]_04.27.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-23 03:24 . 2012-07-04 21:16 57344 c:\windows\SysWOW64\netapi32.dll
- 2012-07-11 18:30 . 2012-06-02 08:17 73216 c:\windows\SysWOW64\mshtmled.dll
+ 2012-08-23 10:06 . 2012-06-29 00:01 73216 c:\windows\SysWOW64\mshtmled.dll
- 2012-07-11 18:30 . 2012-06-02 08:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-08-23 10:06 . 2012-06-29 00:06 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-08-23 10:06 . 2012-06-29 00:06 65024 c:\windows\SysWOW64\jsproxy.dll
- 2012-07-11 18:30 . 2012-06-02 08:21 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2010-02-19 05:08 . 2012-08-23 04:43 59072 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-23 22:00 56814 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-27 03:52 . 2012-08-23 22:00 15734 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1784883445-1032603892-293820194-1003_UserData.bin
- 2012-07-11 18:30 . 2012-06-02 11:57 96768 c:\windows\system32\mshtmled.dll
+ 2012-08-23 10:06 . 2012-06-29 03:40 96768 c:\windows\system32\mshtmled.dll
+ 2012-08-23 10:06 . 2012-06-29 03:46 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-07-11 18:30 . 2012-06-02 12:03 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-08-23 10:06 . 2012-06-29 03:45 85504 c:\windows\system32\jsproxy.dll
- 2012-07-11 18:30 . 2012-06-02 12:03 85504 c:\windows\system32\jsproxy.dll
+ 2009-07-14 05:30 . 2012-08-23 10:25 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-06-27 06:24 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-07-13 16:08 . 2011-04-28 03:54 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\BTHUSB.SYS
+ 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthenum.sys
- 2010-03-23 20:45 . 2012-07-12 22:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-23 20:45 . 2012-08-23 09:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-23 20:45 . 2012-07-12 22:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-23 20:45 . 2012-08-23 09:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-23 09:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-12 22:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-25 08:23 . 2012-08-23 10:08 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-07-25 08:23 . 2012-07-11 18:35 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-07-25 08:23 . 2012-08-23 10:08 43608 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2010-07-25 08:23 . 2012-08-23 10:08 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-07-25 08:23 . 2012-07-11 18:35 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-08-23 21:57 . 2012-08-23 21:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-23 04:14 . 2012-07-23 04:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-23 21:57 . 2012-08-23 21:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-23 04:14 . 2012-07-23 04:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-11 18:30 . 2012-06-02 08:23 231936 c:\windows\SysWOW64\url.dll
+ 2012-08-23 10:06 . 2012-06-29 00:07 231936 c:\windows\SysWOW64\url.dll
+ 2012-08-23 05:48 . 2012-08-23 05:48 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe
+ 2012-08-23 05:17 . 2012-08-23 05:17 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
+ 2012-08-23 05:17 . 2012-08-23 05:17 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll
- 2012-04-12 00:58 . 2012-07-12 01:48 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-12 00:58 . 2012-08-23 05:48 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-08-23 10:06 . 2012-06-29 00:04 717824 c:\windows\SysWOW64\jscript.dll
+ 2012-08-23 15:54 . 2012-08-23 15:53 157680 c:\windows\SysWOW64\javaws.exe
+ 2012-08-23 15:54 . 2012-08-23 15:53 149488 c:\windows\SysWOW64\javaw.exe
+ 2012-08-23 15:54 . 2012-08-23 15:53 149488 c:\windows\SysWOW64\java.exe
+ 2012-08-23 10:06 . 2012-06-29 00:04 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2012-07-11 18:30 . 2012-06-02 08:20 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-08-23 10:06 . 2012-06-28 23:57 176640 c:\windows\SysWOW64\ieui.dll
- 2012-07-11 18:30 . 2012-06-02 08:14 176640 c:\windows\SysWOW64\ieui.dll
- 2009-07-14 04:54 . 2012-07-22 07:50 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-23 15:57 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-30 15:23 . 2012-08-20 15:31 323252 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-03-23 18:02 . 2012-08-23 17:29 517266 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2012-07-11 18:30 . 2012-06-02 12:04 237056 c:\windows\system32\url.dll
+ 2012-08-23 10:06 . 2012-06-29 03:47 237056 c:\windows\system32\url.dll
- 2009-07-14 02:36 . 2012-07-22 05:54 683588 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-23 10:33 683588 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-22 05:54 128518 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-23 10:33 128518 c:\windows\system32\perfc009.dat
+ 2012-08-23 05:48 . 2012-08-23 05:48 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_Plugin.exe
+ 2012-08-23 05:17 . 2012-08-23 05:17 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.exe
+ 2012-08-23 05:17 . 2012-08-23 05:17 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.dll
+ 2012-08-23 10:06 . 2012-06-29 03:44 816640 c:\windows\system32\jscript.dll
- 2012-07-11 18:30 . 2012-06-02 12:01 173056 c:\windows\system32\ieUnatt.exe
+ 2012-08-23 10:06 . 2012-06-29 03:43 173056 c:\windows\system32\ieUnatt.exe
- 2012-07-11 18:30 . 2012-06-02 11:54 248320 c:\windows\system32\ieui.dll
+ 2012-08-23 10:06 . 2012-06-29 03:35 248320 c:\windows\system32\ieui.dll
+ 2009-07-14 04:45 . 2012-08-23 10:27 460712 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-07-11 21:49 460712 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:30 . 2012-06-27 06:24 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-08-23 10:25 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-06-27 06:24 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-08-23 10:25 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-04-05 19:20 . 2010-11-20 13:24 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\fsquirt.exe
+ 2012-08-23 10:09 . 2012-07-06 20:07 552960 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthport.sys
- 2009-07-14 05:31 . 2011-07-15 12:40 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2009-07-14 05:31 . 2012-08-23 10:25 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2009-07-14 04:46 . 2012-08-23 16:04 111520 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2012-08-23 21:56 429944 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-04 14:59 . 2012-07-04 14:59 261120 c:\windows\Installer\129bbda.msp
- 2010-07-25 08:23 . 2012-07-11 18:35 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-07-25 08:23 . 2012-08-23 10:08 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2010-07-25 08:23 . 2012-07-11 18:35 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-07-25 08:23 . 2012-08-23 10:08 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-07-25 08:23 . 2012-08-23 10:08 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2010-07-25 08:23 . 2012-07-11 18:35 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2010-07-25 08:23 . 2012-08-23 10:08 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe
- 2010-07-25 08:23 . 2012-07-11 18:35 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe
- 2010-07-25 08:23 . 2012-07-11 18:35 470616 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-07-25 08:23 . 2012-08-23 10:08 470616 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2010-07-25 08:23 . 2012-07-11 18:35 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2010-07-25 08:23 . 2012-08-23 10:08 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2012-08-23 10:09 . 2012-08-23 10:09 135168 c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2012-04-12 13:43 . 2012-04-12 13:43 135168 c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-04-22 21:26 . 2011-04-22 21:26 688128 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\JP2KLib.dll
+ 2009-01-19 00:00 . 2009-01-19 00:00 598016 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AXSLE.dll
+ 2012-01-03 07:37 . 2012-01-03 07:37 320456 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\adobearmhelper.exe
+ 2012-01-03 07:37 . 2012-01-03 07:37 843712 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\adobearm.exe
+ 2011-01-07 17:38 . 2011-01-07 17:38 121208 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\MSCONV97.DLL
- 2012-07-11 18:30 . 2012-06-02 08:25 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-08-23 10:06 . 2012-06-29 00:09 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-08-23 10:06 . 2012-06-29 00:09 1103872 c:\windows\SysWOW64\urlmon.dll
- 2012-07-11 18:30 . 2012-06-02 08:26 1103872 c:\windows\SysWOW64\urlmon.dll
+ 2012-08-23 05:48 . 2012-08-23 05:48 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
+ 2012-08-23 05:48 . 2012-08-23 05:48 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
+ 2012-08-23 10:06 . 2012-06-29 00:16 1800704 c:\windows\SysWOW64\jscript9.dll
- 2012-07-11 18:30 . 2012-06-02 08:19 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-08-23 10:06 . 2012-06-29 00:01 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-08-23 10:06 . 2012-06-29 00:27 9737728 c:\windows\SysWOW64\ieframe.dll
- 2012-07-11 18:30 . 2012-06-02 08:43 9737728 c:\windows\SysWOW64\ieframe.dll
- 2009-07-14 04:54 . 2012-07-22 07:50 2080768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-23 15:57 2080768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-22 07:50 3997696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-23 15:57 3997696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-23 10:06 . 2012-06-29 03:49 1392128 c:\windows\system32\wininet.dll
- 2012-07-11 18:30 . 2012-06-02 12:05 1392128 c:\windows\system32\wininet.dll
- 2012-07-11 18:30 . 2012-06-02 12:05 1346048 c:\windows\system32\urlmon.dll
+ 2012-08-23 10:06 . 2012-06-29 03:49 1346048 c:\windows\system32\urlmon.dll
+ 2012-08-23 10:06 . 2012-06-29 03:56 2312704 c:\windows\system32\jscript9.dll
- 2012-07-11 18:30 . 2012-06-02 11:59 2144768 c:\windows\system32\iertutil.dll
+ 2012-08-23 10:06 . 2012-06-29 03:42 2144768 c:\windows\system32\iertutil.dll
+ 2009-07-14 04:45 . 2012-08-23 10:30 7569530 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-07-11 21:53 7569530 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-02-19 05:48 . 2012-08-23 21:56 3681808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-08 21:16 . 2012-08-23 21:56 7155960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1784883445-1032603892-293820194-1003-8192.dat
+ 2011-04-15 20:06 . 2012-08-23 04:10 4001190 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1784883445-1032603892-293820194-1003-12288.dat
+ 2012-08-07 21:42 . 2012-08-07 21:42 7937024 c:\windows\Installer\21fd57.msi
+ 2012-07-19 09:45 . 2012-07-19 09:45 3464704 c:\windows\Installer\129bc60.msp
+ 2012-07-04 15:04 . 2012-07-04 15:04 1292288 c:\windows\Installer\129bc4a.msp
+ 2012-07-04 15:12 . 2012-07-04 15:12 4772352 c:\windows\Installer\129bc40.msp
+ 2012-07-04 15:09 . 2012-07-04 15:09 1284096 c:\windows\Installer\129bc28.msp
+ 2012-07-04 15:01 . 2012-07-04 15:01 9082368 c:\windows\Installer\129bc11.msp
+ 2012-07-04 14:58 . 2012-07-04 14:58 6163456 c:\windows\Installer\129bbf2.msp
+ 2012-07-31 16:18 . 2012-07-31 16:18 5018624 c:\windows\Installer\12555a6.msp
- 2010-07-25 08:23 . 2012-07-11 18:35 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-07-25 08:23 . 2012-08-23 10:08 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-07-25 08:23 . 2012-07-11 18:35 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-07-25 08:23 . 2012-08-23 10:08 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-07-25 08:23 . 2012-08-23 10:08 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2010-07-25 08:23 . 2012-07-11 18:35 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-07-25 08:23 . 2012-08-23 10:08 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2010-07-25 08:23 . 2012-07-11 18:35 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-01-31 05:16 . 2011-01-31 05:16 5713408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AGM.dll
+ 2012-08-23 10:06 . 2012-06-29 00:52 12317184 c:\windows\SysWOW64\mshtml.dll
- 2009-07-14 02:34 . 2012-07-11 21:48 11272192 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-08-23 10:25 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-08-23 10:06 . 2012-06-29 04:55 17809920 c:\windows\system32\mshtml.dll
+ 2012-08-23 05:48 . 2012-08-23 05:48 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll
+ 2012-08-23 10:06 . 2012-06-29 04:09 10925568 c:\windows\system32\ieframe.dll
+ 2012-07-17 17:17 . 2012-07-17 17:17 22363136 c:\windows\Installer\129bc6c.msp
+ 2012-08-23 15:51 . 2012-08-23 15:51 12958720 c:\windows\Installer\125581e.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskScheduler"="c:\prowin11\32bit\TaskSch.exe" [2012-05-28 443992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2009-12-10 1092968]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-30 124240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 136176]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-05 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-08-05 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-08-05 166384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-04-30 76696]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-08 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2009-12-10 75112]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-05 313840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-05 1124848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-19 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-07 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2011-11-24 1092728]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-06-29 23592]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-07-11 1161376]
S1 ccSet_N360;Norton Business Suite Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-04 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120718.001\IDSvia64.sys [2012-07-11 509088]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-12 57976]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2011-11-17 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2011-11-17 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 DDNIMSGService;DDNIMSGService;c:\program files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2010-07-20 171872]
S2 DDNIService;DDNIService;c:\program files (x86)\DDNI\DIBS\DDNIService.exe [2010-07-23 163680]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-04-30 19720]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-04-30 78992]
S2 N360;Norton Business Suite;c:\program files (x86)\Norton Business Suite\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-06-18 161024]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-07-12 138912]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 143320]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-03 15360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 05:48]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 04:51]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 04:51]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1784883445-1032603892-293820194-1003Core.job
- c:\users\ChoysToy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-08 06:29]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1784883445-1032603892-293820194-1003UA.job
- c:\users\ChoysToy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-08 06:29]
.
2012-05-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:44]
.
2012-08-23 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-10 7968800]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"TpShocks"="TpShocks.exe" [2009-07-09 380704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-11 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\ChoysToy\AppData\Roaming\Mozilla\Firefox\Profiles\nfiidqxa.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Business Suite\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Business Suite\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-23 15:33:47
ComboFix-quarantined-files.txt 2012-08-23 22:33
ComboFix2.txt 2012-08-23 04:38
ComboFix3.txt 2012-08-19 19:07
ComboFix4.txt 2012-08-16 21:08
ComboFix5.txt 2012-08-23 22:11
.
Pre-Run: 340,611,223,552 bytes free
Post-Run: 340,285,788,160 bytes free
.
- - End Of File - - 78BBBCE99CD7CE7CA9F885BA27C8F36E


----------



## Mark1956 (May 7, 2011)

It looks like we have a clean start. Please create a new Restore point and check that the McAfee application is fully functional.


----------



## mathew206 (Aug 7, 2012)

Restore point set. Mcafee appears to be working, but the interface seems a bit corrupted ? perhaps by virus? 

Every word pretty much starts with IDS, and spaces are shown with _. For example, IDS_MENU_TASK: that's how most menu items look like. However, it appears to scan, and the services are still actively running when viewed from windows task manager.


----------



## Mark1956 (May 7, 2011)

Ok, lets have a go at this:

Hit the *Windows* and* R* key together and paste the line below into the box and hit OK.

*frminst.exe /remove=agent*

Then go into Programs and Features and see if McAfee Agent will uninstall.


----------



## mathew206 (Aug 7, 2012)

When copied and pasted, it says

"Windows cannot find 'frminst.exe'. Make sure you typed the name correctly, and then try again.

I think this is the same window that came up when I first tried it, which is why I resorted to using the entire path. I will wait for your instructions.


----------



## Mark1956 (May 7, 2011)

Ok, lets see if we can find that file, it is part of the McAfee Agent so should be there.

If SystemLook is still on your system then there is no need to download it again, just copy the contents of the code box as instructed.

Please download *SystemLook* for your operating system from one of the links below and save it to your Desktop.

*Link 1: SystemLook (32-bit)*
Link 2: SystemLook (32-bit)
*Link 1: SystemLook (64-bit)*
Link 2: SystemLook (64-bit)

Double-click *SystemLook.exe* to run it.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
Copy and paste everything in the codebox below into the main textfield:

```
:filefind
[B]frminst.exe[/B]
```

Click the Look button to start the scan.
When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
Please copy and paste the contents of that log in your next reply.


----------



## mathew206 (Aug 7, 2012)

SystemLook 30.07.11 by jpshortstuff
Log created at 10:15 on 25/08/2012 by ChoysToy
Administrator - Elevation successful

========== filefind ==========

Searching for "frminst.exe"
C:\Program Files (x86)\McAfee\Common Framework\FrmInst.exe --a---- 303104 bytes [17:44 12/08/2008] [17:44 12/08/2008] 9CDD62FF625905FDB9A9A8E7F16C22CE

-= EOF =-


----------



## Mark1956 (May 7, 2011)

Ok, try running it with the entire path so it looks like this:

*C:\Program Files (x86)\McAfee\Common Framework\frminst.exe /remove=agent*


----------



## mathew206 (Aug 7, 2012)

It completed successfully that way. I will try to uninstall now via programs and features.


----------



## mathew206 (Aug 7, 2012)

It did not work. It gave the same error of being in use by other programs. Shall I try to disable the services via task manager?


----------



## Mark1956 (May 7, 2011)

Try this:

Click start and type CMD into the box, right click on CMD in the pop up menu and select Run as Administrator.

Now paste in *cd C:\Program Files (x86)\McAfee\Common Framework* and hit Enter.

Now paste in *frminst.exe /forceuninstall *and hit Enter.


----------



## Mark1956 (May 7, 2011)

Also you can try the instructions here to Disable the access protection feature.

https://kc.mcafee.com/corporate/index?page=content&id=KB65863

The more I search the more instructions I find, crazy.


----------



## mathew206 (Aug 7, 2012)

I know what you mean! Just for your reference I have McAfee enterprise 8.7i. So I don't know if the un-installation procedures are the same? 

So I ran the force install in CMD, and it said that Mcafee was successful? I'm not sure what to do at the moment.


----------



## Mark1956 (May 7, 2011)

Those instructions appear to relate to your version:


> VSE 8.5i and later include an Access Protection feature


Did you follow the instructions to disable the Access Protection?

So, having done the forceuninstall command what can be seen left on the system.

If McAfee Agent is still in the Programs and Features list try a normal uninstall.


----------



## mathew206 (Aug 7, 2012)

Unfortunately, I have tried to follow these directions before. However, my version for some reason does not have Access protection under VirusScan Console. The only options I have are, autoupdate, taskname, quarantine taskname, new scan. 

Also, Everytime I open McAfee now, it wants permission to open, almost like a windows installer. It will ask if I want to give McAfee permission to make changes. Then when I hit okay, it just opens the VirusScan Console. 

In terms of what is left, WHen I look under program files/mcafee/common framework... the folder is now completely empty. There is another folder, Virusscan enterprise, and that is very much still full of files.

Under programs and features, Mcafee agent is no longer there. 

Let me know what I should check next.


----------



## Mark1956 (May 7, 2011)

Ok, what happens if you run this command from the Command Prompt.

msiexec /i {147BCE03-C0F1-4C9F-8157-6A89B6D2D973} REMOVE=All REBOOT=R /q


----------



## mathew206 (Aug 7, 2012)

The run window just disappears, and I cannot seem to figure out what happened.


----------



## Mark1956 (May 7, 2011)

Not too clear on what you mean, did you open a Command Prompt by typing cmd in the search box and then right clicking on it in the pop up menu and selecting Run as Administrator, if not that is what you need to do.


----------



## mathew206 (Aug 7, 2012)

Sorry, I misunderstood that. When I copied and pasted it in Command prompt, it automatically just gives me the prompt again. Do I have to run it under c: alone? Right now it is currently at c:\Uses\ChoysToy.


----------



## Mark1956 (May 7, 2011)

Ok, just to be sure this command is running do this at the Command Prompt, paste in each line and then hit Enter after each one.

*cd C:\Windows\System32*

*msiexec /i {147BCE03-C0F1-4C9F-8157-6A89B6D2D973} REMOVE=All REBOOT=R /q*

If this has the same result then enter this command and hit Enter.

*msiexec /x {147BCE03-C0F1-4C9F-8157-6A89B6D2D973} REMOVE=All REBOOT=R /q*

Then have a look to see if anything has changed with the remaining components of McAfee.


----------



## mathew206 (Aug 7, 2012)

When I entered the commands, I hit enter after pasting each one. It just gave me the c:\windows\system32 prompt again. So I checked under mcafee folders, and all of the files are still there. I did try to open Mcafee and it opened. I then started a scan, and it seemed to run so I stopped it. It appears that mcafee is still functional.


----------



## Mark1956 (May 7, 2011)

What McAfee products are still showing under Programs and Features?


----------



## mathew206 (Aug 7, 2012)

Nothing under programs and features, but Mcafee folder is still present under start, all programs, mcafee


----------



## Mark1956 (May 7, 2011)

Ok, I think we have exhausted all the options and will have to use the Manual Uninstall as detailed here: https://kc.mcafee.com/corporate/index?page=content&id=kb59996

Top priority is to create a new restore point before you start and read through all the instructions, when you feel ready to start then go through it one step at a time, any doubts then please ask and tell me what number you are stuck on.

Take note, these instructions were written for XP so where it says click on Start > Run you should use the Windows + R key to open the Run box.


----------



## mathew206 (Aug 7, 2012)

Okay, I shall start. There are quite a few registry keys. I know when I attempted this in the past, not all of the registries were there. Also, any tips on searching for registry items? I know that I tried to use the find feature before, but the registry was not found. However, when I searched for it manually by going to each folder, I was able to find it. Any tips would be greatly appreciated. I shall update you as I go through. 

Just wondering. Is the reason we are trying so hard to get rid of McAfee because we think it's infected? or because McAfee is heavily targeted by viruses? Thanks Mark!


----------



## Mark1956 (May 7, 2011)

The main reason to get rid of this is so it cannot cause any conflicts with your active Anti Virus. I would also suspect it is quite a bit higher on system resources when active. Even if the program is disabled it can cause issues with other security software.

As you have already experienced the best way to locate registry keys is manually.

Any of the long command lines you need to use are always best to copy and paste.


----------



## Mark1956 (May 7, 2011)

Not heard from you for a couple of days, how's it going?


----------



## mathew206 (Aug 7, 2012)

Hey Mark,

Long and steady. lol! Since we are manually deleting/unsinstalling, it has required much more attention as opposed to the run and check later. I have been slowly deleting a few at a time. I will update you soon. I should be done today.


----------



## Mark1956 (May 7, 2011)

:up:


----------



## mathew206 (Aug 7, 2012)

Sigh, Still working on looking at each registry. Checking the registry for every key on that list is quite time consuming! lol I haven't been able to look through them so much at work like before, but I am still pumping through. Just giving you an update. Thanks for following up with me Mark!


----------



## Mark1956 (May 7, 2011)

You're welcome and thanks for the update.


----------



## mathew206 (Aug 7, 2012)

Hey Mark,

Okay, I just finished through step 8. I searched through ALL of the registry keys listed at the bottom of the page. I only ended up deleting like 3!! for all that work. lol

I do have a problem with step 9. It wants me to add a new dword, but I keep getting an error reading "cannot create value: error writing to the registry." I tried restarting the computer and doing it again. I'm not sure what to do at this point. I will wait for your input. Thank you so much for your patience. I look forward to hearing from you again.


----------



## Mark1956 (May 7, 2011)

That problem is most likely due to permissions. Follow this guide: http://www.mydigitallife.info/grant-read-write-full-control-permissions-on-registry-keys-fix-cannot-import-and-access-denied-error-in-regedit/


----------



## mathew206 (Aug 7, 2012)

Okay, I have overcome that issue. However, I tried the above, and it didn't work. I ended up going to task manager and stopping the related McAfee Services through there. All of the guides say I can open the virus console and disable McAfee from there. As I said before, I couldn't. sooo... I disabled them the other way and I was able to move on. If you think that's an issue, let me know.

I am all the way to step 12 where it asks me to delete more registry keys. I could not find 2 on the list.

CHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}] 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run], ShStatEXE

Do you think that is a problem? If not, I am ready to restart and go to step 13. Thanks., Mark!


----------



## Mark1956 (May 7, 2011)

Sounds like you are doing fine. The number in that first key is the same one used in the msiexec command that failed to work. The fact that it is missing explains why that command did not do what it was supposed to.

Various attempts to uninstall the software would explain why several registry keys are missing and is no surprise.

I would carry on as you are.


----------



## mathew206 (Aug 7, 2012)

Okay, I am on step 13, deleting different files. I cannot delete 

C:\Program Files\McAfee\VirusScan Enterprise

It says the file or file in it is in use. I went to task manager to restop Mcafee Engine, The other service was still stopped. Let me know what you think i should do. The Virusscan enterprise folder still seems pretty full for the most part.


----------



## Mark1956 (May 7, 2011)

See if it will delete in safe mode, if not follow these instructions:

Please download *OTM by OldTimer*. Save it to your desktop. 
Double click *OTM.exe* to start the tool.

*Copy* the text in the code box below to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):

```
:Processes
explorer.exe
:Files
C:\Program Files\McAfee\VirusScan Enterprise
:Commands
[createrestorepoint]
[emptyflash]
[emptytemp]
[resethosts]
[reboot]
```

 Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red *Moveit!* button.
*Copy* everything in the Results window (under the green bar) to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close *OTM*
-- Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes...If not, reboot anyway. After the reboot, open Notepad, click File > Open, in the File Name box type *.log and press the Enter key. Navigate to the C:\_OTM\MovedFiles folder, open the newest .log file (mmddyyyy_hhmmss.log) and copy/paste the contents in your next reply.


----------



## mathew206 (Aug 7, 2012)

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\Program Files\McAfee\VirusScan Enterprise not found.
========== COMMANDS ==========
Error creating restore point.

[EMPTYFLASH]

User: All Users

User: ChoysToy
->Flash cache emptied: 4564 bytes

User: Default

User: Default User

User: Public

User: TEMP

User: Xiao Rui
->Flash cache emptied: 3194 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: ChoysToy
->Temp folder emptied: 278751 bytes
->Temporary Internet Files folder emptied: 1532211 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 93348057 bytes
->Google Chrome cache emptied: 29043850 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes

User: Xiao Rui
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 804 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 112453068 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 69312 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 78378 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 80193331 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes
RecycleBin emptied: 327975662 bytes

Total Files Cleaned = 615.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.21.0 log created on 09042012_152603

Files moved on Reboot...
C:\Users\ChoysToy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


----------



## mathew206 (Aug 7, 2012)

shall i continue? I think I am getting a McAfee error window that pops up everytime I restart the computer.


----------



## Mark1956 (May 7, 2011)

Lets see if Combofix will remove it.

We are now going to run ComboFix a different way.
Open Notepad by clicking on







and in the *Search* box type: *Notepad.exe* and hit *Enter*.
Copy and paste everything in the *code box* below into it.
_-- Note: Make sure Word Wrap is *unchecked* in Notepad by clicking on *Format* in the top menu._

```
KillAll::
 
Folder::
C:\Program Files\McAfee\VirusScan Enterprise
 
Reboot::
```

Save the file as *CFScript.txt* by choosing _Save As..._ in the File Menu, and save it to your Desktop where the ComboFix icon is also located.
Close your browser and* disconnect* from the Internet.
Now use your mouse to *drag*, then *drop* the CFScript.txt file on top of ComboFix.exe as seen in the image below.








This will start ComboFix again and launch the script.
ComboFix may reboot your system when it finishes. This is normal.
A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of *ComboFix.txt* in your next reply.
Be sure to *re-enable* your anti-virus and other security programs *after* the scan is complete.
NOTE: if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.


----------



## mathew206 (Aug 7, 2012)

ComboFix 12-09-04.02 - ChoysToy 09/04/2012 17:15:13.4.2 - x64
Running from: c:\users\ChoysToy\Desktop\ComboFix.exe
Command switches used :: c:\users\ChoysToy\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-08-05 to 2012-09-05 )))))))))))))))))))))))))))))))
.
.
2012-09-05 00:24 . 2012-09-05 00:24 -------- d-----w- c:\users\Xiao Rui\AppData\Local\temp
2012-09-05 00:24 . 2012-09-05 00:24 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-09-05 00:24 . 2012-09-05 00:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-05 00:24 . 2012-09-05 00:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-04 22:26 . 2012-09-04 22:26 -------- d-----w- C:\_OTM
2012-08-23 15:54 . 2012-08-23 15:53 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-23 10:09 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-23 03:25 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-23 03:25 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-23 03:25 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-23 03:25 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-23 03:25 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-23 03:25 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-23 03:24 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-23 03:24 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-23 03:24 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-23 03:24 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-23 03:24 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-23 03:23 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-20 22:04 . 2012-08-21 20:42 -------- d-----w- c:\program files (x86)\ERUNT
2012-08-19 22:30 . 2012-08-19 22:30 -------- d-----w- c:\users\ChoysToy\AppData\Local\VS Revo Group
2012-08-19 22:30 . 2012-08-19 22:30 -------- d-----w- c:\program files\VS Revo Group
2012-08-18 16:02 . 2012-08-18 16:02 -------- d-----w- c:\program files (x86)\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-23 15:53 . 2010-04-24 00:52 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-23 10:01 . 2010-03-28 20:35 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-23 05:48 . 2012-04-12 00:58 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-23 05:48 . 2011-06-02 18:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 22:40 . 2012-07-13 22:40 116016 ----a-w- c:\windows\system32\drivers\24097668.sys
2012-07-12 03:06 . 2012-07-12 03:06 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-09 05:43 . 2012-07-11 16:03 14172672 ----a-w- c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-23_22.28.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-04 22:31 . 2012-09-04 22:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 05:10 . 2012-09-05 00:29 57038 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-27 03:52 . 2012-09-05 00:29 15866 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1784883445-1032603892-293820194-1003_UserData.bin
+ 2010-03-23 20:45 . 2012-08-23 23:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-23 20:45 . 2012-08-23 09:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-23 09:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-23 23:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-09-05 00:25 . 2012-09-05 00:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-23 21:57 . 2012-08-23 21:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-05 00:25 . 2012-09-05 00:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-23 21:57 . 2012-08-23 21:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-09-04 22:30 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-23 15:57 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-23 18:02 . 2012-09-04 23:54 517880 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 04:46 . 2012-08-25 17:16 112032 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2012-09-05 00:24 429944 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-23 21:56 429944 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-09-04 22:30 3997696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-23 15:57 3997696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-19 05:48 . 2012-09-05 00:24 3681808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-02-19 05:48 . 2012-08-23 21:56 3681808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-08 21:16 . 2012-09-05 00:24 7338744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1784883445-1032603892-293820194-1003-8192.dat
- 2011-04-15 20:06 . 2012-08-23 04:10 4001190 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1784883445-1032603892-293820194-1003-12288.dat
+ 2011-04-15 20:06 . 2012-09-04 22:28 4001190 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1784883445-1032603892-293820194-1003-12288.dat
+ 2012-08-17 21:23 . 2012-08-17 21:23 7945216 c:\windows\Installer\8ff56ad.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskScheduler"="c:\prowin11\32bit\TaskSch.exe" [2012-05-28 443992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2009-12-10 1092968]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-30 124240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 136176]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-05 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-08-05 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-08-05 166384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-08 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2009-12-10 75112]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-05 313840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-05 1124848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-19 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-07 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2011-11-24 1092728]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-06-29 23592]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-07-11 1161376]
S1 ccSet_N360;Norton Business Suite Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-04 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120718.001\IDSvia64.sys [2012-07-11 509088]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-12 57976]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2011-11-17 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2011-11-17 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 DDNIMSGService;DDNIMSGService;c:\program files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2010-07-20 171872]
S2 DDNIService;DDNIService;c:\program files (x86)\DDNI\DIBS\DDNIService.exe [2010-07-23 163680]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-04-30 19720]
S2 N360;Norton Business Suite;c:\program files (x86)\Norton Business Suite\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-06-18 161024]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-07-12 138912]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 143320]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-03 15360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 05:48]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 04:51]
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 04:51]
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1784883445-1032603892-293820194-1003Core.job
- c:\users\ChoysToy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-08 06:29]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1784883445-1032603892-293820194-1003UA.job
- c:\users\ChoysToy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-08 06:29]
.
2012-05-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:44]
.
2012-09-04 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-10 7968800]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"TpShocks"="TpShocks.exe" [2009-07-09 380704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-11 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.11.28.10
FF - ProfilePath - c:\users\ChoysToy\AppData\Roaming\Mozilla\Firefox\Profiles\nfiidqxa.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Business Suite\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Business Suite\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
.
**************************************************************************
.
Completion time: 2012-09-04 17:36:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-05 00:36
ComboFix2.txt 2012-08-23 22:33
ComboFix3.txt 2012-08-23 04:38
ComboFix4.txt 2012-08-19 19:07
ComboFix5.txt 2012-09-05 00:12
.
Pre-Run: 341,687,107,584 bytes free
Post-Run: 341,356,621,824 bytes free
.
- - End Of File - - 8298A289E6C8E10DEDA7FC7EEED44A86


----------



## Mark1956 (May 7, 2011)

It does not look like Combofix found that folder either. Can you check and see if it is still there.

It may be a permissions problem, try this: 
Add "Take ownership" to right click menu Once this is done you can simply right click on a file/folder and select Take Ownership from the right click menu. Then try to delete it again.

Did you try to delete the folder in safe mode?


----------



## mathew206 (Aug 7, 2012)

I tried to delete it in safe mode. Computer gave me same error. I tried the take ownership program. Still gave me the same thing...


----------



## Mark1956 (May 7, 2011)

This is a tough nut to crack. I've only one other method left to try and delete that folder. Follow these instructions to run the PC in Selective Startup and then see if the folder will delete.


Click on *Start*







then type *msconfig* into the *Search* box and hit the* Enter* key.
This screen should appear with the settings as shown:










Click on the Services tab and you should see this, click on the box next to *Hide all Microsoft Services* so a check mark appears.










Now click on the General tab and check the boxes as shown:










When done click on *Apply* and then *OK*.
The window will close and you will see a notification with two choices, click on *Restart*.


----------



## mathew206 (Aug 7, 2012)

Okay, so a couple questions.

When I was in the general tab (last pic above), Use original boot configuration was not checked. So I checked it. However, evertime I clicked on apply, load system services automatically checked itself (more like a colored in square). I did this a couple of times, then finally just unchecked load system services and hit ok. I then continued with the restart


----------



## mathew206 (Aug 7, 2012)

Aaannd no dice. It did not work. :X


----------



## Mark1956 (May 7, 2011)

I've thought of something else that may work.

Try renaming the folder if it will let you, reboot and then try to delete it.

Also, open up the folder contents and try and delete everything inside it, if the files won't all delete rename anything left by adding .old to the name, reboot and try deleteing them again. Once the folder is empty it should delete.

If any of the files refuse to go we can use Malwarebytes. Open Mbam and click on the More Tools tab, you should see FileASSASSIN, click on run tool and then locate the files for removal.

If that still fails there are other ways that I have thought of, one method uses an Ubuntu CD, have you got a copy of that or Linux? Never done this myself, but it should be possible to use a CD copy of the OS to boot the PC and then navigate to the folder and delete it that way.

This guide: Ubuntu Live CD to back up files from your dead Windows is for something else, but it will give the link and instructions to download and burn Ubuntu.


----------



## mathew206 (Aug 7, 2012)

I am trying to rename right nos. I do not have ubuntu or linux. I will keep you updated.


----------



## mathew206 (Aug 7, 2012)

*now


----------



## mathew206 (Aug 7, 2012)

I renamed, rebooted, and it worked! woo hoo. Should I keep moving on with the procedure?


----------



## mathew206 (Aug 7, 2012)

Also for step 13, I have one more entry to delete. 

C:\WINDOWS\Installer\{147BCE03-C0F1-4C9F-8157-6A89B6D2D973} 

Is that going to be a problem? I don't even see the installer folder under windows.


----------



## Mark1956 (May 7, 2011)

Follow this and see if you can then find it: Reconfigure Windows to show hidden files and folders


----------



## mathew206 (Aug 7, 2012)

I was able to find the installer folder, but that file was not to be found.


----------



## Mark1956 (May 7, 2011)

Ok, it must have already gone, continue with the rest of the instructions.


----------



## mathew206 (Aug 7, 2012)

Okay. I am on step 14. It asks me to find .msi files, right click -> properties, then summary tab. I cannot find a summary tab? The closest thing is maybe looking under details and seeing what the program name is?


----------



## Mark1956 (May 7, 2011)

The Summary tab has been removed for Vista and Win 7, it was only available in XP.

I shall have to get back to you on this as I am a bit short on time this morning.

Google may have the answer by searching for 'file associations in Windows 7' or something similar.


----------



## mathew206 (Aug 7, 2012)

I tried to look for file associations via google, but I only found articles on how to the right program for certain files. What I have been doing in the meantime, has been right clicking the .msi file, going to properties, then clicking on the Details tab. It normally gives the program name and a little other information. Some say Windows Installer XML, and some have read InstallShield 10.5 Professional Edition, and a couple other types of Windows Installers. I have not find any with a virusscan description yet. Do you think I am looking in the right area? I have right clicked quite a few files already...


----------



## Mark1956 (May 7, 2011)

Sounds like you are doing fine. I should point out that leaving a few stray registry keys in the system is of little concern, in fact you could have 100's of them and it would have no noticeable effect on the systems performance. A few stray files will also do no harm.

I'm just reposting this link so I don't have to keep looking back through the thread to find it for reference: https://kc.mcafee.com/corporate/index?page=content&id=kb59996


----------



## mathew206 (Aug 7, 2012)

Reposting that link would have been helpful sooner! It's been ingrained in my memory that the link is on page 7. lol 

So I finished step 14, but I couldn't find any under VirusScan. 
Step 15, I could not find that registry location (I don't use MS outlook).
Step 16. I could not find Mcafee Inc. under step d. 

Soooo I think I'm done? I hope. Waiting for your response. Thanks Mark!


----------



## Mark1956 (May 7, 2011)

Looks like you have got there in the end and I would not worry about anything you could not find.

Now to go back to where we left off, we have some updates to do and a clean up of the tools used, we will start with the updates.

*Adobe*
Close any programs you may have running - especially your web browser.
Click on Start







> *Control Panel*, double-click on Programs and Features and uninstall the following Adobe entries:

*Adobe Reader 9*

*NOTE:* For *XP* click on







> *Control Panel*, double-click on *Add or Remove Programs* and continue as above.
Then go to this link Adobe Downloads and select the latest version to download and install. You will see this page below, click on the appropriate button for for the Adobe product that was just removed.










You will now see a page similar to this one:










All four Adobe products, Reader, Flash Player, Air and Shockwave Player are set by default to download the version for *Windows* Operating Systems and for *Internet Explorer* in *English*. If you are using a Macintosh, or you want to use the Adobe product with a different Browser or language you must click on the line (as indicated in the above image) to make further selections to meet your requirements.

As you will see in the above image the Adobe Reader is set for Windows 7, please click (as indicated) if you are using a different version of *Windows* to make further selections. All the other Adobe products are universal and you will only need to change the selection for different Browsers, Languages or for Macintosh.
NOTE: In all the downloads look out for the Google Toolbar and uncheck the box if you do not need it.

Some additional instructions may appear for XP installations. In all cases save the download to your desktop, then close your browser and double click on the Adobe icon on your desktop to install it. If you have any problems installing, disconnect from the internet and disable your Anti Virus and any other security software, instructions for most AV's, etc. can be found here: How to disable security software.

_________________________________________________________________

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. 
Please follow these steps to remove older version of Java and update. 
*How to update Java:*
Be aware that the act of downloading any Java installer means that you have read and agree to abide by the end users license agreement. 
End user licence agreement
First uninstall all existing versions of Java. 

Go to Start > Control Panel double-click on *Add/Remove programs *(or Programs and Features) and click on any item with *Java, Java(TM), JRE* or *J2SE* in the name.
Click the *Uninstall*, *Remove* or *Change/Remove* button and allow it to uninstall. 
If a *User Account Control* warning appears click on *Allow*.
Repeat as many times as necessary to remove each and every item. 
Reboot your computer once all Java components are removed. 
*NOTE:* If you have a 64bit version of Windows and are using the 64bit version of Internet Explorer the Java site will automatically give you the correct Java version using the instructions below, 
but it is recommended that you use only 32bit browsers and versions of Java. Please read this for further information: Which Java download should I choose for my 64bit operating system?. 
If you install Java for the 64bit version of Internet Explorer and you use any other browser you will also need to repeat the installation while using your other browser which will most likely be 32bit. If in doubt please ask.

*How to install the latest version.*

Open the browser that you normally use and click on this link: Java Download
Click on the big red button *Free Java Download*
On the next page click on the big red button *Agree and Start Free Download*
Select *Run* whenever the option appears. If no *Run* option appears click on *Save* and then when the download completes click on *Run*. If a *User Account Control* warning appears click on *Continue*.
When the *Welcome to Java* window appears click on* Install*.
It may takes several minutes to download the installer depending on the speed of your connection, allow it to complete.
If any error messages appear click on OK and then click on the *Agree and start free download* button again.
Please wait for the *Java Setup* window to appear. Uncheck the box to install the *Ask Toolbar* and then click on *Next*.
*NOTE: *The Ask Toolbar option may change without notice to something different, please make sure you uncheck the box for anything else that is offered. On some systems this offer may not appear, in which case, continue with the next instruction.
You will then see the *Java Setup Progress* window and another will appear for *JavaFX* (on some systems the JavaFX will not appear or be installed). Finally the *Java Setup Complete* window will appear, click on *Close*.
If a Java page then appears with a button to *Verify Java Version* click on it and it will verify the installation.
The Installation is now complete, please reboot the system.
*NOTE:* The JavaFX component is not required unless you are developing Java applications. It is perfectly safe to keep on your system, but if you wish to uninstall it please do so.
_______________________________________________________________

Follow this guide to update Firefox: How to Update Firefox


----------



## mathew206 (Aug 7, 2012)

Adobe and Java have been updated.


----------



## mathew206 (Aug 7, 2012)

I did install java 32 bit and 64 bit. I hope that's not an issue? Under programs, it shows java 7 update 7 and Java 7 update 7 (64 bit). I'm guessing it should not interfere with each other.


----------



## Mark1956 (May 7, 2011)

That will be fine, but you only need the 64bit version if you are using a 64bit browser, there is a link to information about that in my instructions.

Did you do the last part to update Firefox?

Now the final stage to remove the tools used.

To re-enable your CD Emulation drivers if you disabled them, double click *DeFogger.exe* to run the tool again.

The application window will appear.
Click the *Re-enable* button to re-enable your CD Emulation drivers.
Click *Yes* to continue.
A *'Finished!*' message will appear.
Click *OK*.
DeFogger will now ask to reboot the machine...click *OK*.
To uninstall ComboFix, press the *WINKEY + R* keys on your keyboard or click on Start







and type *Run* into the search box and hit *Enter*.
In the *Run* box type: *ComboFix /Uninstall* (Be sure to leave a space before the forward slash).










Click on *OK*.
If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to *Uninstall.exe*, then double-click on it to remove.
This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and *create a new Restore point.*
When it has finished you will see a dialog box stating that _"ComboFix has been uninstalled". _
After that, you can delete the ComboFix.exe program from your computer (Desktop).
*Next*

Download *OTC* by OldTimer and save it to your *desktop.*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose *Run as Administrator*
Then Click the big







button.
You will get a prompt saying "_Begin Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
-- Doing this will *remove* any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.
-- Any leftover folders/files related to ComboFix or other tools which OTC did not remove can be deleted manually (right-click on it and choose delete).

*Please post back when this is complete and let me know if you have had any problems.*


----------



## mathew206 (Aug 7, 2012)

The reason I dled both 32 bit and 64 bit is because oftentimes I open websites for work and IE is required to run. I know 32 bit is widely used, so I just wanted to make sure I had it. I also use Chrome alot, but am not sure if it's a 64 bit browser.. 

I did update firefox. DO I want to manually try to update my browsers periodically? I was under the impression they manually update themselves. 

Combofix is uninstalled. No problems. OTC got almost everything except for systemlooker. I right clicked it and deleted it. 

I wanted to run ccleaner along with the registry cleaner tool. Is that okay?


----------



## Mark1956 (May 7, 2011)

64bit versions of Windows include a 64bit version of IE but it is not the default browser. The default version of IE is 32bit, in order to use the 64 bit version you have to select it.

Browsers do not update themselves automatically you would need to check on their internet site to see when a new version is available.

Using a registry cleaner is a risky business and we often see on this site PC's that have had their registry damaged by running such software. If it brings up a list of registry keys to delete would you know which are safe to remove and which are not, if the answer is NO don't use it. If you feel the need to use a registry cleaner then make sure you create a full registry back up first so you have a way to recover if it causes a problem. Use this: Erunt-setup.exe

As we are now done I shall mark this thread as Solved and leave you with some security advice, but please feel free to post back if you have any remaining issues or concerns.

There are many places where you will find security advice, but most are biased towards a particular item of software that they are trying to promote. I have given some unbiased advice below that should help keep you better protected. Unfortunately there is no "best protection", new Malware is being produced every minute of the day so it is a cat & mouse game for all security software vendors to keep up with the latest infections.

It has always been the case that what one Anti Virus program will detect another one will miss and vice versa. That being said, never be tempted to install more than one Anti Virus program thinking that will give you better protection as in fact the reverse is true. Two or more AV programs will (in most cases) conflict with each other, slow your system down and actually reduce your security level. Don't assume that your present Anti Virus is no good on the grounds that you got infected, if I have seen you are using a poor Anti Virus I will have advised you earlier in the thread. There are a lot of nasty infections out there waiting to jump onto a PC and with some of the newest infections there is very little that will block them. Fortunately there are those who dedicate their spare time, for little reward, in making the tools we use here to remove these infections. It is those people that we have to thank as without them a reinstall would often be the only way out.

*Some additional security measures.*
If your present security software does not include a third party Firewall or AntiSpyware.
Go Here for a selection of third party Firewalls.
Go Here or Here for Anti Spyware.

Malwarebytes free version (which you may have used during this thread) is worth having for regular scans of your system, always check for updates before using it. If you can afford the Malwarebytes Pro version it will provide even better protection with a full time active scanner. Never have more than one active anti virus, anti spyware or firewall running on your system as it can cause conflicts and slow down the PC. You can safely run the Pro version of *Malwarebytes* with any Anti Virus software.

WOT (Web OF Trust) Will warn you (in most cases) about dangerous web sites.

Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular"among criminals.

WinPatrol is a useful facility to have. *WinPatrol* takes snapshots of your critical system resources and alerts you to any changes that may occur without your knowledge. It can also be used to control all your *start up* programs.

Finally, make sure that Windows Update is turned on as many updates are to fix newly discovered security holes in the Windows Operating System. You should also make sure that any Java or Adobe products are kept up to date and any old versions are uninstalled. Never use Registry Cleaners as they can and do damage the systems registry and stay well clear of P2P file sharing sites as these are one of the best places to get your PC infected.


----------



## mathew206 (Aug 7, 2012)

I believe that answers most of my questions for the moment. I thought I had some, but I cannot seem to think of them right now. If I have more questions, should I re-post here? or send you a PM? 

My machine seems to be running fine. Thank you for all of your help, Mark. It was greatly appreciated. I think I hate McAfee now. lol.


----------



## Mark1956 (May 7, 2011)

I'd say you have good reason to hate McAfee, lol, and you're welcome.

You can post back here any time, I think they keep old threads open for about three months before they get closed completely, any post you make here I will receive notification.


----------



## mathew206 (Aug 7, 2012)

Hey Mark, 

I have come across a very stubborn application that does not want to uninstall. The program is eMusic Download Manager, which I used multiple times. However, I ended my subscription and it just will not want to delete. 

I have tried via Windows uninstall programs. It starts to go, then asks if I want to uninstall all contents. I say yes, then a new window opens up and says uninstalling eMusic Dl Manager, but it never makes progress, and just hangs there. I can still use the computer, but after letting it sit for awhile, my computer will go into sleep mode.

I have tried using revo uninstaller. It does the same thing. :/ No success here either.

Let me know what information you need from me. Thanks!


----------



## mathew206 (Aug 7, 2012)

P.S. - I understand if this not considered Malware, but I have researched a little bit, and people do say that it can be? Sooo if you need to forward me to someone else, I understand.  Hope you're doing well!


----------



## Mark1956 (May 7, 2011)

Hi Mathew, is this something you installed since the original DDS logs were produced as there is no sign of a program with that name.


----------



## mathew206 (Aug 7, 2012)

Yes it was installed after. It is actually on a different machine as well. Let me know if you need any other information.


----------



## Mark1956 (May 7, 2011)

Ok, run DDS on that system and send in both logs I can then provide the instructions to remove all of the programs files. It will leave registry entries behind but that should not cause a problem and we can do some searches for them.

I am amazed Revo would not take it out.


----------



## mathew206 (Aug 7, 2012)

DDS (Ver_2012-10-19.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_37
Run by Thinkpad T420S at 18:32:30 on 2012-11-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3978.2177 [GMT -7:00]
.
AV: Norton Business Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Business Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Business Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Norton Business Suite\Engine\6.4.0.9\ccSvcHst.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Business Suite\Engine\6.4.0.9\ccSvcHst.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Users\Thinkpad T420S\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
uURLSearchHooks: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll
mURLSearchHooks: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Business Suite\Engine\6.4.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Business Suite\Engine\6.4.0.9\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: FreeSoundRecorder Toolbar: {32B29DF0-2237-4370-9A29-37CEBB730E9B} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Business Suite\Engine\6.4.0.9\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LTT] C:\Program Files\PC-Doctor\EnableToolbarW32.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [TaskScheduler] C:\ProWin11\32bit\TaskSch.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\THINKP~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Thinkpad T420S\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\THINKP~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9DD59DFF-9A21-43E9-B73E-E33F565A4FBF} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9DD59DFF-9A21-43E9-B73E-E33F565A4FBF}\130313537423 : DHCPNameServer = 192.168.11.1 208.201.224.11 208.201.224.33
TCP: Interfaces\{9DD59DFF-9A21-43E9-B73E-E33F565A4FBF}\2375942554434313 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{9DD59DFF-9A21-43E9-B73E-E33F565A4FBF}\45845464F4253454 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{9DD59DFF-9A21-43E9-B73E-E33F565A4FBF}\D61627961686 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BB08F500-11FF-4A4F-BDD0-B07C6399C1F6} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{D9109346-E423-47D9-8EC5-F4B9673EFFEC} : DHCPNameServer = 10.11.28.10
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Thinkpad T420S\AppData\Roaming\Mozilla\Firefox\Profiles\fly5pday.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Thinkpad T420S\AppData\Roaming\Mozilla\Firefox\Profiles\fly5pday.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-09-03 13:23; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-16 21:01; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-26 11:04; {32b29df0-2237-4370-9a29-37cebb730e9b}; C:\Users\Thinkpad T420S\AppData\Roaming\Mozilla\Firefox\Profiles\fly5pday.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
FF - ExtSQL: !HIDDEN! 2012-07-25 15:29; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2012-2-2 31344]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-9-11 30056]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0604000.009\symds64.sys [2012-10-9 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0604000.009\symefa64.sys [2012-10-9 1129120]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-3-29 23664]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121005.002\BHDrvx64.sys [2012-10-5 1385632]
R1 ccSet_N360;Norton Business Suite Settings Manager;C:\Windows\System32\drivers\N360x64\0604000.009\ccsetx64.sys [2012-10-9 167072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121101.002\IDSviA64.sys [2012-11-1 513184]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-8-16 15472]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2012-9-11 284008]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2011-7-8 32104]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0604000.009\ironx64.sys [2012-10-9 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0604000.009\symnets.sys [2012-10-9 405624]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-2-2 198784]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-2-9 41832]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-8-16 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-2-9 60264]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-8-16 133992]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]
R2 N360;Norton Business Suite;C:\Program Files (x86)\Norton Business Suite\Engine\6.4.0.9\ccsvchst.exe [2012-10-9 138272]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-6-25 216080]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-2-2 2214504]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2012-2-2 101888]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-5-30 13128]
R2 SROSVC;Screen Reading Optimizer Service Program;C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2012-2-9 446800]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-8-16 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-8-16 142696]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-2 2656280]
R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-7-12 82544]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\System32\drivers\e1c62x64.sys [2012-2-9 341680]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-26 138912]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-6-21 25496]
R3 Lenovo.RapidDrive.Advanced.Svc;Lenovo RapidDrive Advanced Service;C:\Program Files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedService.exe [2012-2-2 209920]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-2-2 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2011-10-31 8615936]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-9 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-9 181248]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2010-9-27 41536]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-2 136176]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-7-8 144232]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 250808]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-2-9 478056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-2 136176]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-6-21 34200]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2011-4-4 21504]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2010-4-1 26624]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-21 115168]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-2-2 89152]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-2-2 175168]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-9 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-26 21:04:19	--------	d-----w-	C:\Program Files (x86)\VS Revo Group
2012-10-26 18:11:11	--------	d-----w-	C:\Users\Thinkpad T420S\AppData\Roaming\Cool Record Edit Pro
2012-10-26 18:04:55	--------	d-----w-	C:\Users\Thinkpad T420S\AppData\Roaming\Free Sound Recorder
2012-10-26 18:04:20	--------	d-----w-	C:\Program Files (x86)\Conduit
2012-10-26 18:04:18	--------	d-----w-	C:\Users\Thinkpad T420S\AppData\Local\Conduit
2012-10-26 18:04:17	--------	d-----w-	C:\Program Files (x86)\FreeSoundRecorder
2012-10-26 18:03:50	880640	----a-w-	C:\Windows\SysWow64\NCTAudioEditor2.dll
2012-10-26 18:03:50	602112	----a-w-	C:\Windows\SysWow64\NCTAudioTransform2.dll
2012-10-26 18:03:50	479232	----a-w-	C:\Windows\SysWow64\NCTAudioVisualization2.dll
2012-10-26 18:03:50	458752	----a-w-	C:\Windows\SysWow64\NCTAudioRecord2.dll
2012-10-26 18:03:50	458752	----a-w-	C:\Windows\SysWow64\NCTAudioPlayer2.dll
2012-10-26 18:03:50	417792	----a-w-	C:\Windows\SysWow64\NCTTextToAudio2.dll
2012-10-26 18:03:50	348160	----a-w-	C:\Windows\SysWow64\NCTWMAFile2.dll
2012-10-26 18:03:50	1986560	----a-w-	C:\Windows\SysWow64\NCTAudioFile2.dll
2012-10-26 18:03:50	1212416	----a-w-	C:\Windows\SysWow64\NCTAudioInformation2.dll
2012-10-26 18:03:49	835584	----a-w-	C:\Windows\SysWow64\NCTAudioCDGrabber2.dll
2012-10-26 18:03:49	344064	----a-w-	C:\Windows\SysWow64\msvcr70.dll
2012-10-26 18:03:49	--------	d-----w-	C:\Program Files (x86)\Free Sound Recorder
2012-10-20 17:45:12	--------	d-----w-	C:\Users\Thinkpad T420S\AppData\Local\{5B895D50-9C99-4698-8917-4B523C22A097}
2012-10-19 19:49:00	--------	d-----w-	C:\Users\Thinkpad T420S\AppData\Local\{5612FB81-8F56-4893-9299-C9C82E18E1C2}
2012-10-19 18:40:21	--------	d-----w-	C:\Program Files\Microsoft Mouse and Keyboard Center
2012-10-13 20:42:46	258048	----a-w-	C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll
2012-10-12 23:35:28	862664	----a-w-	C:\Windows\SysWow64\msvcr110.dll
2012-10-12 23:35:28	828872	----a-w-	C:\Windows\System32\msvcr110.dll
2012-10-12 23:35:28	661448	----a-w-	C:\Windows\System32\msvcp110.dll
2012-10-12 23:35:28	534480	----a-w-	C:\Windows\SysWow64\msvcp110.dll
2012-10-12 23:35:28	354264	----a-w-	C:\Windows\System32\vccorlib110.dll
2012-10-12 23:35:28	251864	----a-w-	C:\Windows\SysWow64\vccorlib110.dll
2012-10-10 03:57:17	737952	----a-w-	C:\Windows\System32\drivers\N360x64\0604000.009\srtsp64.sys
2012-10-10 03:57:17	451192	----a-r-	C:\Windows\System32\drivers\N360x64\0604000.009\symds64.sys
2012-10-10 03:57:17	405624	----a-r-	C:\Windows\System32\drivers\N360x64\0604000.009\symnets.sys
2012-10-10 03:57:17	37536	----a-w-	C:\Windows\System32\drivers\N360x64\0604000.009\srtspx64.sys
2012-10-10 03:57:17	190072	----a-r-	C:\Windows\System32\drivers\N360x64\0604000.009\ironx64.sys
2012-10-10 03:57:17	167072	----a-w-	C:\Windows\System32\drivers\N360x64\0604000.009\ccsetx64.sys
2012-10-10 03:57:17	1129120	----a-w-	C:\Windows\System32\drivers\N360x64\0604000.009\symefa64.sys
2012-10-10 03:57:10	--------	d-----w-	C:\Windows\System32\drivers\N360x64\0604000.009
.
==================== Find3M ====================
.
2012-10-09 03:38:31	73656	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 03:38:31	696760	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-30 02:54:26	25928	----a-w-	C:\Windows\System32\drivers\mbam.sys
2012-09-29 04:42:04	2177704	----a-w-	C:\Windows\System32\coin92.dll
2012-09-24 22:32:24	477168	----a-w-	C:\Windows\SysWow64\npdeployJava1.dll
2012-09-24 22:32:20	473072	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2012-09-14 19:19:29	2048	----a-w-	C:\Windows\System32\tzres.dll
2012-09-14 18:28:53	2048	----a-w-	C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35	1659760	----a-w-	C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45	5559664	----a-w-	C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02	3968880	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02	3914096	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07	220160	----a-w-	C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48	172544	----a-w-	C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32	2312704	----a-w-	C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18	1392128	----a-w-	C:\Windows\System32\wininet.dll
2012-08-24 10:20:11	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29	599040	----a-w-	C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17	1800704	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12	420864	----a-w-	C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50	1913200	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40	950128	----a-w-	C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40	376688	----a-w-	C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33	288624	----a-w-	C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00	245760	----a-w-	C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44	362496	----a-w-	C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44	243200	----a-w-	C:\Windows\System32\wow64.dll
2012-08-20 18:48:44	13312	----a-w-	C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43	215040	----a-w-	C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37	16384	----a-w-	C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35	424448	----a-w-	C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22	338432	----a-w-	C:\Windows\System32\conhost.exe
2012-08-20 17:40:21	14336	----a-w-	C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44	44032	----a-w-	C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26	25600	----a-w-	C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19	5120	----a-w-	C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18	274944	----a-w-	C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21	7680	----a-w-	C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20	2048	----a-w-	C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28	6144	---ha-w-	C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28	4608	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28	3584	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28	3072	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03	715776	----a-w-	C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14	542208	----a-w-	C:\Windows\SysWow64\kerberos.dll
.
============= FINISH: 18:33:03.89 ===============


----------



## mathew206 (Aug 7, 2012)

was having issues clicking the DDS link from the techguy website. Finally I just went straight to thebleepingcomputer website to dl it.


----------



## mathew206 (Aug 7, 2012)

attach log


----------



## Mark1956 (May 7, 2011)

No sign of emusic in the logs it only appears in the Installed Programs list.

Have you tried uninstalling it in Safe Mode?

Java is out of date, uninstall it and go here Java Download to download and install the latest version.

If emusic won't uninstall in Safe Mode try using Revo in Safe Mode. If that still does not work look for emusic in C:\Program Files and delete the programs folder. Also look in C:\Program Data.

Then do a search with this software.

Please download *SystemLook* for your operating system from one of the links below and save it to your Desktop.


*Link 1: SystemLook (32-bit)*
Link 2: SystemLook (32-bit)

*Link 1: SystemLook (64-bit)*
Link 2: SystemLook (64-bit)


Double-click *SystemLook.exe* to run it.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
Copy and paste everything in the codebox below into the main textfield:

```
:filefind
*emusic*
:folderfind
*emusic*
:regfind
*emusic*
```

Click the Look button to start the scan.
When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
Please copy and paste the contents of that log in your next reply.


----------



## mathew206 (Aug 7, 2012)

SystemLook 30.07.11 by jpshortstuff
Log created at 09:27 on 09/11/2012 by Thinkpad T420S
Administrator - Elevation successful

========== filefind ==========

Searching for "*emusic*"
C:\Program Files (x86)\eMusic Download Manager\eMusic Download Manager.crx	--a---- 34288 bytes	[18:28 26/08/2012]	[00:26 09/12/2011] 06938E2F8AA36261043F16B6DA28EF66
C:\Program Files (x86)\eMusic Download Manager\eMusic Download Manager.exe	--a---- 936448 bytes	[18:28 26/08/2012]	[18:28 26/08/2012] E477C2C89DBCCD6941A226C656D9E7A6
C:\Program Files (x86)\eMusic Download Manager\eMusicFolder.ico	--a---- 115941 bytes	[18:28 26/08/2012]	[21:02 10/08/2011] FF230674E3081F0B7E245712028D801D
C:\Program Files (x86)\eMusic Download Manager\Uninstall eMusic Download Manager.exe	--a---- 3581073 bytes	[18:28 26/08/2012]	[18:28 26/08/2012] 954F5FE1598C8FB2EA4818547E670BF0
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMusic Download Manager\eMusic Download Manager.lnk	--a---- 1186 bytes	[18:28 26/08/2012]	[18:28 26/08/2012] D805D797A5C823D44B0ECF8E880D16EF
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMusic Download Manager\Uninstall eMusic Download Manager.lnk	--a---- 1304 bytes	[18:28 26/08/2012]	[18:28 26/08/2012] A16A3AE7E7BFD4D044E4B2CC612A7B31
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\eMusic Download Manager\eMusic Download Manager.lnk	--a---- 1186 bytes	[18:28 26/08/2012]	[18:28 26/08/2012] D805D797A5C823D44B0ECF8E880D16EF
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\eMusic Download Manager\Uninstall eMusic Download Manager.lnk	--a---- 1304 bytes	[18:28 26/08/2012]	[18:28 26/08/2012] A16A3AE7E7BFD4D044E4B2CC612A7B31
C:\Users\Public\Desktop\eMusic Download Manager.lnk	--a---- 1186 bytes	[18:28 26/08/2012]	[18:28 26/08/2012] D805D797A5C823D44B0ECF8E880D16EF
C:\Users\Thinkpad T420S\.eMusicVersion.txt	--a---- 247 bytes	[18:28 26/08/2012]	[18:28 26/08/2012] 0D48C75DB9447413E3055939AEE44292
C:\Users\Thinkpad T420S\AppData\Local\CrashDumps\emusic-dlm-installer-windows-5.0.5.1102.exe.3240.dmp	--a---- 3150381 bytes	[22:11 26/10/2012]	[22:11 26/10/2012] EABDDB4E3AB90F8531BA5D2C59D9C694
C:\Users\Thinkpad T420S\AppData\Local\CrashDumps\Uninstall eMusic Download Manager.exe.5340.dmp	--a---- 3131753 bytes	[22:17 26/10/2012]	[22:17 26/10/2012] BA865372501185A9229D1FD9E34E96B4
C:\Users\Thinkpad T420S\AppData\Local\CrashDumps\Uninstall eMusic Download Manager.exe.6804.dmp	--a---- 3131799 bytes	[22:11 26/10/2012]	[22:11 26/10/2012] 35114029997DE7B220CEB7D32F9FA9F1
C:\Users\Thinkpad T420S\AppData\Local\CrashDumps\Uninstall eMusic Download Manager.exe.7984.dmp	--a---- 3131739 bytes	[22:28 26/10/2012]	[22:28 26/10/2012] 5964AA082F46D11FD819155CDB3CE72F

========== folderfind ==========

Searching for "*emusic*"
C:\Program Files (x86)\eMusic Download Manager	d------	[18:28 26/08/2012]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMusic Download Manager	d------	[18:28 26/08/2012]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_emusic-dlm-insta_7bcb7f3326eee24db034b54077f3797d4134d06d_19c74604	d----c-	[22:11 26/10/2012]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Uninstall eMusic_2ed954f770cf49765206f3a497edcfa116b26_1f40b801	d----c-	[18:16 26/10/2012]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Uninstall eMusic_56421a43c5602cfd3b68c497b272555c8920_146f2912	d----c-	[18:46 26/10/2012]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Uninstall eMusic_56421a43c5602cfd3b68c497b272555c8920_17e08cf3	d----c-	[18:34 26/10/2012]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Uninstall eMusic_6dfba7314a7c5c31ca1c1c3bb9211395467e9_026e0c12	d----c-	[21:05 26/10/2012]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Uninstall eMusic_6dfba7314a7c5c31ca1c1c3bb9211395467e9_0d18a372	d----c-	[21:34 26/10/2012]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Uninstall eMusic_6dfba7314a7c5c31ca1c1c3bb9211395467e9_1d5df0f5	d----c-	[21:40 26/10/2012]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Uninstall eMusic_84b693e6475d5c5a307523ea82e2dbfe7dc12e22_1177bd36	d----c-	[22:11 26/10/2012]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Uninstall eMusic_84b693e6475d5c5a307523ea82e2dbfe7dc12e22_11908e79	d----c-	[22:17 26/10/2012]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Uninstall eMusic_84b693e6475d5c5a307523ea82e2dbfe7dc12e22_1fbf0f4c	d----c-	[22:28 26/10/2012]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\eMusic Download Manager	d------	[18:28 26/08/2012]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_emusic-dlm-insta_7bcb7f3326eee24db034b54077f3797d4134d06d_19c74604	d----c-	[22:11 26/10/2012]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_Uninstall eMusic_2ed954f770cf49765206f3a497edcfa116b26_1f40b801	d----c-	[18:16 26/10/2012]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_Uninstall eMusic_56421a43c5602cfd3b68c497b272555c8920_146f2912	d----c-	[18:46 26/10/2012]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_Uninstall eMusic_56421a43c5602cfd3b68c497b272555c8920_17e08cf3	d----c-	[18:34 26/10/2012]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_Uninstall eMusic_6dfba7314a7c5c31ca1c1c3bb9211395467e9_026e0c12	d----c-	[21:05 26/10/2012]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_Uninstall eMusic_6dfba7314a7c5c31ca1c1c3bb9211395467e9_0d18a372	d----c-	[21:34 26/10/2012]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_Uninstall eMusic_6dfba7314a7c5c31ca1c1c3bb9211395467e9_1d5df0f5	d----c-	[21:40 26/10/2012]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_Uninstall eMusic_84b693e6475d5c5a307523ea82e2dbfe7dc12e22_1177bd36	d----c-	[22:11 26/10/2012]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_Uninstall eMusic_84b693e6475d5c5a307523ea82e2dbfe7dc12e22_11908e79	d----c-	[22:17 26/10/2012]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_Uninstall eMusic_84b693e6475d5c5a307523ea82e2dbfe7dc12e22_1fbf0f4c	d----c-	[22:28 26/10/2012]
C:\Users\Thinkpad T420S\Desktop\My eMusic	d---s--	[18:30 26/08/2012]

========== regfind ==========

Searching for "*emusic*"
No data found.

-= EOF =-


----------



## mathew206 (Aug 7, 2012)

Java was updated. I could not uninstall in safe mode with windows add/remove programs or revo. I though I remember from before that Revo used to have some sort of force uninstall (when we were working with Mcafee).


----------



## Mark1956 (May 7, 2011)

Yes, Revo does have a force uninstall feature so give it a shot.

If it fails then we can use a tool to remove all the folders. You can see in the SystemLook report that there are error records of the uninstall failing.


----------



## mathew206 (Aug 7, 2012)

I couldn't find the forced uninstall though. I right click under uninstaller mode, and the only options I see are 1. uninstall 2. remove entry 3. search at google for 4. install location 5. open registry key.

Unless it is Hunter mode? I have no clue what that does.


----------



## Mark1956 (May 7, 2011)

Yup, on reflection and looking at my own version of Revo there is no Forced Uninstall, it is probably only available in the full version. If you look in the help menu you will find the information on Hunter Mode.

As I have all the file locations from SystemLook I put together a script to remove them all.

Please download *OTM by OldTimer*. Save it to your desktop.

Double click *OTM.exe* to start the tool.


*Copy* the text in the code box below to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after

highlighting, right-click and choose *Copy*):


```
:Processes
explorer.exe
:Files
C:\Program Files (x86)\eMusic Download Manager
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMusic Download Manager
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\eMusic Download Manager
C:\Users\Public\Desktop\eMusic Download Manager.lnk
C:\Users\Thinkpad T420S\.eMusicVersion.txt
:Commands
[createrestorepoint]
[emptyflash]
[emptytemp]
[resethosts]
[reboot]
```

 Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red *Moveit!* button.
All your desktop icons will dissapear as the scan begins. It should complete within a few minutes.
Once complete you may see a box appear asking you to Restart the system to complete the file removal, accept it and it will reboot.
Even if that box does not appear the system should reboot as the command is included in the script.
When the system has come back to the desktop a Notepad document will open, please copy and paste that into your next post.

-- Note: The logs are saved here: C:\_OTM\MovedFiles


----------



## mathew206 (Aug 7, 2012)

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\Program Files (x86)\eMusic Download Manager folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMusic Download Manager folder moved successfully.
File/Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\eMusic Download Manager not found.
C:\Users\Public\Desktop\eMusic Download Manager.lnk moved successfully.
C:\Users\Thinkpad T420S\.eMusicVersion.txt moved successfully.
========== COMMANDS ==========
Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Thinkpad T420S
->Flash cache emptied: 506 bytes

User: UpdatusUser

User: Xiao Rui
->Flash cache emptied: 534 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Thinkpad T420S
->Temp folder emptied: 4178773 bytes
->Temporary Internet Files folder emptied: 18809708 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65547943 bytes
->Google Chrome cache emptied: 19955733 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Xiao Rui
->Temp folder emptied: 480 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 294021286 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 192616 bytes
%systemroot%\System32 (64bit) .tmp files removed: 15959712 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 268527385 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 761 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 655.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.21.0 log created on 11102012_145707

Files moved on Reboot...
C:\Users\Thinkpad T420S\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\FXSTIFFDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


----------



## Mark1956 (May 7, 2011)

Looks like that took care of everything, how does it look at your end.


----------



## mathew206 (Aug 7, 2012)

I agree with you, too. I only saw an empty, unanimated folder on the desktop named emusic, but I deleted it. 

Thanks again for all of your help, Mark! I'm glad there are helpful forums out there like this one. I had such a bad experience with Norton forums that I almost gave up. haha..

Since you seem to be able to fix all of my problems, would you be interested in helping me with a different issue? 

I have a computer at work which I primarily use. For some reason, internet speeds are significantly slower then the rest of the computers on the network. All computers are wired. I tested 5 other computers at comcast.speedtest.net, and they all gave about 50Mbps down with 10 Mbps up. The computer in question typically gets anywhere from 1-3 Mbps down and 10Mbps up. I tested ethernet wires, I scanned with ESET online scanner, AVG, and Malwarebytes. I have found no malware. I'm not really sure what else might be the culprit. Let me know your thoughts, or if this is more appropriate for another forum, let me know, too. Thanks, Mark!


----------



## Mark1956 (May 7, 2011)

I would be glad to assist, but we do have a policy against helping with company PC's as they may have policies and restrictions applied to them by the IT department that our tools may remove. On the other hand, if you are responsible for the Network then please continue.

Use the instructions from earlier in this thread and run ADWCleaner and RogueKiller and post the logs.

Please go Here and follow the instructions to run DDS, then *Copy and Paste* both the logs into your next reply.

Then run this tool:

Please download *Farbar Service Scanner* and run it on the computer with the issue.

*Make sure the following options are checked:*


*Internet Services*
*Windows Firewall*
*System Restore*
*Security Center*
*Windows Update*
*Windows Defender*
Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


----------



## mathew206 (Aug 7, 2012)

Great. I'll be at that computer either later today or Wednesday. I will keep you updated.


----------



## Mark1956 (May 7, 2011)

OK.


----------



## mathew206 (Aug 7, 2012)

RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : James Shum [Admin rights]
Mode : Scan -- Date : 11/12/2012 13:44:45

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] GoogleCrashHandler64.exe -- C:\Users\james shum\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: INTEL SSDSA2M160G2GC +++++
--- User ---
[MBR] e50a5604a068baa522c2815f91bcfb56
[BSP] 817eb4580ce44bc03cc458bae3193901 : Lenovo tatooed MBR Code
Partition table:
0 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 682 Mo
1 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 1397655 | Size: 128159 Mo
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 263867287 | Size: 23785 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 14ea56c48db9db091d67f16f384cf0fa
[BSP] a2d970bd91cdab7584ad4fa281c0e280 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 682 Mo
1 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 1397655 | Size: 128159 Mo
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 263867287 | Size: 23785 Mo

Finished : << RKreport[1]_S_11122012_02d1344.txt >>
RKreport[1]_S_11122012_02d1344.txt


----------



## mathew206 (Aug 7, 2012)

I don't think we used ADW Cleaner? I searched all pages of our forum and nothing came up? I'm continuing to Farbar.


----------



## mathew206 (Aug 7, 2012)

Farbar Service Scanner Version: 09-11-2012
Ran by James Shum (administrator) on 12-11-2012 at 14:03:55
Running from "C:\Users\james shum\Downloads"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy: 
==================

System Restore:
============

System Restore Disabled Policy: 
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## Mark1956 (May 7, 2011)

RogueKiller is showing a possible problem with the MBR and it is displaying the file format as Linux-swp, where it would usually show NTFS. Any idea why that should be, is the system running a version of Linux?

The Farbar scans shows no issues.

Please follow this to run ADWCleaner:

Click on this link to download : ADWCleaner and save it to your desktop.

*NOTE:* If using Internet Explorer and you get an alert that stops the program downloading click on *Tools > Smartscreen Filter > Turn off Smartscreen Filter* then click on *OK* in the box that opens. Then click on the link again.

Close your browser and click on this icon on your desktop:









You will then see the screen below, click on the *Delete* button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.


----------



## mathew206 (Aug 7, 2012)

I'm not really sure why MBR is showing as Linux. The only reason I could possibly think of, is that this is an all in one computer, but Lenovo software was put in the computer. (it's possible the hard drive was swapped from an older cpu. I'm not 100% sure, but I'm trying to probe to find out. This is a small business, and I know someone else was trying to set something up. I'm not sure if that would even affect it.... but that's all I could think of. I am running adw cleaner now.


----------



## mathew206 (Aug 7, 2012)

# AdwCleaner v2.007 - Logfile created 11/16/2012 at 15:35:14
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : James Shum - THINKCENTRE
# Boot Mode : Normal
# Running from : C:\Users\james shum\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\james shum\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\james shum\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\james shum\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\james\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\james\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\joe\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\think\AppData\Local\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\james shum\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.48] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
Deleted [l.51] : keyword = "isearch.avg.com",
Deleted [l.54] : search_url = "hxxps://isearch.avg.com/search?cid={7CF75A40-32D6-49BA-BA4A-1989F3BFA716}&mid=27ebac64096547d6b5ae1943ef34de62-3c94906cc3019251b63050e67a245faa5c7171e7&lang=en&ds=AVG&pr=fr&d=2012-05-14 18:42:22&v=12.2.5.32&sap=dsp&q={searchTerms}",

File : C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.20] : urls_to_restore_on_startup = [ "hxxps://docs.google.com/?tab=oo&authuser=0#home", "hxxps://www.google.com/calendar/render?tab=oc", "hxxps://mail.google.com/mail/?tab=om#inbox", "hxxp://www.taxalmanac.org/index.php/Main_Page", "hxxp://www.google.com/ig" ]
Deleted [l.67] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Deleted [l.70] : keyword = "isearch.avg.com",
Deleted [l.73] : search_url = "hxxp://isearch.avg.com/search?cid={7CF75A40-32D6-49BA-BA4A-1989F3BFA716}&mid=27ebac64096547d6b5ae1943ef34de62-3c94906cc3019251b63050e67a245faa5c7171e7&lang=en&ds=AVG&pr=fr&d=2012-05-14 18:42:22&v=11.1.0.12&sap=dsp&q={searchTerms}",
Deleted [l.2423] : urls_to_restore_on_startup = [ "hxxps://docs.google.com/?tab=oo&authuser=0#home", "hxxps://www.google.com/calendar/render?tab=oc", "hxxps://mail.google.com/mail/?tab=om#inbox", "hxxp://www.taxalmanac.org/index.php/Main_Page", "hxxp://www.google.com/ig" ]

*************************

AdwCleaner[S1].txt - [6693 octets] - [16/11/2012 15:35:14]

########## EOF - C:\AdwCleaner[S1].txt - [6753 octets] ##########


----------



## mathew206 (Aug 7, 2012)

When I opened Chrome, it said that the preferences was corrupt? And it could not fix...


----------



## Mark1956 (May 7, 2011)

Can you get onto the opening page of Chrome, if so do this:

Open Google and click on the spanner in the top right hand corner.
Select Tools and then Extensions.
Click on the grey dustbin next to any Extensions you do not need or recognise.
Click on Settings in the left column.
Look for Users and click on the button Delete this user.
Close Google.


----------



## mathew206 (Aug 7, 2012)

No extensions and i am the only user.


----------



## Mark1956 (May 7, 2011)

Ok, follow the instructions to Delete user, if that does not stop the error you see when opening Chrome uninstall it and then re-install. Let me know how it goes.


----------



## mathew206 (Aug 7, 2012)

Before I tried to The problem no longer seems to come up. I think we are good.


----------



## Mark1956 (May 7, 2011)

Ok, so how is the internet speed now?


----------



## mathew206 (Aug 7, 2012)

Same as of last week. DL is about 1-2 mpbs with Upload speeds being 10mbps, which is fine. This morning, DL is about .5 mpbs with around 10mbps up.


----------



## Mark1956 (May 7, 2011)

Yup, download speed still like a snail. Does this PC perform ok in other respects?

Lets see if this scan will tell us anything:

Please download MiniToolBox and save it to your desktop.
Double click on the MiniToolBox icon









You will now see the following window appear.










Click on each of the boxes as indicated in the list below, then click on the *GO* button.

Copy & Paste the contents of the report that appears into your next post, you can also find a copy of the report on your desktop (Result.txt).

•Flush DNS
•Report IE Proxy Settings
•Report FF Proxy Settings
•List content of Hosts
•List IP configuration
•List Winsock Entries
•List last 10 Event Viewer Errors
•List Installed Programs
•List Devices Check options for *Only Problems*
•List Users, Partitions and Memory size.
•List Minidump Files


----------



## mathew206 (Aug 7, 2012)

MiniToolBox by Farbar Version: 10-11-2012 02
Ran by James Shum (administrator) on 19-11-2012 at 11:06:27
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

========================= IP Configuration: ================================

Intel(R) 82579LM Gigabit Network Connection = Local Area Connection 2 (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : THINKCENTRE
Primary Dns Suffix . . . . . . . : shum.cpa
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : shum.cpa

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : shum.cpa
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
Physical Address. . . . . . . . . : D8-D3-85-92-0F-6D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7cb6:6a75:bf08:f53%18(Preferred) 
IPv4 Address. . . . . . . . . . . : 10.11.28.50(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, November 16, 2012 3:36:13 PM
Lease Expires . . . . . . . . . . : Monday, November 19, 2012 3:36:14 PM
Default Gateway . . . . . . . . . : 10.11.28.25
DHCP Server . . . . . . . . . . . : 10.11.28.10
DHCPv6 IAID . . . . . . . . . . . : 366531461
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-86-A4-55-C8-0A-A9-D0-37-91
DNS Servers . . . . . . . . . . . : 10.11.28.10
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.shum.cpa:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : shum.cpa
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: shumcpa-entsrv.shum.cpa
Address: 10.11.28.10

Name: google.com
Addresses: 2001:4860:4001:801::1007
74.125.224.100
74.125.224.101
74.125.224.102
74.125.224.98
74.125.224.105
74.125.224.97
74.125.224.99
74.125.224.110
74.125.224.103
74.125.224.104
74.125.224.96

Pinging google.com [74.125.224.100] with 32 bytes of data:
Reply from 74.125.224.100: bytes=32 time=50ms TTL=54
Reply from 74.125.224.100: bytes=32 time=151ms TTL=54

Ping statistics for 74.125.224.100:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 50ms, Maximum = 151ms, Average = 100ms
Server: shumcpa-entsrv.shum.cpa
Address: 10.11.28.10

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
98.138.253.109

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=160ms TTL=52
Reply from 72.30.38.140: bytes=32 time=241ms TTL=52

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 160ms, Maximum = 241ms, Average = 200ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
18...d8 d3 85 92 0f 6d ......Intel(R) 82579LM Gigabit Network Connection
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.11.28.25 10.11.28.50 20
10.11.28.0 255.255.255.0 On-link 10.11.28.50 276
10.11.28.50 255.255.255.255 On-link 10.11.28.50 276
10.11.28.255 255.255.255.255 On-link 10.11.28.50 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.11.28.50 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.11.28.50 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
18 276 fe80::/64 On-link
18 276 fe80::7cb6:6a75:bf08:f53/128
On-link
1 306 ff00::/8 On-link
18 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/17/2012 00:30:18 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/15/2012 00:30:16 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/13/2012 00:30:09 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/10/2012 00:30:20 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/09/2012 05:34:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: w08tax.exe, version: 29.0.0.0, time stamp: 0x2a425e19
Faulting module name: rtl60.bpl, version: 6.0.6.240, time stamp: 0x2a425e19
Exception code: 0xc0000005
Fault offset: 0x0000572c
Faulting process id: 0x730
Faulting application start time: 0xw08tax.exe0
Faulting application path: w08tax.exe1
Faulting module path: w08tax.exe2
Report Id: w08tax.exe3

Error: (11/09/2012 00:30:54 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/08/2012 11:50:28 AM) (Source: Application Hang) (User: )
Description: The program protax11.exe version 2011.8.0.40 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14ac

Start Time: 01cdbdea2cf3be37

Termination Time: 20

Application Path: C:\ProWin11\32bit\protax11.exe

Report Id: 850bce08-29dd-11e2-896b-d8d385920f6d

Error: (11/08/2012 00:30:55 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/05/2012 00:42:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/02/2012 11:30:22 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

System errors:
=============
Error: (11/16/2012 03:36:14 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (11/16/2012 03:36:14 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (11/16/2012 03:36:10 PM) (Source: Ntfs) (User: )
Description: The default transaction resource manager on volume \\?\Volume{4549f68f-6db8-11e0-927a-c80aa9d03791} encountered a non-retryable error and could not start. The data contains the error code.

Error: (11/16/2012 03:35:44 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (11/14/2012 03:20:41 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (11/14/2012 03:20:40 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (11/14/2012 03:20:30 AM) (Source: Ntfs) (User: )
Description: The default transaction resource manager on volume \\?\Volume{4549f68f-6db8-11e0-927a-c80aa9d03791} encountered a non-retryable error and could not start. The data contains the error code.

Error: (11/14/2012 03:20:03 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (11/09/2012 01:59:07 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (11/09/2012 01:59:07 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
2007 Lacerte Tax
2008 Lacerte Tax
2009 Lacerte Tax
2010 Lacerte Tax
2011 Lacerte Tax
Access Help (Version: 2.00)
Adobe Flash Player 10 Plugin (Version: 10.0.32.18)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.110)
Adobe Reader XI (Version: 11.0.00)
AnswerWorks 4.0 Runtime - English (Version: 4.0.101)
AVG 2013 (Version: 13.0.2629)
AVG 2013 (Version: 13.0.2793)
AVG 2013 (Version: 2013.0.2793)
Burn.Now 4.5 (Version: 4.5.0)
CCleaner (Version: 3.24)
Corel Burn.Now Lenovo Edition (Version: 4.5.0)
Corel DVD MovieFactory 7 (Version: 7.0.0)
Corel DVD MovieFactory Lenovo Edition (Version: 7.0.0)
Create Recovery Media (Version: 1.20.0.00)
D3DX10 (Version: 15.4.2368.0902)
Direct DiscRecorder (Version: 1.00.0000)
Document eSort Components (Version: 1.1.0.794)
Dropbox (Version: 1.4.17)
EntlClnt (Version: 1.1.0)
ESET Online Scanner v3
Google Chrome (Version: 23.0.1271.64)
Google Talk Plugin (Version: 3.10.2.10212)
Intel PROSet Wireless
Intel(R) Control Center (Version: 1.2.1.1007)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2202)
Intel(R) Management Engine Components (Version: 6.0.0.1179)
Intel(R) Network Connections 16.5.2.0 (Version: 16.5.2.0)
Intel(R) PROSet/Wireless WiFi Software (Version: 13.02.0000)
Intel(R) Rapid Storage Technology (Version: 10.1.0.1008)
Intuit Entitlement Client (Version: 1.0.0)
Intuit Runtime Components 6.0.16 (Version: 6.0.16)
Java Auto Updater (Version: 2.0.7.2)
Java(TM) 6 Update 17 (64-bit) (Version: 6.0.170)
Java(TM) 6 Update 37 (Version: 6.0.370)
Junk Mail filter update (Version: 15.4.3502.0922)
Lacerte Runtime Components (Version: 6.0.10)
Lenovo MuteSync (Version: 1.1.0.3)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Touch Pack for Windows 7 (Version: 1.0.40517.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 3.0 (Version: 3.0.11010.0)
Mozilla Thunderbird (3.1.7) (Version: 3.1.7 (en-US))
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Nitro Reader 2 (Version: 2.5.0.45)
Payroll System 2011 Workstation (Version: 11)
Payroll System 2012 Workstation (Version: 12)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
ProLine Tax Import (Version: 1.3.0000)
ProSeries 2004
ProSeries 2005
ProSeries 2006
ProSeries 2007
ProSeries 2008
ProSeries 2009
ProSeries 2010
ProSeries 2011
QuickBooks (Version: 19.0.4014.705)
QuickBooks (Version: 20.0.4014.807)
QuickBooks (Version: 22.0.4009.2206)
QuickBooks Premier: Accountant Edition 2009 (Version: 19.0.4014.705)
QuickBooks Premier: Accountant Edition 2012 (Version: 22.0.4009.2206)
QuickBooks Premier: Contractor Edition 2010 (Version: 20.0.4014.807)
Realtek High Definition Audio Driver (Version: 6.0.1.6086)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30124)
Rescue and Recovery (Version: 4.31.0011.00)
Skype 5.10 (Version: 5.10.116)
SupportSoft Assisted Service (Version: 15)
System Update (Version: 4.01.0015)
TaxTools 2012 Workstation (Version: 12)
TeamViewer 7 (Version: 7.0.12313)
ThinkPad USB Keyboard with TrackPoint (Version: 1.06)
ThinkVantage Power Manager (Version: 1.03.0010)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
WexTech AnswerWorks (Version: 1.00.000)
Windows Driver Package - Intel (e1kexpress) Net (12/10/2009 11.5.10.0) (Version: 12/10/2009 11.5.10.0)
Windows Driver Package - Intel (HECIx64) System (09/17/2009 6.0.0.1179) (Version: 09/17/2009 6.0.0.1179)
Windows Driver Package - Intel Corporation (igfx) Display (01/08/2010 8.15.10.2040) (Version: 01/08/2010 8.15.10.2040)
Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013) (Version: 06/04/2009 7.0.0.1013)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) (Version: 06/04/2009 1.0.0.0002)
Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (Version: 10/28/2009 9.1.1.1022)
Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020) (Version: 08/20/2009 9.1.1.1020)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (04/09/2010 6.0.1.6086) (Version: 04/09/2010 6.0.1.6086)
Windows Driver Package - Vimicro (VMC429) Image (01/13/2010 347.2001.4001.03) (Version: 01/13/2010 347.2001.4001.03)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Devices: ================================

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 6032 MB
Available physical RAM: 3697.34 MB
Total Pagefile: 12062.2 MB
Available Pagefile: 9316.55 MB
Total Virtual: 4095.88 MB
Available Virtual: 3959.21 MB

========================= Partitions: =====================================

1 Drive c: (Windows7_OS) (Fixed) (Total:125.16 GB) (Free:42.52 GB) NTFS
2 Drive d: (Lenovo Recovery) (Fixed) (Total:23.23 GB) (Free:22.44 GB) NTFS

========================= Users: ========================================

User accounts for \\THINKCENTRE

Administrator ASPNET Guest 
think

========================= Minidump Files ==================================

No minidump file found

**** End of log ****


----------



## mathew206 (Aug 7, 2012)

There was one box "list restore points" I did not click that as it was not above. If you need me to do that again. lmk.


----------



## Mark1956 (May 7, 2011)

That's fine I didn't need to see the list of restore points.

I don't see anything in those logs that could account for a slow download speed, but there are some things that should be taken care of.

The Adobe Flash plugin is out of date, there are three versions of AVG installed and two outdated versions of Java. One of those versions of Java is 64bit which you only need when using the 64bit version of IE.

Uninstall the following:
Adobe Flash Player 10 Plugin (Version: 10.0.32.18)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.110)
AVG 2013 (Version: 13.0.2629)
AVG 2013 (Version: 13.0.2793)
AVG 2013 (Version: 2013.0.2793)
Java Auto Updater (Version: 2.0.7.2)
Java(TM) 6 Update 17 (64-bit) (Version: 6.0.170)
Java(TM) 6 Update 37 (Version: 6.0.370)

Then run this:
AVG Removal tool You must select the correct tool to match the version of AVG installed and the bit rate (32 or 64bit).

Then install this: Microsoft Security Essentials

Then go here: Adobe Downloads and select the latest version of Flash player, download and install it.

Then go here: Java Download download and install it.

Once done see how the download speed is. If no improvement, the next thing I would suggest is reinstalling the Ethernet driver, you will need the motherboard board make and model number or the make and model number of the PC. Let me have those details and I will try and find the driver for you.


----------



## mathew206 (Aug 7, 2012)

Hmm... guess my message did not go through. I uninstalled then reinstalled all adobe flash items and java items. I could not uninstall java auto updated as I could not find it. 

The AVG uninstall link did not provide the right version for the ones showing above.

I dled MSE. no improvement for dl speeds. How do I grab the mother board info? I think the computer is an HP Compaq 8200 Elite.


----------



## Mark1956 (May 7, 2011)

> The AVG uninstall link did not provide the right version for the ones showing above.


 You just need the uninstaller for version 2013 64bit.

Go to the Control Panel and click on Device Manager, click on the tab next to Network Adapters and note the full description of the Ethernet device.

Go here: http://www8.hp.com/uk/en/support-drivers.html click on drivers and software and type into the box compaq 8200. You will then see a list of matching products, you must chose the one that matches you PC's full model name and number.

On the next page select your version of Windows. Then click on Driver - Network. Download the one that matches what you found in the Device Manager, save it to the desktop. If it is an exe file just double click on it to install it, if it is a zip file extract it first.

I would also suggest you download and install the chipset drivers as they may well be a more up to date version.

If in doubt I will need the full name and model number of the PC and the details of the Ethernet device found in Device Manager.

NOTE: if you can't find an exact match for the model name click on the link at the bottom of the page for the American site.

NOTE 2: The log above shows this:

1 Drive c: (Windows7_OS) (Fixed) (Total:125.16 GB) (Free:42.52 GB) NTFS
2 Drive d: (Lenovo Recovery) (Fixed) (Total:23.23 GB) (Free:22.44 GB) NTFS

This appears to have a Lenova Recovery partition which should not be on an HP Compaq machine, any ideas on this?


----------



## mathew206 (Aug 7, 2012)

AVG is uninstalled. Speedtest had not improved.

I am attempting to dl the network adapters and chipset, but it may take awhile. 

The owner's brother prefers to use AVG (Since he is in IT, he will insist on putting it back. :/), is there a way to re-install AVG at some point?

For your note above, I believe the HD was taken from another computer which was a lenovo, therefore the lenovo partition and other lenovo programs/apps on the computer. 
I hope that answers that question?


----------



## Mark1956 (May 7, 2011)

> For your note above, I believe the HD was taken from another computer which was a lenovo, therefore the lenovo partition and other lenovo programs/apps on the computer.
> I hope that answers that question?


That could be the route of the problem as you are running all the drivers for a different PC and motherboard.

Installing the drivers for the correct PC should bring it back to life. You cannot expect a hard drive from another PC to run correctly on a different PC as the chipset drivers and most (if not all) of the hardware drivers will be wrong.

There may also be an issue here with the Windows Licence. The licence for Windows 7 on the Lenova PC is not transferable to another system.

As you have now stated that the owners brother is in IT, you clearly are not, and the policy on this site does not allow us to help with company owned PC's so this is where I have to stop giving assistance. The problems have to be left with your IT department.

I did ask about this in post 158:

_I would be glad to assist, but we do have a policy against helping with company PC's as they may have policies and restrictions applied to them by the IT department that our tools may remove. On the other hand, if you are responsible for the Network then please continue._

As you were happy to continue I assumed you were part of the IT department.


----------



## mathew206 (Aug 7, 2012)

Hi Mark, sorry, but I think I was not clear in my previous post. When I said the brother was in IT, I did not mean he works in the IT department or is the IT man for this business. He really only comes occasionally to look at things every now and then. He does work in an IT department for his day to day job (at another firm). Just to clarify, this is a small firm in which I do have permission to work on IT issues. 

If you still do not feel comfortable, let me know I understand. But if it's okay, I would also like to clarify a few other things. I did not swap the HD so I am not 100% sure what happened, but looking at the specs of the CPU, they still seem to match those of the HP Compaq. Correct me if I am wrong, but changing the HD shouldn't affect too much as long as the right chipset/ethernet drivers etc are still correct? For example, if a HD goes bad, and you replace the hard drive with a new one, it still works once you install all the drivers. Unless you are referring to Lenovo software that may have been preinstalled? 

Should I continue with installing the ethernet drivers? It finally completed downloading. 

Thanks again for your help, Mark. Even if we do not continue, it was definitely a pleasure working with you. I apologize for any confusion I may have caused.


----------



## Mark1956 (May 7, 2011)

Thanks for the explanation, I am happy to continue.

Please continue with installing the Ethernet drivers and we will see how things go.

One of my other concerns is the Windows Licence. The PC the hard drive came from will have an OEM licence for Windows which is not transferable to another PC. Does the problem PC have a licence sticker on it for the same version of Windows or do you have a volume licence for all the PC's used by the business.


----------



## mathew206 (Aug 7, 2012)

Hey Mark, I hope you had a wonderful holiday season and happy new year. I haven't been in the office for quite some time, but I am back and should be here more regularly. lol Today I installed the ethernet drivers. (sp57194.exe) DL speed has increased to about 3mpbs down and 11 up. However, another computer was getting 35Mbps down... so I think we are still lagged a bit. 

The Licenses have come from each machine as they are purchased, not a volume license. I shall wait for your response. Thanks!


----------



## Mark1956 (May 7, 2011)

Hi and Happy New Year to you. This could be tricky to sort out if the hard drive was transferred to another PC without reinstalling Windows as it will still have several hardware drivers installed on it that do not match the hardware in the system it has been moved to and the licence will be from another PC which may block the ability to get windows updates. 

At the end of the day it may be quicker to format the drive and reinstall windows using the licence assigned to the PC that the hard has been moved to. That will also make sure all the correct drivers get installed.


----------

