Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Trojan, rootkit, spyware- need to be gone pronto


  • This topic is locked This topic is locked
11 replies to this topic

#1 livethird

livethird

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 26 July 2012 - 03:56 PM

So far these have not affected my computer other than the occasional website redirection,and slowing of computer performance. I can't seem to figure it out myself, so I want to pass it on the experts of bleeping computer. Thanks in advance. Here is my Avast! Scan results
log attached.

Attached Files



BC AdBot (Login to Remove)

 


#2 livethird

livethird
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 27 July 2012 - 09:04 AM

bump

#3 livethird

livethird
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 27 July 2012 - 02:30 PM

bump

#4 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:15 PM

Posted 29 July 2012 - 03:58 PM

Hi,

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now, let's look more thoroughly at the infected computer -

We need to see some information about what is happening in your machine. Please perform the following scan:
  • We need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Once you have the above logs, click on the Add Reply button below, copy in the contents of the two OTL logs. Also include any comments that you might have concerning the infection(s) and the infected computer.
Shannon

#5 livethird

livethird
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 29 July 2012 - 05:58 PM

OTL logfile created on: 7/29/2012 5:24:46 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\jmiller\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.89 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 58.64% Memory free
7.77 Gb Paging File | 4.95 Gb Available in Paging File | 63.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.08 Gb Total Space | 241.59 Gb Free Space | 81.05% Space Free | Partition Type: NTFS

Computer Name: CSG-JMILLER | User Name: jmiller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/29 17:22:45 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\jmiller\Desktop\OTL.exe
PRC - [2012/07/27 14:15:23 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
PRC - [2012/07/17 14:54:50 | 000,079,384 | ---- | M] (Google) -- C:\Users\jmiller\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/07/13 19:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/06/27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/06/11 21:01:32 | 012,099,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe
PRC - [2012/05/23 08:57:30 | 000,871,608 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2012/05/23 08:54:42 | 000,371,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2012/05/11 17:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2012/04/05 11:11:18 | 001,144,704 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
PRC - [2012/04/03 11:00:24 | 000,051,128 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2012/03/27 08:50:02 | 001,808,992 | ---- | M] (We-Care.com) -- C:\ProgramData\WeCareReminder\ReminderHelper.exe
PRC - [2012/03/15 06:07:00 | 001,662,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2012/03/15 06:07:00 | 000,128,576 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2012/01/18 14:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/01/16 11:47:42 | 000,062,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2012/01/16 11:47:40 | 000,044,096 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2012/01/16 11:47:22 | 000,043,584 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/04 15:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/09/27 13:17:40 | 000,386,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
PRC - [2011/07/12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/06/17 12:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/02/07 16:15:38 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/01/17 10:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/01/17 10:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/20 22:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/11/18 16:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010/08/31 14:56:16 | 001,028,096 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/02/24 15:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/27 14:15:22 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
MOD - [2012/07/23 16:43:18 | 000,755,712 | ---- | M] () -- C:\Users\jmiller\AppData\Local\Microsoft\qnnsyopk.dll
MOD - [2012/07/13 19:17:14 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/17 22:14:29 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/17 22:14:23 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/10 20:27:48 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 20:27:34 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/09/26 14:22:42 | 002,085,888 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cv210.dll
MOD - [2011/09/26 14:22:40 | 002,201,088 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cxcore210.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/02/29 15:15:08 | 000,048,704 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2012/01/16 11:47:42 | 000,062,016 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2012/01/16 11:47:22 | 000,043,584 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/07/12 16:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2011/07/12 16:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2011/05/02 14:27:50 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/05/02 14:10:26 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/03/29 19:15:36 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/12/17 08:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010/08/12 14:18:40 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/27 14:15:26 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 19:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/10 13:56:15 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/05/11 17:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2012/03/15 06:07:00 | 001,662,528 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2012/03/15 06:07:00 | 000,320,576 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2012/03/15 06:07:00 | 000,165,440 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/17 12:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/02/07 16:15:38 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/01/17 10:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/01/17 10:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/18 16:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010/08/31 14:56:16 | 001,028,096 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/16 16:31:06 | 000,027,256 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FixTDSS.sys -- (FixTDSS)
DRV:64bit: - [2012/06/11 14:37:04 | 012,312,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/05/30 13:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/05/17 08:14:58 | 000,093,272 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2012/04/19 17:36:26 | 000,035,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012/04/19 17:36:26 | 000,025,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2012/03/15 06:07:00 | 000,029,512 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2012/03/15 06:07:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/29 15:14:48 | 000,042,312 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2012/01/11 12:30:58 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/12/26 20:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011/12/23 13:30:56 | 000,412,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/03 15:46:40 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/08/24 18:38:54 | 001,161,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/08/23 05:12:56 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/30 09:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2011/05/25 17:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2011/05/01 14:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/03/29 19:13:40 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011/03/29 19:11:48 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 18:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/07/29 13:31:26 | 000,168,544 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/07/29 13:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/07/29 13:31:26 | 000,126,320 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3866322837-1237756700-1768424464-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3866322837-1237756700-1768424464-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3866322837-1237756700-1768424464-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 9E 2B 0F 2B 2F CD 01 [binary data]
IE - HKU\S-1-5-21-3866322837-1237756700-1768424464-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3866322837-1237756700-1768424464-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3866322837-1237756700-1768424464-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3866322837-1237756700-1768424464-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3866322837-1237756700-1768424464-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3866322837-1237756700-1768424464-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 30 D2 98 54 4D CD 01 [binary data]
IE - HKU\S-1-5-21-3866322837-1237756700-1768424464-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3866322837-1237756700-1768424464-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3866322837-1237756700-1768424464-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112996&tt=060612_5_&babsrc=SP_ss&mntrId=54aa00700000000000000021ccc00c36
IE - HKU\S-1-5-21-3866322837-1237756700-1768424464-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\jmiller\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\jmiller\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jmiller\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jmiller\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/28 09:03:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/28 09:03:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/07/28 09:03:13 | 000,000,000 | ---D | M]

[2012/07/18 18:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jmiller\AppData\Roaming\mozilla\Extensions
[2012/07/26 10:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jmiller\AppData\Roaming\mozilla\Firefox\Profiles\opi4f4wq.default\extensions
[2012/07/18 18:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/26 10:37:38 | 000,170,990 | ---- | M] () (No name found) -- C:\USERS\JMILLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OPI4F4WQ.DEFAULT\EXTENSIONS\{36F56FE4-2739-371F-774B-70121B5D5F2E}.XPI
[1832/11/28 23:44:26 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\JMILLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OPI4F4WQ.DEFAULT\EXTENSIONS\BSGYDGKGMD@BSGYDGKGMD.ORG.XPI
[2012/07/13 19:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/11 20:59:16 | 000,031,848 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2012/06/23 20:22:50 | 000,002,352 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/07/13 19:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/13 19:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jmiller\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jmiller\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jmiller\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Wajam (Enabled) = C:\Users\jmiller\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\jmiller\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Lync 2010 Meeting Join Plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\jmiller\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\jmiller\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Citrix ICA Client (Enabled) = C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\windows\SysWOW64\npdeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\jmiller\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: We-Care Reminder = C:\Users\jmiller\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.25_0\

O1 HOSTS File: ([2012/07/19 15:31:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKU\S-1-5-21-3866322837-1237756700-1768424464-1000..\Run: [LogMeIn Hamachi] C:\Users\jmiller\AppData\Local\LSC\LogMeIn Hamachi\jilktbep.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3866322837-1237756700-1768424464-1003..\Run: [Microsoft] C:\Users\jmiller\AppData\Local\Microsoft\qnnsyopk.dll ()
O4 - HKU\S-1-5-21-3866322837-1237756700-1768424464-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3866322837-1237756700-1768424464-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3866322837-1237756700-1768424464-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3866322837-1237756700-1768424464-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3866322837-1237756700-1768424464-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3866322837-1237756700-1768424464-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3866322837-1237756700-1768424464-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75D8EA00-D8AA-4BD6-B7E8-BF677311B583}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B364C4B5-2BFB-437D-AEBA-4292A45E6E7B}: DhcpNameServer = 172.27.35.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O30:64bit: - LSA: Security Packages - (msoidssp) - C:\windows\SysNative\msoidssp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (msoidssp) - C:\windows\SysWow64\msoidssp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: autodstr - (C:\windows\system32\cscrkill.dll) - C:\Windows\SysWOW64\cscrkill.dll (MOES-SOUTHWEST-GRILL-(HSD))
O36 - AppCertDlls: clicfind - (C:\windows\system32\cscrkill64.dll) - File not found
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/29 17:22:36 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\jmiller\Desktop\OTL.exe
[2012/07/27 10:45:30 | 009,821,896 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2012/07/26 14:33:29 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\jmiller\Desktop\aswMBR.exe
[2012/07/26 13:55:53 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\jmiller\Desktop\tdsskiller.exe
[2012/07/20 13:52:06 | 000,000,000 | ---D | C] -- C:\Sprint Expenses
[2012/07/19 15:37:12 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/07/19 15:31:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/19 15:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/19 15:18:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2012/07/19 15:18:16 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/07/19 15:17:57 | 004,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\jmiller\Desktop\mbam-setup.exe
[2012/07/19 15:15:31 | 004,582,475 | R--- | C] (Swearware) -- C:\Users\jmiller\Desktop\username543.exe
[2012/07/19 15:07:35 | 000,100,104 | ---- | C] (Kaspersky Lab) -- C:\Users\jmiller\Desktop\KatesKiller.exe
[2012/07/19 13:32:24 | 000,090,112 | ---- | C] (Sutterlüty-Klagian-Brändle-Lercher Rechtsanwälte) -- C:\windows\cscrkill.dll
[2012/07/19 13:32:24 | 000,090,112 | ---- | C] (Dodo Australia ISPDSL Provider) -- C:\windows\cscrkill64.dll
[2012/07/19 10:55:33 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\jmiller\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/19 10:38:39 | 000,000,000 | RHSD | C] -- C:\RRbackups
[2012/07/19 10:25:03 | 000,097,792 | ---- | C] (Turbo Net Bilisim Teknolojileri San. Ve Tic. A.S) -- C:\windows\SysNative\cscrkill64.dll
[2012/07/19 10:25:03 | 000,087,552 | ---- | C] (MOES-SOUTHWEST-GRILL-(HSD)) -- C:\windows\SysWow64\cscrkill.dll
[2012/07/19 09:52:33 | 000,118,520 | ---- | C] (Sonic Solutions) -- C:\windows\SysWow64\pxinsi64.exe
[2012/07/19 09:52:33 | 000,116,472 | ---- | C] (Sonic Solutions) -- C:\windows\SysWow64\pxcpyi64.exe
[2012/07/19 09:52:33 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\windows\SysWow64\pxinsa64.exe
[2012/07/19 09:52:33 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\windows\SysWow64\pxcpya64.exe
[2012/07/19 09:52:32 | 001,628,920 | ---- | C] (Sonic Solutions) -- C:\windows\SysWow64\pxsfs.dll
[2012/07/19 09:52:32 | 000,547,576 | ---- | C] (Sonic Solutions) -- C:\windows\SysWow64\px.dll
[2012/07/19 09:52:32 | 000,510,712 | ---- | C] (Sonic Solutions) -- C:\windows\SysWow64\pxdrv.dll
[2012/07/19 09:52:32 | 000,379,640 | ---- | C] (Sonic Solutions) -- C:\windows\SysWow64\pxwave.dll
[2012/07/19 09:52:32 | 000,187,128 | ---- | C] (Sonic Solutions) -- C:\windows\SysWow64\pxmas.dll
[2012/07/19 09:52:32 | 000,129,784 | ---- | C] (Sonic Solutions) -- C:\windows\SysWow64\pxafs.dll
[2012/07/19 09:52:32 | 000,072,440 | ---- | C] (Sonic Solutions) -- C:\windows\SysWow64\pxhpinst.exe
[2012/07/19 09:52:32 | 000,039,672 | ---- | C] (Sonic Solutions) -- C:\windows\SysWow64\vxblock.dll
[2012/07/19 09:51:32 | 000,000,000 | ---D | C] -- C:\SWSHARE
[2012/07/18 18:48:36 | 000,000,000 | ---D | C] -- C:\Users\jmiller\AppData\Roaming\Mozilla
[2012/07/18 15:52:12 | 000,000,000 | ---D | C] -- C:\ldiag
[2012/07/18 06:06:53 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/07/17 21:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/07/17 21:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/07/17 16:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/07/17 16:31:16 | 018,622,664 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\jmiller\Desktop\SUPERAntiSpyware.exe
[2012/07/17 14:52:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/07/17 14:52:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/07/17 14:52:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/07/17 14:52:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/17 14:51:52 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/07/17 10:52:06 | 018,617,408 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\jmiller\Desktop\SUPERAntiSpyware2.exe.4v3tqab.partial
[2012/07/17 10:29:24 | 000,000,000 | ---D | C] -- C:\Users\jmiller\AppData\Roaming\Malwarebytes
[2012/07/17 08:53:16 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\49587707.sys
[2012/07/16 23:29:35 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/16 17:23:55 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/07/16 16:35:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/16 16:30:10 | 000,000,000 | ---D | C] -- C:\Users\jmiller\AppData\Roaming\FixTDSS
[2012/07/16 16:30:08 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\FixTDSS.sys
[2012/07/16 16:21:20 | 000,000,000 | ---D | C] -- C:\Users\jmiller\AppData\Local\LSC
[2012/07/16 15:35:55 | 000,068,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\stream.sys
[2012/07/16 15:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
[2012/07/16 15:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Corporation
[2012/07/16 15:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel Corporation
[2012/07/16 15:31:05 | 000,000,000 | ---D | C] -- C:\Users\jmiller\AppData\Roaming\LSC
[2012/07/16 15:30:42 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
[2012/07/16 15:30:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012/07/16 15:28:35 | 009,014,784 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxress.dll
[2012/07/16 15:28:35 | 000,506,688 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxsrvc.exe
[2012/07/16 15:28:35 | 000,378,368 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxTMM.dll
[2012/07/16 15:28:35 | 000,376,832 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\iglhsip64.dll
[2012/07/16 15:28:35 | 000,376,832 | ---- | C] (Intel Corporation) -- C:\windows\SysWow64\iglhsip32.dll
[2012/07/16 15:28:35 | 000,287,232 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrfra.lrc
[2012/07/16 15:28:35 | 000,287,232 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxresn.lrc
[2012/07/16 15:28:35 | 000,287,232 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrell.lrc
[2012/07/16 15:28:35 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrsky.lrc
[2012/07/16 15:28:35 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrrus.lrc
[2012/07/16 15:28:35 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrrom.lrc
[2012/07/16 15:28:35 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrptg.lrc
[2012/07/16 15:28:35 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrplk.lrc
[2012/07/16 15:28:35 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrnld.lrc
[2012/07/16 15:28:35 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrita.lrc
[2012/07/16 15:28:35 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrhrv.lrc
[2012/07/16 15:28:35 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrtrk.lrc
[2012/07/16 15:28:35 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrsve.lrc
[2012/07/16 15:28:35 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrslv.lrc
[2012/07/16 15:28:35 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrptb.lrc
[2012/07/16 15:28:35 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrnor.lrc
[2012/07/16 15:28:35 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrhun.lrc
[2012/07/16 15:28:35 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrfin.lrc
[2012/07/16 15:28:35 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrtha.lrc
[2012/07/16 15:28:35 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrenu.lrc
[2012/07/16 15:28:35 | 000,285,184 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrheb.lrc
[2012/07/16 15:28:35 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrjpn.lrc
[2012/07/16 15:28:35 | 000,283,136 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrkor.lrc
[2012/07/16 15:28:35 | 000,167,744 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxtray.exe
[2012/07/16 15:28:35 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\iglhcp64.dll
[2012/07/16 15:28:35 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\windows\SysWow64\iglhcp32.dll
[2012/07/16 15:28:35 | 000,090,112 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxCoIn_v2769.dll
[2012/07/16 15:28:34 | 012,312,832 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\drivers\igdkmd64.sys
[2012/07/16 15:28:34 | 008,314,368 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igdumd64.dll
[2012/07/16 15:28:34 | 002,780,160 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxcmjit64.dll
[2012/07/16 15:28:34 | 002,191,872 | ---- | C] (Intel Corporation) -- C:\windows\SysWow64\igfxcmjit32.dll
[2012/07/16 15:28:34 | 000,417,088 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxpers.exe
[2012/07/16 15:28:34 | 000,376,320 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxpph.dll
[2012/07/16 15:28:34 | 000,293,888 | ---- | C] (Intel Corporation) -- C:\windows\SysWow64\igfxdv32.dll
[2012/07/16 15:28:34 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrdeu.lrc
[2012/07/16 15:28:34 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrcsy.lrc
[2012/07/16 15:28:34 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrdan.lrc
[2012/07/16 15:28:34 | 000,285,184 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrara.lrc
[2012/07/16 15:28:34 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrcht.lrc
[2012/07/16 15:28:34 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxrchs.lrc
[2012/07/16 15:28:34 | 000,246,784 | ---- | C] (Intel Corporation) -- C:\windows\SysWow64\igfxcmrt32.dll
[2012/07/16 15:28:34 | 000,239,936 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxext.exe
[2012/07/16 15:28:34 | 000,219,136 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxcmrt64.dll
[2012/07/16 15:28:34 | 000,142,336 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxdo.dll
[2012/07/16 15:28:34 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\igfxcpl.cpl
[2012/07/16 15:28:34 | 000,024,576 | ---- | C] (Intel Corporation) -- C:\windows\SysWow64\igfxexps32.dll
[2012/07/16 15:28:33 | 018,675,712 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\ig4icd64.dll
[2012/07/16 15:28:32 | 004,378,944 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\GfxUI.exe
[2012/07/16 15:28:32 | 000,392,512 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\hkcmd.exe
[2012/07/16 15:28:32 | 000,146,432 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\gfxSrvc.dll
[2012/07/16 15:28:31 | 000,184,640 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\difx64.exe
[2012/07/16 15:28:18 | 000,569,152 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\drivers\iaStor.sys
[2012/07/16 15:07:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/07/16 15:07:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/07/16 15:07:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/07/16 15:07:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/07/16 15:07:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/07/16 15:07:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/07/16 15:07:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/07/16 15:07:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/07/16 15:07:14 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/07/16 15:07:14 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/07/16 15:07:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/07/16 15:07:14 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/07/16 15:07:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/07/16 14:05:09 | 000,000,000 | -H-D | C] -- C:\Users\jmiller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery
[2012/07/13 11:11:46 | 000,000,000 | -H-D | C] -- C:\Users\jmiller\Tableau
[2012/07/12 10:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012/07/12 10:11:41 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\windows\SysWow64\BRCrypt.dll
[2012/07/12 10:11:41 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\BrFaxRx
[2012/07/12 10:11:39 | 000,255,488 | ---- | C] (brother) -- C:\windows\SysNative\NSSRH64.dll
[2012/07/12 10:11:39 | 000,179,712 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysNative\BrfxDA5b.dll
[2012/07/12 10:11:39 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\windows\SysWow64\BrMfNt.dll
[2012/07/12 10:11:39 | 000,083,968 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysNative\BrNetSti.dll
[2012/07/12 10:11:39 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\windows\SysWow64\BrDctF2.dll
[2012/07/12 10:11:39 | 000,059,392 | ---- | C] (Brother Industries,Ltd.) -- C:\windows\SysNative\BrWiaNCp.dll
[2012/07/12 10:11:39 | 000,048,640 | ---- | C] (Brother Industries,Ltd) -- C:\windows\SysNative\Brnsplg.dll
[2012/07/12 10:11:39 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\windows\SysWow64\BrDctF2L.dll
[2012/07/12 10:11:39 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\windows\SysWow64\BrDctF2S.dll
[2012/07/12 10:11:38 | 001,560,576 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysNative\BrWi209c.dll
[2012/07/12 10:11:37 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\BROSNMP.DLL
[2012/07/12 10:11:37 | 000,103,736 | ---- | C] (Brother Industries Ltd) -- C:\windows\SysWow64\BRRBTOOL.EXE
[2012/07/12 10:11:37 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\BRLMW03A.DLL
[2012/07/12 10:11:37 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\windows\SysWow64\BRLM03A.DLL
[2012/07/12 10:10:58 | 000,167,936 | ---- | C] (brother) -- C:\windows\SysWow64\NSSearch.dll
[2012/07/12 10:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2012/07/12 10:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2012/07/12 10:09:53 | 000,000,000 | -H-D | C] -- C:\Users\jmiller\AppData\Roaming\InstallShield
[2012/07/11 15:02:08 | 000,000,000 | ---D | C] -- C:\Users\jmiller\Desktop\ide
[2012/07/11 11:52:41 | 000,002,048 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2012/07/11 11:52:41 | 000,002,048 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2012/07/11 11:52:36 | 000,307,200 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2012/07/11 11:52:34 | 001,133,568 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll
[2012/07/11 11:52:34 | 000,805,376 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll
[2012/07/10 13:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/07/10 13:56:22 | 000,000,000 | -H-D | C] -- C:\Users\jmiller\Documents\My Tableau Repository
[2012/07/10 13:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012/07/10 13:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tableau
[2012/07/03 13:11:20 | 000,000,000 | -H-D | C] -- C:\Users\jmiller\Documents\My SAS Files
[2012/07/02 15:20:44 | 000,000,000 | ---D | C] -- C:\Users\jmiller\AppData\Roaming\ICAClient
[2012/07/02 15:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2012/07/02 15:20:20 | 000,000,000 | ---D | C] -- C:\Users\jmiller\AppData\Local\Citrix
[2012/07/02 15:20:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Citrix
[2012/07/02 15:20:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012/07/02 15:19:38 | 031,476,912 | ---- | C] (Citrix Systems, Inc.) -- C:\Users\jmiller\Documents\CitrixReceiver.exe
[2012/07/02 15:19:30 | 000,000,000 | -H-D | C] -- C:\Users\jmiller\AppData\Roaming\Download Manager
[2012/07/02 15:19:20 | 000,000,000 | -H-D | C] -- C:\windows\Sun

========== Files - Modified Within 30 Days ==========

[2012/07/29 17:22:45 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\jmiller\Desktop\OTL.exe
[2012/07/29 17:20:43 | 000,000,864 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3866322837-1237756700-1768424464-1003Core.job
[2012/07/29 17:17:50 | 000,022,432 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 17:17:50 | 000,022,432 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 17:11:12 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3866322837-1237756700-1768424464-1003UA.job
[2012/07/29 17:10:48 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/29 17:10:26 | 000,000,514 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 7c5e1f43-597c-4329-8cca-17ad6fc35bf0.job
[2012/07/29 17:10:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/29 04:59:45 | 000,000,514 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 3ab6b76a-f821-466b-ab63-55694e2bc0b0.job
[2012/07/28 14:32:07 | 000,730,408 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/07/28 14:32:07 | 000,627,300 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/07/28 14:32:07 | 000,107,584 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/07/28 14:27:46 | 3129,397,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/27 14:15:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/07/27 14:15:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/27 13:45:21 | 009,821,896 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2012/07/26 14:50:54 | 000,000,512 | ---- | M] () -- C:\Users\jmiller\Desktop\MBR.dat
[2012/07/26 14:33:55 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\jmiller\Desktop\aswMBR.exe
[2012/07/26 13:56:10 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\jmiller\Desktop\tdsskiller.exe
[2012/07/26 10:24:24 | 000,097,792 | ---- | M] (Turbo Net Bilisim Teknolojileri San. Ve Tic. A.S) -- C:\windows\SysNative\cscrkill64.dll
[2012/07/26 10:24:24 | 000,087,552 | ---- | M] (MOES-SOUTHWEST-GRILL-(HSD)) -- C:\windows\SysWow64\cscrkill.dll
[2012/07/25 13:02:05 | 000,001,305 | ---- | M] () -- C:\Users\jmiller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/07/20 13:52:32 | 000,464,046 | ---- | M] () -- C:\sprintbilljuly2012.pdf
[2012/07/19 15:31:52 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/07/19 15:18:00 | 004,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\jmiller\Desktop\mbam-setup.exe
[2012/07/19 15:15:49 | 004,582,475 | R--- | M] (Swearware) -- C:\Users\jmiller\Desktop\username543.exe
[2012/07/19 13:32:24 | 000,090,112 | ---- | M] (Sutterlüty-Klagian-Brändle-Lercher Rechtsanwälte) -- C:\windows\cscrkill.dll
[2012/07/19 13:32:24 | 000,090,112 | ---- | M] (Dodo Australia ISPDSL Provider) -- C:\windows\cscrkill64.dll
[2012/07/19 13:27:19 | 000,302,592 | ---- | M] () -- C:\Users\jmiller\Desktop\knts3bpw.exe
[2012/07/19 10:57:52 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\jmiller\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/19 10:36:24 | 508,055,546 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/07/19 09:48:16 | 000,379,640 | ---- | M] (Sonic Solutions) -- C:\windows\SysWow64\pxwave.dll
[2012/07/19 09:48:16 | 000,187,128 | ---- | M] (Sonic Solutions) -- C:\windows\SysWow64\pxmas.dll
[2012/07/19 09:48:15 | 000,510,712 | ---- | M] (Sonic Solutions) -- C:\windows\SysWow64\pxdrv.dll
[2012/07/19 09:48:15 | 000,129,784 | ---- | M] (Sonic Solutions) -- C:\windows\SysWow64\pxafs.dll
[2012/07/19 09:48:15 | 000,118,520 | ---- | M] (Sonic Solutions) -- C:\windows\SysWow64\pxinsi64.exe
[2012/07/19 09:48:15 | 000,116,472 | ---- | M] (Sonic Solutions) -- C:\windows\SysWow64\pxcpyi64.exe
[2012/07/19 09:48:15 | 000,072,440 | ---- | M] (Sonic Solutions) -- C:\windows\SysWow64\pxhpinst.exe
[2012/07/19 09:48:15 | 000,064,760 | ---- | M] (Sonic Solutions) -- C:\windows\SysWow64\pxinsa64.exe
[2012/07/19 09:48:15 | 000,064,760 | ---- | M] (Sonic Solutions) -- C:\windows\SysWow64\pxcpya64.exe
[2012/07/19 09:48:14 | 001,628,920 | ---- | M] (Sonic Solutions) -- C:\windows\SysWow64\pxsfs.dll
[2012/07/19 09:48:14 | 000,547,576 | ---- | M] (Sonic Solutions) -- C:\windows\SysWow64\px.dll
[2012/07/19 09:48:13 | 000,039,672 | ---- | M] (Sonic Solutions) -- C:\windows\SysWow64\vxblock.dll
[2012/07/18 18:48:32 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/17 16:31:30 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/17 16:31:05 | 018,622,664 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\jmiller\Desktop\SUPERAntiSpyware.exe
[2012/07/17 10:52:17 | 018,617,408 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\jmiller\Desktop\SUPERAntiSpyware2.exe.4v3tqab.partial
[2012/07/17 08:53:16 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\49587707.sys
[2012/07/16 23:30:12 | 000,000,378 | ---- | M] () -- C:\Users\jmiller\Desktop\Removable Disk (E) - Shortcut.lnk
[2012/07/16 16:31:06 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\FixTDSS.sys
[2012/07/16 15:34:40 | 000,015,390 | ---- | M] () -- C:\windows\SysNative\results.xml
[2012/07/16 15:33:40 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_iwdbus_01009.Wdf
[2012/07/16 15:33:09 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Intel® WiDi.lnk
[2012/07/16 15:13:54 | 000,416,760 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/07/12 10:12:35 | 000,000,257 | ---- | M] () -- C:\windows\Brpfx04a.ini
[2012/07/12 10:12:35 | 000,000,094 | ---- | M] () -- C:\windows\brpcfx.ini
[2012/07/12 10:12:14 | 000,000,410 | ---- | M] () -- C:\windows\BRWMARK.INI
[2012/07/12 10:11:41 | 000,000,066 | ---- | M] () -- C:\windows\Brfaxrx.ini
[2012/07/12 10:11:41 | 000,000,050 | ---- | M] () -- C:\windows\SysNative\BD9125CN.DAT
[2012/07/10 13:56:14 | 000,001,270 | ---- | M] () -- C:\Users\Public\Desktop\Tableau 7.0.lnk
[2012/07/05 13:16:42 | 000,000,600 | -H-- | M] () -- C:\Users\jmiller\AppData\Roaming\winscp.rnd
[2012/07/03 16:02:48 | 000,002,004 | -H-- | M] () -- C:\Users\jmiller\Documents\Default.rdp
[2012/07/03 14:01:02 | 000,000,600 | -H-- | M] () -- C:\Users\jmiller\AppData\Local\PUTTY.RND
[2012/07/02 15:19:57 | 031,476,912 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\jmiller\Documents\CitrixReceiver.exe
[2012/07/02 12:59:54 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2012/07/26 14:50:54 | 000,000,512 | ---- | C] () -- C:\Users\jmiller\Desktop\MBR.dat
[2012/07/20 13:52:32 | 000,464,046 | ---- | C] () -- C:\sprintbilljuly2012.pdf
[2012/07/19 13:27:17 | 000,302,592 | ---- | C] () -- C:\Users\jmiller\Desktop\knts3bpw.exe
[2012/07/18 18:48:32 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/17 16:31:42 | 000,000,514 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 7c5e1f43-597c-4329-8cca-17ad6fc35bf0.job
[2012/07/17 16:31:42 | 000,000,514 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 3ab6b76a-f821-466b-ab63-55694e2bc0b0.job
[2012/07/17 16:31:30 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/17 14:52:07 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/07/17 14:52:07 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/07/17 14:52:07 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/07/17 14:52:07 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/07/17 14:52:07 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/07/16 23:30:12 | 000,000,378 | ---- | C] () -- C:\Users\jmiller\Desktop\Removable Disk (E) - Shortcut.lnk
[2012/07/16 17:23:50 | 508,055,546 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/07/16 15:33:40 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_iwdbus_01009.Wdf
[2012/07/16 15:33:09 | 000,002,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® WiDi.lnk
[2012/07/16 15:33:09 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Intel® WiDi.lnk
[2012/07/16 15:28:35 | 001,981,696 | ---- | C] () -- C:\windows\SysNative\iglhxa64.cpa
[2012/07/16 15:28:35 | 000,963,884 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/07/16 15:28:35 | 000,963,884 | ---- | C] () -- C:\windows\SysNative\igkrng600.bin
[2012/07/16 15:28:35 | 000,059,243 | ---- | C] () -- C:\windows\SysNative\iglhxo64.vp
[2012/07/16 15:28:35 | 000,059,174 | ---- | C] () -- C:\windows\SysNative\iglhxg64.vp
[2012/07/16 15:28:35 | 000,059,062 | ---- | C] () -- C:\windows\SysNative\iglhxc64.vp
[2012/07/16 15:28:35 | 000,017,440 | ---- | C] () -- C:\windows\SysNative\iglhxs64.vp
[2012/07/16 15:28:35 | 000,001,074 | ---- | C] () -- C:\windows\SysNative\iglhxa64.vp
[2012/07/16 15:28:34 | 000,221,264 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/07/16 15:28:34 | 000,221,264 | ---- | C] () -- C:\windows\SysNative\igfcg600m.bin
[2012/07/16 15:28:34 | 000,075,776 | ---- | C] () -- C:\windows\SysNative\igdde64.dll
[2012/07/16 15:28:34 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/07/16 15:28:34 | 000,004,096 | ---- | C] ( ) -- C:\windows\SysNative\IGFXDEVLib.dll
[2012/07/16 15:28:32 | 013,913,600 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012/07/16 15:28:32 | 000,211,303 | ---- | C] () -- C:\windows\SysNative\Gfxres.th-TH.resources
[2012/07/16 15:28:32 | 000,182,706 | ---- | C] () -- C:\windows\SysNative\Gfxres.ru-RU.resources
[2012/07/16 15:28:32 | 000,153,167 | ---- | C] () -- C:\windows\SysNative\Gfxres.ja-JP.resources
[2012/07/16 15:28:32 | 000,149,009 | ---- | C] () -- C:\windows\SysNative\Gfxres.he-IL.resources
[2012/07/16 15:28:32 | 000,140,216 | ---- | C] () -- C:\windows\SysNative\Gfxres.it-IT.resources
[2012/07/16 15:28:32 | 000,138,727 | ---- | C] () -- C:\windows\SysNative\Gfxres.ko-KR.resources
[2012/07/16 15:28:32 | 000,137,668 | ---- | C] () -- C:\windows\SysNative\Gfxres.es-ES.resources
[2012/07/16 15:28:32 | 000,136,603 | ---- | C] () -- C:\windows\SysNative\Gfxres.ro-RO.resources
[2012/07/16 15:28:32 | 000,135,628 | ---- | C] () -- C:\windows\SysNative\Gfxres.fr-FR.resources
[2012/07/16 15:28:32 | 000,135,370 | ---- | C] () -- C:\windows\SysNative\Gfxres.tr-TR.resources
[2012/07/16 15:28:32 | 000,134,836 | ---- | C] () -- C:\windows\SysNative\Gfxres.pt-BR.resources
[2012/07/16 15:28:32 | 000,134,412 | ---- | C] () -- C:\windows\SysNative\Gfxres.nl-NL.resources
[2012/07/16 15:28:32 | 000,134,384 | ---- | C] () -- C:\windows\SysNative\Gfxres.hu-HU.resources
[2012/07/16 15:28:32 | 000,133,846 | ---- | C] () -- C:\windows\SysNative\Gfxres.sv-SE.resources
[2012/07/16 15:28:32 | 000,133,709 | ---- | C] () -- C:\windows\SysNative\Gfxres.pt-PT.resources
[2012/07/16 15:28:32 | 000,133,178 | ---- | C] () -- C:\windows\SysNative\Gfxres.pl-PL.resources
[2012/07/16 15:28:32 | 000,132,889 | ---- | C] () -- C:\windows\SysNative\Gfxres.fi-FI.resources
[2012/07/16 15:28:32 | 000,132,788 | ---- | C] () -- C:\windows\SysNative\Gfxres.sk-SK.resources
[2012/07/16 15:28:32 | 000,131,839 | ---- | C] () -- C:\windows\SysNative\Gfxres.hr-HR.resources
[2012/07/16 15:28:32 | 000,128,996 | ---- | C] () -- C:\windows\SysNative\Gfxres.sl-SI.resources
[2012/07/16 15:28:32 | 000,128,831 | ---- | C] () -- C:\windows\SysNative\Gfxres.nb-NO.resources
[2012/07/16 15:28:32 | 000,117,636 | ---- | C] () -- C:\windows\SysNative\Gfxres.zh-TW.resources
[2012/07/16 15:28:32 | 000,116,348 | ---- | C] () -- C:\windows\SysNative\Gfxres.zh-CN.resources
[2012/07/16 15:28:32 | 000,000,146 | ---- | C] () -- C:\windows\SysNative\GfxUI.exe.config
[2012/07/16 15:28:31 | 000,198,139 | ---- | C] () -- C:\windows\SysNative\Gfxres.el-GR.resources
[2012/07/16 15:28:31 | 000,156,233 | ---- | C] () -- C:\windows\SysNative\Gfxres.ar-SA.resources
[2012/07/16 15:28:31 | 000,137,846 | ---- | C] () -- C:\windows\SysNative\Gfxres.de-DE.resources
[2012/07/16 15:28:31 | 000,133,404 | ---- | C] () -- C:\windows\SysNative\Gfxres.cs-CZ.resources
[2012/07/16 15:28:31 | 000,128,535 | ---- | C] () -- C:\windows\SysNative\Gfxres.da-DK.resources
[2012/07/16 15:28:31 | 000,124,052 | ---- | C] () -- C:\windows\SysNative\Gfxres.en-US.resources
[2012/07/16 15:18:57 | 000,001,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/12 10:12:35 | 000,000,257 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2012/07/12 10:12:35 | 000,000,094 | ---- | C] () -- C:\windows\brpcfx.ini
[2012/07/12 10:12:14 | 000,000,410 | ---- | C] () -- C:\windows\BRWMARK.INI
[2012/07/12 10:11:41 | 000,000,050 | ---- | C] () -- C:\windows\SysNative\BD9125CN.DAT
[2012/07/12 10:11:39 | 000,143,360 | ---- | C] () -- C:\windows\SysNative\BrSNMP64.dll
[2012/07/12 10:11:39 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\BrMuSNMP.dll
[2012/07/12 10:11:39 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini
[2012/07/12 10:11:39 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat
[2012/07/12 10:11:37 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL
[2012/07/12 10:11:37 | 000,000,050 | ---- | C] () -- C:\windows\SysNative\BRADC08A.DAT
[2012/07/12 10:10:57 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI
[2012/07/10 13:56:14 | 000,001,282 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tableau 7.0.lnk
[2012/07/10 13:56:14 | 000,001,270 | ---- | C] () -- C:\Users\Public\Desktop\Tableau 7.0.lnk
[2012/07/03 09:09:26 | 000,002,004 | -H-- | C] () -- C:\Users\jmiller\Documents\Default.rdp
[2012/07/02 15:20:58 | 000,001,517 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
[2012/07/02 12:59:54 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/06/20 10:59:14 | 000,000,151 | ---- | C] () -- C:\windows\ODBC.INI
[2012/06/20 09:06:13 | 000,024,576 | ---- | C] () -- C:\windows\SysWow64\NTEventLogAppender.dll
[2012/06/19 12:46:23 | 000,743,682 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/06/18 09:49:37 | 000,001,755 | ---- | C] () -- C:\windows\SysWow64\saprfc.ini
[2012/06/15 15:25:08 | 000,000,600 | -H-- | C] () -- C:\Users\jmiller\AppData\Roaming\winscp.rnd
[2012/06/12 16:12:08 | 000,000,600 | -H-- | C] () -- C:\Users\jmiller\AppData\Local\PUTTY.RND
[2011/03/07 04:50:36 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

< End of report >

#6 livethird

livethird
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 29 July 2012 - 06:00 PM

OTL Extras logfile created on: 7/29/2012 5:24:46 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\jmiller\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.89 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 58.64% Memory free
7.77 Gb Paging File | 4.95 Gb Available in Paging File | 63.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.08 Gb Total Space | 241.59 Gb Free Space | 81.05% Space Free | Partition Type: NTFS

Computer Name: CSG-JMILLER | User Name: jmiller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3866322837-1237756700-1768424464-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{060A0EB3-F27C-46AC-9C40-516E2CE96E6C}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{06D8693A-949A-440E-A5C8-CDC06D6CC9F1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B6DE60-1C07-46C8-9FE7-1BE6AB11F3B3}" = protocol=6 | dir=in | app=c:\program files\superantispyware\superantispyware.exe |
"{02DCEE80-4A97-40B3-8615-86F62D87967B}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{02F8419C-C31E-4438-BCC4-FCF763A500FC}" = protocol=17 | dir=in | app=c:\program files\superantispyware\superantispyware.exe |
"{0C8A4827-819E-465F-8598-7CBD13C3A80E}" = protocol=17 | dir=in | app=c:\users\jmiller\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{18BBD0D5-41B4-4CF7-AF2F-B2B746798985}" = protocol=6 | dir=in | app=c:\program files\superantispyware\runsas.exe |
"{1CA3D934-AC7F-48D6-89D7-9316C9D361AB}" = dir=in | app=c:\program files\microsoft lync\ucmapi64.exe |
"{22E43E01-9249-44E6-98DF-DDA74691D647}" = protocol=17 | dir=in | app=c:\informatica\9.1.0\clients\powercenterclient\client\bin\pmwfmntr.exe |
"{25038314-CBDC-4920-BC62-555C81604CF2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2AB647C9-89B8-4F17-AF05-F70BB4B8300A}" = protocol=17 | dir=in | app=c:\users\jmiller\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{2C84A2BD-86B2-4E38-ACB9-7E3FDB39C306}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{3ED8767F-D35F-4C81-9F77-C7890C2AD44F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3F2557CC-89BA-429F-AC2F-4C91AA41BCF6}" = protocol=6 | dir=in | app=c:\informatica\9.1.0\clients\powercenterclient\client\bin\pmwfmntr.exe |
"{47380AA6-4E31-4963-811E-B55568620062}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{4AB1C2F6-B456-437E-A465-6D93FAE66B92}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{5137C0E9-FB3B-4962-A274-10EAF76C0087}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{54E0D73D-AE5C-416E-BDCF-6C201494647B}" = protocol=6 | dir=in | app=c:\users\jmiller\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{5A2C3071-C229-4DC0-ABFA-26284A71BFA8}" = protocol=17 | dir=in | app=c:\users\jmiller\appdata\local\temp\orainstall2012-06-18_10-12-20am\jdk\jre\bin\javaw.exe |
"{808F8F9A-59E6-4DCD-8A82-1A8EA0A4179F}" = protocol=6 | dir=in | app=c:\users\jmiller\appdata\local\temp\orainstall2012-06-20_10-54-35am\jdk\jre\bin\javaw.exe |
"{8308B356-13E7-4208-9ABC-34D840DD0681}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{85E14218-80BA-40F4-A8E0-415E546D8699}" = protocol=6 | dir=in | app=c:\informatica\9.1.0\clients\powercenterclient\client\bin\pmwflmgr.exe |
"{9AC8DD37-D810-4759-8370-F6FB23703483}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08j\faxrx.exe |
"{9D804A51-1441-4831-941E-A7DF8236D02D}" = protocol=17 | dir=in | app=c:\informatica\9.1.0\clients\java\bin\javaw.exe |
"{9DE1CC23-BD83-45C9-ACC3-9D3459C47C9D}" = protocol=6 | dir=in | app=c:\users\jmiller\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A3FE0827-9257-4265-9DDC-55E829AD6454}" = protocol=17 | dir=in | app=c:\program files\superantispyware\runsas.exe |
"{A93C4142-0CB0-4282-AE69-A59754BFCA08}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{B4D069E4-95C2-4D60-8E27-3D536FD92629}" = protocol=6 | dir=in | app=c:\users\jmiller\appdata\local\temp\orainstall2012-06-18_10-12-20am\jdk\jre\bin\javaw.exe |
"{B66265C9-721F-47AA-878C-CB8D1E2EA71C}" = protocol=17 | dir=in | app=c:\users\jmiller\appdata\local\temp\orainstall2012-06-20_10-54-35am\jdk\jre\bin\javaw.exe |
"{BB2EA545-3475-469F-B6B3-C616828A726E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BE571960-534E-4870-9F6A-6A53E9615C23}" = protocol=6 | dir=in | app=c:\informatica\9.1.0\clients\java\bin\javaw.exe |
"{BE9373D7-6AEA-4B68-8769-4D3EB235DCF6}" = dir=in | app=c:\program files (x86)\microsoft lync\ucmapi.exe |
"{CAA0DD59-14EF-495F-A15E-3E48EF1C0420}" = protocol=6 | dir=in | app=c:\program files\superantispyware\ssupdate64.exe |
"{CBFC962A-C84D-4438-BBE6-546E47F25297}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{DDCB584E-340E-4746-9950-973B7D22A374}" = protocol=17 | dir=in | app=c:\program files\superantispyware\ssupdate64.exe |
"{DE40EC5F-0C53-4B79-8937-55308383188D}" = dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe |
"{DF929472-C86C-4F5D-BB21-320692D1DA1E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{E2E7A4BE-73C7-4004-B28E-0FAEFA42C590}" = protocol=17 | dir=in | app=c:\informatica\9.1.0\clients\powercenterclient\client\bin\pmwflmgr.exe |
"{E5792825-CD5B-45E3-B143-6BB338CD7139}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08j\faxrx.exe |
"TCP Query User{2EB29696-1E83-4EC3-97E8-82FCF445185D}C:\users\jmiller\appdata\local\temp\orainstall2012-06-20_10-54-35am\jdk\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\jmiller\appdata\local\temp\orainstall2012-06-20_10-54-35am\jdk\jre\bin\javaw.exe |
"TCP Query User{83409A77-80C3-4F6D-AFC1-FB559A696374}C:\informatica\9.1.0\clients\powercenterclient\client\bin\pmwfmntr.exe" = protocol=6 | dir=in | app=c:\informatica\9.1.0\clients\powercenterclient\client\bin\pmwfmntr.exe |
"TCP Query User{920921C0-8351-4513-B989-33A4390C6069}C:\informatica\9.1.0\clients\powercenterclient\client\bin\pmwflmgr.exe" = protocol=6 | dir=in | app=c:\informatica\9.1.0\clients\powercenterclient\client\bin\pmwflmgr.exe |
"TCP Query User{9E1F3CA8-F3B5-48E5-9ACF-4335C62F2E98}C:\informatica\9.1.0\clients\java\bin\javaw.exe" = protocol=6 | dir=in | app=c:\informatica\9.1.0\clients\java\bin\javaw.exe |
"TCP Query User{E80A9EE5-7AC8-446D-B5BC-658BD108563D}C:\users\jmiller\appdata\local\temp\orainstall2012-06-18_10-12-20am\jdk\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\jmiller\appdata\local\temp\orainstall2012-06-18_10-12-20am\jdk\jre\bin\javaw.exe |
"UDP Query User{385B1698-476B-4F03-A325-FCFCF6B44B33}C:\users\jmiller\appdata\local\temp\orainstall2012-06-20_10-54-35am\jdk\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\jmiller\appdata\local\temp\orainstall2012-06-20_10-54-35am\jdk\jre\bin\javaw.exe |
"UDP Query User{7A37098E-E0B0-4A49-BC34-B627F140A1DF}C:\users\jmiller\appdata\local\temp\orainstall2012-06-18_10-12-20am\jdk\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\jmiller\appdata\local\temp\orainstall2012-06-18_10-12-20am\jdk\jre\bin\javaw.exe |
"UDP Query User{A6022B83-A43B-42E4-BFFE-436F54AC8189}C:\informatica\9.1.0\clients\powercenterclient\client\bin\pmwfmntr.exe" = protocol=17 | dir=in | app=c:\informatica\9.1.0\clients\powercenterclient\client\bin\pmwfmntr.exe |
"UDP Query User{D433E2F7-925A-48AC-A090-99FAD687F2FD}C:\informatica\9.1.0\clients\java\bin\javaw.exe" = protocol=17 | dir=in | app=c:\informatica\9.1.0\clients\java\bin\javaw.exe |
"UDP Query User{E0824F08-0F46-49D1-B8C4-2AB29856132A}C:\informatica\9.1.0\clients\powercenterclient\client\bin\pmwflmgr.exe" = protocol=17 | dir=in | app=c:\informatica\9.1.0\clients\powercenterclient\client\bin\pmwflmgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1C83CB66-D345-4D6C-95A2-63A03269ADA0}" = Lenovo Patch Utility 64 bit
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel® PROSet/Wireless WiFi Software
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5D62CA9E-C68A-4BED-A1E9-7D38D9DDC2DB}" = Microsoft Online Services Sign-in Assistant
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{728985C5-A04B-457C-9D62-15360F3EAF85}" = Intel® WiDi
"{81BE0B17-563B-45D4-B198-5721E6C665CD}" = Microsoft Lync 2010
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C5F268F1-0856-43E2-B6F1-2470EEE48D2A}" = ESET NOD32 Antivirus
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DD00F699-6861-4DCF-A19F-8CF61E5E28ED}" = Lenovo Solution Center
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"CutePDF Writer Installation" = CutePDF Writer 3.0
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel® Network Connections Drivers
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.9
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{2DE9C112-2482-4D27-AA90-1504DFD9F117}" = Citrix Authentication Manager
"{2EA6C7A4-9178-4C04-887E-D3515F4AAC1B}" = Online Plug-in
"{452F5D68-F680-4F84-9146-509C0DFEB8D6}" = Citrix Receiver(USB)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B84FE5-B216-4ED8-9FDA-262AC8E0164F}" = Informatica Mapping Template
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A32AC6-C6DE-410E-8869-83E5D725DDE0}" = Citrix Receiver(Aero)
"{7CE1F876-6012-431F-A514-C67107D6D8E1}" = Citrix Receiver(DV)
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A5D4E9-7FE6-336D-9525-F1C879496014}" = Google Talk Plugin
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{8EC50898-E24A-4C0C-A1F2-A71A8DBF291F}" = Citrix Receiver Inside
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.STANDARD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.STANDARD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.STANDARD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{987F1753-1F42-4DF2-A5EA-0CCB777F3EB0}" = ASPCA Reminder by We-Care.com v4.0.19.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9D3D2C60-A55F-4fed-B2B9-17311226DF01}" = ThinkPad Wireless LAN Adapter Software
"{A1BBEE16-49B1-42F2-95B8-54C8C6A1C0C3}" = Brother MFL-Pro Suite MFC-9125CN
"{A7BB9BBD-DFE4-4276-820A-7CD141FC09E6}" = Lenovo Patch Utility
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{B48A3CE4-2F1E-45EF-841A-C0A3C407EB0F}" = Self-service Plug-in
"{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}" = Rescue and Recovery
"{C312B021-ABED-4399-9FC4-C960ED141D66}" = Tableau 7.0
"{C6D4B05A-EA7E-1027-80EF-C925E740E99C}" = Intel® Identity Protection Technology 1.0.74.0
"{D2A27492-2F6B-49BE-A4E4-BFCE01828FB7}" = Citrix Receiver (HDX Flash Redirection)
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Power Manager
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"File Extractor" = File Extractor
"FileZilla Client" = FileZilla Client 3.5.3
"Informatica 9.1.0 HotFix3 Client" = Informatica 9.1.0 HotFix3 Client
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.STANDARD" = Microsoft Office Standard 2010
"ProInst" = Intel PROSet Wireless
"PuTTY_is1" = PuTTY version 0.62
"Tweaks File Extractor" = File Extractor
"VLC media player" = VLC media player 2.0.1
"Wajam" = Wajam
"winscp3_is1" = WinSCP 4.3.8

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3866322837-1237756700-1768424464-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3866322837-1237756700-1768424464-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/18/2012 2:28:53 PM | Computer Name = CSG-JMILLER | Source = WinMgmt | ID = 10
Description =

Error - 7/18/2012 2:57:23 PM | Computer Name = CSG-JMILLER | Source = WinMgmt | ID = 10
Description =

Error - 7/18/2012 3:12:44 PM | Computer Name = CSG-JMILLER | Source = WinMgmt | ID = 10
Description =

Error - 7/18/2012 3:52:50 PM | Computer Name = CSG-JMILLER | Source = WinMgmt | ID = 10
Description =

Error - 7/18/2012 4:08:06 PM | Computer Name = CSG-JMILLER | Source = WinMgmt | ID = 10
Description =

Error - 7/18/2012 4:26:12 PM | Computer Name = CSG-JMILLER | Source = WinMgmt | ID = 10
Description =

Error - 7/18/2012 4:33:17 PM | Computer Name = CSG-JMILLER | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 20.0.1132.57, time
stamp: 0x4ffb8830 Faulting module name: libgnutls_plugin.dll, version: 0.0.0.0,
time stamp: 0x4f63d531 Exception code: 0xc0000005 Fault offset: 0x000d3e32 Faulting
process id: 0x11e4 Faulting application start time: 0x01cd6524819eb919 Faulting application
path: C:\Users\jmiller\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libgnutls_plugin.dll
Report
Id: cde08034-d117-11e1-885a-0021ccc00c36

Error - 7/18/2012 4:34:14 PM | Computer Name = CSG-JMILLER | Source = WinMgmt | ID = 10
Description =

Error - 7/18/2012 4:47:52 PM | Computer Name = CSG-JMILLER | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 20.0.1132.57, time
stamp: 0x4ffb8830 Faulting module name: libgnutls_plugin.dll, version: 0.0.0.0,
time stamp: 0x4f63d531 Exception code: 0xc0000005 Fault offset: 0x000d3e32 Faulting
process id: 0x16dc Faulting application start time: 0x01cd652693dd07d7 Faulting application
path: C:\Users\jmiller\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libgnutls_plugin.dll
Report
Id: d70c3b8a-d119-11e1-b841-0021ccc00c36

Error - 7/18/2012 5:01:37 PM | Computer Name = CSG-JMILLER | Source = WinMgmt | ID = 10
Description =

[ Lenovo-Lenovo Patch Utility/Admin Events ]
Error - 7/19/2012 9:44:29 AM | Computer Name = CSG-JMILLER | Source = Lenovo Patch Utility | ID = 1
Description = HttpFileDownloader failed to download the file "http://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches/x64//PM.manifest.xml".
Error message: The remote name could not be resolved: 'download.lenovo.com'

Error - 7/19/2012 9:44:29 AM | Computer Name = CSG-JMILLER | Source = Lenovo Patch Utility | ID = 1
Description = Connection failure while downloading manifest file http://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches/x64//PM.manifest.xml.

Error - 7/19/2012 9:44:29 AM | Computer Name = CSG-JMILLER | Source = Lenovo Patch Utility | ID = 2
Description = Failed to connect to the server. Error message: Exception of type
'Lenovo.LenovoPatchUtility.Exceptions.ConnectionFailureException' was thrown.

[ System Events ]
Error - 7/19/2012 10:55:20 AM | Computer Name = CSG-JMILLER | Source = Service Control Manager | ID = 7030
Description = The TVT Backup Service service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.

Error - 7/19/2012 11:36:37 AM | Computer Name = CSG-JMILLER | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:35:07 AM on ?7/?19/?2012 was unexpected.

Error - 7/19/2012 11:36:44 AM | Computer Name = CSG-JMILLER | Source = BugCheck | ID = 1001
Description =

Error - 7/19/2012 4:27:29 PM | Computer Name = CSG-JMILLER | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/19/2012 4:30:25 PM | Computer Name = CSG-JMILLER | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/19/2012 4:31:39 PM | Computer Name = CSG-JMILLER | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 7/23/2012 9:30:13 AM | Computer Name = CSG-JMILLER | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 7/24/2012 10:02:52 AM | Computer Name = CSG-JMILLER | Source = DCOM | ID = 10010
Description =

Error - 7/24/2012 10:04:52 AM | Computer Name = CSG-JMILLER | Source = DCOM | ID = 10010
Description =

Error - 7/24/2012 2:08:51 PM | Computer Name = CSG-JMILLER | Source = DCOM | ID = 10010
Description =


< End of report >

#7 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:15 PM

Posted 30 July 2012 - 08:10 AM

Hi-

You have at least one backdoor trojan on your computer. A backdoor Trojan can allow an attacker to
gain control of the system, log keystrokes, steal passwords, access personal
data, send malevolent outgoing traffic, and close the security warning
messages displayed by some anti-virus and security programs.

I would advise you to disconnect this PC from the Internet, and then go to
a known clean computer and change any passwords or security information held
on the infected computer. In particular, check whatever relates to online
banking financial transactions, shopping, credit cards, or sensitive
personal information. It is also wise to contact your financial institutions
to apprise them of your situation.

We will do our best to clean the computer of any infections seen on the log.
However, because of the nature of this Trojan, I cannot offer a total
guarantee that there are no remnants left in the system, or that the
computer will be trustworthy.

Many security experts believe that once infected with this type of Trojan,
the best course of action is to reformat and reinstall the Operating System.
Making this decision is based on what the computer is used for, and what
information can be accessed from it.

Knowing the above, let me know if you wish to proceed.

If you wish to proceed, copy into your reply the contents of the ComboFix log (c:\ComboFix.txt) from July 19th.
Shannon

#8 livethird

livethird
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 30 July 2012 - 09:11 AM

Thanks for the info! I would like to reformat and reinstall the waiting system. The unfortunate part it that I lost my recovery disc that came with my lenovo. If I was to take this course of action, is there a way I could reformat and reinstall the OS without having to purchase the discs etc all over again. My computer is only a few months old, so I don't feel like it would be a hassle to reinstall the programs I have on here.
If no such fix can come immediately, let's go ahead and try to fix it manually. But my primary interest would be the reformat and reinstall.
Lenovo
Windows 7
64bit








ComboFix 12-07-19.02 - jmiller 07/19/2012 15:23:21.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3979.1951 [GMT -5:00]
Running from: c:\users\jmiller\Desktop\username543.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 )))))))))))))))))))))))))))))))
.
.
2012-07-19 20:30 . 2012-07-19 20:30 -------- d-----w- c:\users\setup\AppData\Local\temp
2012-07-19 20:30 . 2012-07-19 20:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-19 20:18 . 2009-09-10 19:54 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-07-19 20:18 . 2009-09-10 19:53 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-19 18:32 . 2012-07-19 18:32 90112 ----a-w- c:\windows\cscrkill64.dll
2012-07-19 18:32 . 2012-07-19 18:32 90112 ------w- c:\windows\cscrkill.dll
2012-07-19 15:38 . 2012-07-19 15:38 -------- d-sh--r- C:\RRbackups
2012-07-19 15:25 . 2012-07-19 15:25 90112 ----a-w- c:\windows\system32\cscrkill64.dll
2012-07-19 15:25 . 2012-07-19 15:25 90112 ------w- c:\windows\SysWow64\cscrkill.dll
2012-07-19 14:52 . 2012-07-19 14:48 118520 ------w- c:\windows\SysWow64\pxinsi64.exe
2012-07-19 14:52 . 2012-07-19 14:48 116472 ------w- c:\windows\SysWow64\pxcpyi64.exe
2012-07-19 14:52 . 2012-07-19 14:48 129784 ------w- c:\windows\SysWow64\pxafs.dll
2012-07-19 14:51 . 2012-07-19 15:42 -------- d-----w- C:\SWSHARE
2012-07-18 23:48 . 2012-07-14 00:17 136672 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-07-18 20:52 . 2012-07-18 20:59 -------- d-----w- C:\ldiag
2012-07-18 11:06 . 2012-07-18 11:20 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-07-18 02:17 . 2012-07-18 03:10 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-07-17 15:29 . 2012-07-17 15:29 -------- d-----w- c:\users\jmiller\AppData\Roaming\Malwarebytes
2012-07-17 13:53 . 2012-07-17 13:53 116016 ----a-w- c:\windows\system32\drivers\49587707.sys
2012-07-17 04:29 . 2012-07-17 04:29 -------- d-----w- C:\FRST
2012-07-16 21:35 . 2012-07-18 18:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-16 21:30 . 2012-07-16 21:30 -------- d-----w- c:\users\jmiller\AppData\Roaming\FixTDSS
2012-07-16 21:30 . 2012-07-16 21:31 27256 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-07-16 21:21 . 2012-07-16 21:22 -------- d-----w- c:\users\jmiller\AppData\Local\LSC
2012-07-16 20:35 . 2012-01-14 04:41 68864 ----a-w- c:\windows\system32\drivers\stream.sys
2012-07-16 20:33 . 2012-07-16 20:33 -------- d-----w- c:\program files\Common Files\Intel Corporation
2012-07-16 20:33 . 2012-07-16 20:33 -------- d-----w- c:\program files\Intel Corporation
2012-07-16 20:31 . 2012-07-16 20:31 -------- d-----w- c:\users\jmiller\AppData\Roaming\LSC
2012-07-16 20:30 . 2012-07-19 14:48 -------- d-----w- c:\windows\Downloaded Installations
2012-07-16 20:30 . 2012-07-16 20:30 -------- d-----w- c:\program files (x86)\Common Files\Intel
2012-07-16 20:11 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-16 20:05 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EEA619DF-4131-48EE-95DB-6EA525A78DF3}\mpengine.dll
2012-07-13 16:11 . 2012-07-13 16:12 -------- d--h--w- c:\users\jmiller\Tableau
2012-07-12 15:10 . 2012-07-18 01:42 -------- d-----w- c:\program files (x86)\Brother
2012-07-12 15:10 . 2008-06-17 20:33 167936 ----a-w- c:\windows\SysWow64\NSSearch.dll
2012-07-12 15:09 . 2012-07-16 19:44 -------- d-----w- c:\programdata\Brother
2012-07-12 15:09 . 2012-07-12 15:09 -------- d--h--w- c:\users\jmiller\AppData\Roaming\InstallShield
2012-07-10 18:56 . 2012-07-18 03:10 -------- d-----w- c:\programdata\FLEXnet
2012-07-10 18:56 . 2012-07-16 19:37 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-07-10 18:56 . 2012-07-16 19:43 -------- d-----w- c:\program files (x86)\Tableau
2012-07-02 20:20 . 2012-07-18 01:42 -------- d-----w- c:\users\jmiller\AppData\Roaming\ICAClient
2012-07-02 20:20 . 2012-07-16 19:44 -------- d-----w- c:\programdata\Citrix
2012-07-02 20:20 . 2012-07-18 01:42 -------- d-----w- c:\program files (x86)\Citrix
2012-07-02 20:20 . 2012-07-18 01:42 -------- d-----w- c:\program files (x86)\Common Files\Citrix
2012-07-02 20:20 . 2012-07-16 19:44 -------- d-----w- c:\users\jmiller\AppData\Local\Citrix
2012-07-02 20:19 . 2012-07-02 20:19 -------- d--h--w- c:\users\jmiller\AppData\Roaming\Download Manager
2012-07-02 20:19 . 2012-07-02 20:19 -------- d--h--w- c:\windows\Sun
2012-06-28 21:40 . 2012-06-28 21:40 -------- d--h--w- c:\users\jmiller\Lync Recordings
2012-06-27 19:33 . 2012-06-26 14:49 -------- d-----w- C:\Case_Study
2012-06-26 01:37 . 2012-06-26 01:40 -------- d-----w- C:\joes2pros
2012-06-24 01:22 . 2012-06-24 01:22 -------- d--h--w- c:\users\jmiller\AppData\Local\Wajam
2012-06-24 01:22 . 2012-07-18 01:42 -------- d-----w- c:\program files (x86)\Wajam
2012-06-24 01:21 . 2012-07-18 01:42 -------- d-----w- c:\program files (x86)\File Extractor
2012-06-24 01:21 . 2012-06-24 01:21 -------- d--h--w- c:\users\jmiller\AppData\Local\ESET
2012-06-24 01:21 . 2012-06-24 01:22 -------- d--h--w- c:\users\jmiller\AppData\Roaming\Babylon
2012-06-24 01:21 . 2012-06-24 01:21 -------- d--h--w- c:\programdata\Babylon
2012-06-22 13:25 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 13:25 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 13:25 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 13:25 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 13:25 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 13:25 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 13:25 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 13:24 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 13:24 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 03:47 . 2012-07-18 03:10 -------- d-----w- c:\programdata\McAfee Security Scan
2012-06-22 03:47 . 2012-07-18 01:42 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-06-22 03:47 . 2012-06-22 03:47 -------- d--h--w- c:\programdata\McAfee
2012-06-21 13:39 . 2012-07-18 01:42 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-06-20 15:59 . 2012-07-16 19:48 -------- d-----w- c:\users\jmiller\Oracle
2012-06-20 15:55 . 2012-07-16 19:33 -------- d-----w- C:\app
2012-06-20 15:37 . 2012-07-16 19:33 -------- d-----w- C:\deinstalloracle
2012-06-20 14:06 . 2012-07-18 01:42 -------- d-----w- c:\program files (x86)\Common Files\GSTools
2012-06-20 14:06 . 2012-07-18 01:41 -------- d-----w- c:\windows\SysWow64\vers
2012-06-20 14:06 . 2009-05-12 14:21 24576 ----a-w- c:\windows\SysWow64\NTEventLogAppender.dll
2012-06-20 14:04 . 2012-07-16 19:37 -------- d-----w- c:\program files (x86)\ibm
2012-06-20 13:18 . 2009-03-18 22:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 16:45 . 2012-04-07 22:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 16:45 . 2011-09-25 03:59 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 08:19 . 2011-09-24 19:30 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-11 19:37 . 2011-03-07 09:19 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-06-11 19:37 . 2012-05-11 00:30 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-06-11 19:37 . 2011-03-07 09:19 390144 ----a-w- c:\windows\system32\igfxdev.dll
2012-06-11 19:37 . 2011-03-07 09:44 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2012-06-11 19:37 . 2011-03-07 09:47 6324224 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-06-11 19:37 . 2011-03-07 09:42 9528832 ----a-w- c:\windows\system32\igd10umd64.dll
2012-06-11 19:37 . 2011-03-07 09:38 7988224 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-06-11 19:37 . 2011-03-07 09:19 110080 ----a-w- c:\windows\system32\hccutils.dll
2012-06-08 17:36 . 2010-07-20 10:09 18200 ----a-w- c:\programdata\Microsoft\MSOIdentityCRL\production\msoidconfig.dll
2012-05-17 13:14 . 2012-05-17 13:14 93272 ----a-w- c:\windows\system32\drivers\ctxusbm.sys
2012-05-11 03:24 . 2012-05-11 03:24 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-11 03:24 . 2011-09-25 04:00 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-13 17:18 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 17:18 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 17:18 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 17:18 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 17:18 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 17:18 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 17:18 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 17:18 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 17:18 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 17:18 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 17:18 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 17:18 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 17:18 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 17:18 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-17_20.00.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-19 14:52 . 2012-07-19 14:48 39672 c:\windows\SysWOW64\vxblock.dll
+ 2012-07-19 14:52 . 2012-07-19 14:48 64760 c:\windows\SysWOW64\pxinsa64.exe
+ 2012-07-19 14:52 . 2012-07-19 14:48 72440 c:\windows\SysWOW64\pxhpinst.exe
+ 2012-07-19 14:52 . 2012-07-19 14:48 64760 c:\windows\SysWOW64\pxcpya64.exe
+ 2010-11-21 03:09 . 2012-07-19 19:28 58430 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-19 19:28 47056 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-07-19 22:16 . 2012-07-19 19:14 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2011-05-30 14:37 . 2011-05-30 14:37 31744 c:\windows\system32\i2cw.dll
+ 2009-07-14 05:30 . 2012-07-19 14:55 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-07-17 01:45 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-05-30 14:48 . 2011-05-30 14:48 40248 c:\windows\system32\DriverStore\FileRepository\tvti2c.inf_amd64_neutral_9af60386fcabdfc0\amd64\tvti2c.sys
+ 2011-05-30 14:37 . 2011-05-30 14:37 31744 c:\windows\system32\DriverStore\FileRepository\tvti2c.inf_amd64_neutral_9af60386fcabdfc0\amd64\i2cw.dll
+ 2011-05-30 14:48 . 2011-05-30 14:48 40248 c:\windows\system32\drivers\tvti2c.sys
+ 2012-07-19 14:55 . 2012-07-19 14:55 45056 c:\windows\Installer\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}\rrmediashortcut.17CFF8A8_DF81_4628_B574_CEDE1139BCC2.exe
+ 2012-07-19 14:55 . 2012-07-19 14:55 49152 c:\windows\Installer\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}\NewShortcut3.17CFF8A8_DF81_4628_B574_CEDE1139BCC2.exe
+ 2012-06-17 23:38 . 2012-07-19 18:45 9286 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-06-08 17:37 . 2012-07-19 19:28 6930 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3866322837-1237756700-1768424464-1003_UserData.bin
+ 2012-07-18 14:21 . 2012-07-18 14:21 9560 c:\windows\system32\NetworkList\Icons\{700E0A8C-6BF8-4724-942A-0327B1FCE41E}_48.bin
+ 2012-07-18 14:21 . 2012-07-18 14:21 4280 c:\windows\system32\NetworkList\Icons\{700E0A8C-6BF8-4724-942A-0327B1FCE41E}_32.bin
+ 2012-07-18 14:21 . 2012-07-18 14:21 2456 c:\windows\system32\NetworkList\Icons\{700E0A8C-6BF8-4724-942A-0327B1FCE41E}_24.bin
- 2012-07-17 19:59 . 2012-07-17 19:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-19 20:31 . 2012-07-19 20:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-17 19:59 . 2012-07-17 19:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-19 20:31 . 2012-07-19 20:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-19 14:52 . 2012-07-19 14:48 379640 c:\windows\SysWOW64\pxwave.dll
+ 2012-07-19 14:52 . 2012-07-19 14:48 187128 c:\windows\SysWOW64\pxmas.dll
+ 2012-07-19 14:52 . 2012-07-19 14:48 510712 c:\windows\SysWOW64\pxdrv.dll
+ 2012-07-19 14:52 . 2012-07-19 14:48 547576 c:\windows\SysWOW64\px.dll
+ 2011-09-25 05:19 . 2012-07-19 13:34 418932 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-17 19:46 627300 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-19 19:31 627300 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-19 19:31 107584 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-17 19:46 107584 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2012-07-17 01:45 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-07-19 14:55 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-07-16 20:33 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-07-19 14:55 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-09-24 03:56 . 2011-05-25 22:23 101888 c:\windows\system32\DriverStore\FileRepository\risdxc.inf_amd64_neutral_98ccc2022053a316\risdxc64.sys
+ 2011-09-24 03:56 . 2009-05-28 23:24 196608 c:\windows\system32\DriverStore\FileRepository\risdxc.inf_amd64_neutral_98ccc2022053a316\RiSDIcon.dll
+ 2011-09-24 03:56 . 2009-05-28 23:24 188416 c:\windows\system32\DriverStore\FileRepository\risdxc.inf_amd64_neutral_98ccc2022053a316\RiMMCIcon.dll
+ 2011-09-24 03:56 . 2011-05-25 22:23 101888 c:\windows\system32\drivers\risdxc64.sys
+ 2012-07-19 14:55 . 2012-07-19 14:55 221184 c:\windows\Installer\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}\NewShortcut1_1.21662843_F2BE_4BBB_AE57_E9FF3AE4F2C2.exe
+ 2012-07-19 14:55 . 2012-07-19 14:55 179594 c:\windows\Installer\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}\ARPPRODUCTICONLENOVO.exe
+ 2010-03-19 10:52 . 2010-03-19 10:52 2145280 c:\windows\SysWOW64\python26.dll
+ 2012-07-19 14:52 . 2012-07-19 14:48 1628920 c:\windows\SysWOW64\pxsfs.dll
+ 2003-03-19 02:20 . 2003-03-19 02:20 1060864 c:\windows\SysWOW64\mfc71.dll
+ 2011-09-24 19:48 . 2012-07-19 20:31 1406616 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-07-18 02:17 . 2012-07-18 02:17 3884544 c:\windows\Installer\c995.msi
+ 2012-07-17 22:32 . 2012-07-17 22:32 7919616 c:\windows\Installer\197233.msi
+ 2012-07-19 14:48 . 2012-07-19 14:48 100591104 c:\windows\Installer\3491868.msi
+ 2012-07-19 14:48 . 2012-07-19 14:48 100591104 c:\windows\Downloaded Installations\{D598FCD4-8D10-4A10-8DAF-45009A56908A}\Rescue and Recovery.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-03-15 5935680]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-06-12 12099672]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-05-23 371896]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2011-04-01 1163264]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
c:\users\jmiller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 10472897;10472897; [x]
R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-04 166016]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-03-15 320576]
R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2012-04-19 35256]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-03-15 1662528]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-03-15 165440]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-08-24 1161832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-24 1255736]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2012-03-15 29512]
S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2012-07-16 27256]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-03-30 23664]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2012-05-17 93272]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2012-01-16 43584]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-01-16 62016]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2010-08-17 2024864]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-25 101888]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2012-01-11 360624]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2012-04-19 25528]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2011-05-30 40248]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 16:45]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2290092532-1361451433-3032295392-1000Core.job
- c:\users\setup\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25 06:15]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2290092532-1361451433-3032295392-1000UA.job
- c:\users\setup\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25 06:15]
.
2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3164700803-2586229814-2214421627-1000Core.job
- c:\users\setup\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25 06:15]
.
2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3164700803-2586229814-2214421627-1000UA.job
- c:\users\setup\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25 06:15]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3866322837-1237756700-1768424464-1003Core.job
- c:\users\jmiller\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08 17:25]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3866322837-1237756700-1768424464-1003UA.job
- c:\users\jmiller\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08 17:25]
.
2012-07-19 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3ab6b76a-f821-466b-ab63-55694e2bc0b0.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-07-19 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7c5e1f43-597c-4329-8cca-17ad6fc35bf0.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2916584]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-06-11 167744]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-06-11 392512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-06-11 417088]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-09-27 386408]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-01-16 44096]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.1.20.1
FF - ProfilePath - c:\users\jmiller\AppData\Roaming\Mozilla\Firefox\Profiles\opi4f4wq.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\SAsrv.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe
c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
c:\program files (x86)\Brother\Brmfcmon\BrMfimon.exe
c:\program files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Completion time: 2012-07-19 15:37:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-19 20:37
ComboFix2.txt 2012-07-17 20:04
.
Pre-Run: 257,809,432,576 bytes free
Post-Run: 257,325,015,040 bytes free
.
- - End Of File - - 82F27845D6756E4CE4A54E33143DF9AE

#9 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:15 PM

Posted 30 July 2012 - 09:40 AM

Hi-

Take a look at this PCWorld article
Shannon

#10 livethird

livethird
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 30 July 2012 - 09:47 AM

I read through the article and plan on going through with it tonight after work. Please note that this computer is for work, and the article mentioned that the reinstall is not guaranteed to work. Have you had this problem as well. I don't want to show up tomorrow without a fully functioning computer. Again, thanks for your help.

#11 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:15 PM

Posted 30 July 2012 - 12:05 PM

Hi-

No, I have not tried it. You might ask your IT folks or at our Windows 7 forum .
Shannon

#12 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:15 PM

Posted 09 August 2012 - 04:39 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Shannon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users