Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP-SP3 just hangs, need to remove power and batteries to reboot


  • Please log in to reply
24 replies to this topic

#1 dr.wireMORE

dr.wireMORE

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Americas
  • Local time:07:42 PM

Posted 08 January 2014 - 11:40 AM

Hi, XP-SP3, just started feeling "odd."  The system will just freeze.  I ran a Microsoft rootkit reveal, and showed 27 items, but on deeper inspection, nothing there.  Would appreciate your help.

 

As part of full-disclosure: did download and run combfix; but it wouldn't run.  It started, but after 10 minutes hadn't gone past the "however, scan times..."  With no disk activity, I power cycled, went to uninstall, and says no such application.  So, I stopped.  The prudent part here is for me to stop the self-assessment and ask for help from the pros.

 

The system is running, no particular issue, except the freeze and that security tools won't run. Yes, I have Norton Symantec 360, and it is up to date.

 

dw

 

PS: DDS.COM downloaded, runs but hangs.  I have been able to run OTL

PPS: Earlier, call it September, when I have SVCHOST.EXE running at 100%, did a lot of "fixes" and along the way had a conduit virus.  Thought I fixed it.

 

 

******

OTL logfile created on: 1/8/2014 11:26:53 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\jody\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.64% Memory free
3.85 Gb Paging File | 3.08 Gb Available in Paging File | 80.12% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 221.25 Gb Total Space | 65.57 Gb Free Space | 29.64% Space Free | Partition Type: NTFS
Drive D: | 5.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: T42-14 | User Name: jody | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/01/08 11:26:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jody\Desktop\OTL.exe
PRC - [2013/12/03 05:59:24 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/10/18 15:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\21.1.0.18\N360.exe
PRC - [2013/08/14 09:04:50 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2013/08/14 08:57:58 | 000,270,704 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2013/06/13 13:31:00 | 000,293,144 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
PRC - [2011/11/01 11:29:28 | 000,095,264 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
PRC - [2011/05/26 20:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/05/10 02:39:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
PRC - [2011/05/10 02:39:00 | 000,069,632 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2011/05/10 02:39:00 | 000,053,608 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/04/26 11:29:20 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/04/20 11:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2011/04/18 15:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2011/04/08 06:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/03/29 14:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/11/29 17:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/07/28 11:31:40 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2009/09/22 12:50:36 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2004/04/01 11:52:06 | 001,368,064 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/03/19 14:21:10 | 000,339,968 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2004/03/19 13:12:10 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
PRC - [2004/01/20 19:05:08 | 000,135,168 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
PRC - [2003/07/11 19:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/11/22 17:32:48 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\75145e5d0633bc01a8ad6094c842f748\System.Runtime.Remoting.ni.dll
MOD - [2013/11/22 17:32:03 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/10/10 05:00:06 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/10 04:46:45 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\065efe0fe58c464f5fb108cb0791e6ad\PresentationCore.ni.dll
MOD - [2013/10/10 04:45:54 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25798162f0e3229e9754b28f5b6d9dd\WindowsBase.ni.dll
MOD - [2013/10/10 04:09:23 | 006,813,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\7294cfff4c5922b56ee89a6879ae8eef\System.Data.ni.dll
MOD - [2013/10/10 04:08:09 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/10 04:08:02 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\75d88257b5bc5a5d15dd4c37d8bb18bd\System.Core.ni.dll
MOD - [2013/08/15 04:33:19 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\6c422db78c17838c3eb9f9fcc01ca63f\System.Management.ni.dll
MOD - [2013/08/15 04:19:38 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.ni.dll
MOD - [2013/08/15 04:19:38 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.Wrapper.dll
MOD - [2013/08/15 04:19:35 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/08/15 04:12:02 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/15 04:09:52 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/08/14 23:56:30 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\cf3c9d1496acdcb836853e59fe20223b\System.Management.ni.dll
MOD - [2013/08/14 23:52:23 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/08/14 23:15:35 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/14 23:15:04 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/08/14 23:10:18 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/11 05:11:16 | 000,194,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\c9786062fbb311c543497e28c1e1a0c5\CustomMarshalers.ni.dll
MOD - [2013/07/11 05:08:14 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\b1560845b641faac0ca607b2dce8389a\Microsoft.VisualC.ni.dll
MOD - [2013/07/11 05:04:21 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\fce142e7009d7cd587b5d8fbc20f5448\UIAutomationProvider.ni.dll
MOD - [2013/07/11 04:54:19 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/07/11 04:02:01 | 005,283,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2011/05/10 02:39:00 | 000,069,632 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2011/05/10 02:39:00 | 000,054,272 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL
MOD - [2011/05/10 02:39:00 | 000,041,984 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2010/09/14 05:24:47 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
MOD - [2004/03/19 14:21:10 | 000,339,968 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
MOD - [2003/07/11 19:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2014/01/08 09:55:39 | 000,560,000 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Documents and Settings\jody\Local Settings\temp\LK.exe -- (LK)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/18 15:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/08/14 09:04:50 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2013/08/14 08:57:58 | 000,270,704 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2013/06/13 13:31:00 | 000,293,144 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/12/14 19:01:54 | 000,036,864 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Input Director\IDWinService.exe -- (InputDirector)
SRV - [2011/05/10 02:39:00 | 000,292,200 | ---- | M] (Lenovo.) [Disabled | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2011/05/10 02:39:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011/05/10 02:39:00 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/04/26 11:29:33 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2011/04/26 11:29:28 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/04/26 11:29:20 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/04/20 11:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011/04/18 15:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/04/04 11:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011/03/29 14:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/28 11:31:40 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2009/12/17 16:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2007/09/26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2004/03/19 14:21:10 | 000,339,968 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2004/01/20 19:05:08 | 000,135,168 | ---- | M] (WIDCOMM, Inc.) [Auto | Running] -- C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2003/07/11 19:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\w22n51.sys -- (w22n51)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\jody\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2014/01/01 13:09:45 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140107.041\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/01/01 13:09:45 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140107.041\NAVENG.SYS -- (NAVENG)
DRV - [2013/12/17 18:32:11 | 001,098,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20131218.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/12/12 23:53:19 | 000,382,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140107.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013/12/04 04:45:22 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/24 10:58:52 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/11/23 11:19:36 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/09/26 21:18:30 | 000,935,512 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\SymEFA.sys -- (SymEFA)
DRV - [2013/09/26 20:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\Ironx86.sys -- (SymIRON)
DRV - [2013/09/26 20:26:03 | 000,651,352 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\srtsp.sys -- (SRTSP)
DRV - [2013/09/25 21:28:00 | 000,421,592 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\symtdi.sys -- (SYMTDI)
DRV - [2013/09/25 20:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\ccSetx86.sys -- (ccSet_N360)
DRV - [2013/09/09 20:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\SymDS.sys -- (SymDS)
DRV - [2013/09/09 19:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\srtspx.sys -- (SRTSPX)
DRV - [2013/05/23 00:12:38 | 000,028,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2013/05/23 00:12:34 | 000,037,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2013/05/23 00:12:32 | 000,043,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2013/05/23 00:12:30 | 000,042,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2013/05/23 00:12:30 | 000,010,136 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2013/05/23 00:12:26 | 000,010,136 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2012/09/21 13:09:06 | 004,261,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/09/21 13:09:00 | 000,310,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/09/06 11:46:28 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2011/11/25 02:26:04 | 000,013,440 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/05/10 02:39:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2011/05/10 02:39:00 | 000,012,144 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2011/04/26 11:29:22 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/01/13 15:04:50 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2011/01/13 15:02:56 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/09/07 15:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/05/31 12:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/05/31 12:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/12/17 16:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/11/11 06:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2009/01/21 12:22:29 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bfturboh.sys -- (bfturboh)
DRV - [2007/05/02 09:54:08 | 000,472,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/03/09 03:57:02 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007/02/18 23:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/02/07 01:38:32 | 001,133,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/28 16:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2005/11/07 06:58:30 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/09/23 18:39:58 | 000,064,256 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2004/08/03 23:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/07/29 02:36:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2004/07/29 02:36:00 | 000,009,341 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2004/07/22 16:25:58 | 000,197,888 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/07/22 16:24:52 | 000,676,096 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/07/22 16:24:20 | 001,041,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/01/20 18:40:48 | 001,260,106 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2001/11/01 04:57:14 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001/08/17 14:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {846E53A4-CDDE-4A5E-8DE6-FD928B7DB4B0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{846E53A4-CDDE-4A5E-8DE6-FD928B7DB4B0}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-981743920-2115803770-991051512-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKU\S-1-5-21-981743920-2115803770-991051512-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-981743920-2115803770-991051512-1005\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-981743920-2115803770-991051512-1005\..\SearchScopes,DefaultScope = {846E53A4-CDDE-4A5E-8DE6-FD928B7DB4B0}
IE - HKU\S-1-5-21-981743920-2115803770-991051512-1005\..\SearchScopes\{846E53A4-CDDE-4A5E-8DE6-FD928B7DB4B0}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RLTB_enUS568
IE - HKU\S-1-5-21-981743920-2115803770-991051512-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\jody\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\jody\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\jody\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\jody\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\jody\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\jody\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/09/24 22:28:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/11/23 11:22:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/01/08 11:12:03 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=994519&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},
CHR - homepage: http://search.yahoo.com/?type=994519&fr=spigot-yhp-ch
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\jody\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\jody\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\jody\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\jody\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Voice (by Google) = C:\Documents and Settings\jody\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.4_0\
CHR - Extension: Norton Identity Protection = C:\Documents and Settings\jody\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.2.3_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\jody\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\jody\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/11/23 09:48:33 | 000,000,741 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Qualys BrowserCheck IE Helper) - {7D2FB79E-E58C-4DB5-A36F-AC1C73967FA5} - C:\WINDOWS\Downloaded Program Files\qbc_bho.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-981743920-2115803770-991051512-1005\..\Toolbar\ShellBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-981743920-2115803770-991051512-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-981743920-2115803770-991051512-1005\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-981743920-2115803770-991051512-1005\..\Toolbar\WebBrowser: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-981743920-2115803770-991051512-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-981743920-2115803770-991051512-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-981743920-2115803770-991051512-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-981743920-2115803770-991051512-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://support.lenovo.com/Resources/Lenovo/AutoDetect/acpir.cab (IASRunner Class)
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logmein.com/activex/RACtrl.cab (Remote Access ActiveX Client)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://virtual2.hyatt.com/CACHE/stc/8/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} https://browsercheck.qualys.com/qbc_ax.cab (Qualys BrowserCheck)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linksyssupport.webex.com/client/T27L10NSP11EP13-5395-linksyssupport/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058 (Performance Viewer Activex Control)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{308590AC-38C0-4908-8808-AE08F8E28765}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75446DE3-A0EC-4019-80B0-6420A27E4C9B}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\jody\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jody\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/29 06:43:13 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/01/10 00:04:54 | 000,000,085 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/08 11:26:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jody\Desktop\OTL.exe
[2014/01/08 10:57:07 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\jody\Desktop\dds.com
[2014/01/08 10:31:05 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/01/08 09:58:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/01/08 09:58:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/01/08 09:58:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/01/08 09:58:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/01/08 09:56:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/08 09:53:38 | 005,162,308 | R--- | C] (Swearware) -- C:\Documents and Settings\jody\Desktop\ComboFix.exe
[2014/01/07 00:15:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jody\Recent
[2014/01/06 23:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2014/01/06 23:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody\Application Data\Yahoo!
[2013/12/29 13:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jody\My Documents\Audit, IT Audit, Risk IT
[2013/12/26 13:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2013/12/26 13:07:09 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/12/26 13:06:46 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/12/26 13:06:46 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/12/26 13:06:46 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/12/22 18:43:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/12/22 18:43:24 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/12/22 18:42:42 | 012,582,688 | ---- | C] (Malwarebytes Corp.) -- C:\Documents and Settings\jody\Desktop\mbar-1.07.0.1008.exe
[2013/12/21 06:45:23 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\jody\Desktop\aswMBR.exe
[2013/12/21 00:23:44 | 008,656,400 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\jody\Desktop\RootkitBuster_v5_1061.exe
[2013/12/21 00:09:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/12/21 00:03:25 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\jody\Desktop\tdsskiller.exe
[2013/12/09 15:07:43 | 000,118,272 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpz3l5ha.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/08 11:26:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jody\Desktop\OTL.exe
[2014/01/08 11:24:11 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-981743920-2115803770-991051512-1005UA.job
[2014/01/08 11:24:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-981743920-2115803770-991051512-1005Core.job
[2014/01/08 11:21:50 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys
[2014/01/08 11:10:24 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\WDPABKP.dat
[2014/01/08 11:09:59 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2014/01/08 11:09:53 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/08 11:09:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/08 11:08:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/08 11:08:09 | 2146,422,784 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/08 10:57:34 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\jody\Desktop\dds.com
[2014/01/08 09:53:43 | 005,162,308 | R--- | M] (Swearware) -- C:\Documents and Settings\jody\Desktop\ComboFix.exe
[2014/01/08 09:51:35 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/01/08 09:04:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/08 04:28:11 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\defrag 4am.job
[2014/01/07 12:00:00 | 000,000,590 | ---- | M] () -- C:\WINDOWS\tasks\____Volume_8b293bf3_9b12_11df_b555_000e35613068______Volume_a7de7ffb_bd74_11e2_8a6f_00166fcd6ff9__.job
[2014/01/07 00:26:38 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\jody\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/06 19:33:48 | 000,043,654 | ---- | M] () -- C:\Documents and Settings\jody\My Documents\Customer Support Survey - Norton Symantec.pdf
[2014/01/06 12:50:10 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\jody\Desktop\Shortcut to procexp.exe.lnk
[2014/01/03 10:01:20 | 000,030,126 | ---- | M] () -- C:\Documents and Settings\jody\My Documents\Dell Submission Dir Cust Sucess 13001FXB.pdf
[2014/01/03 09:29:17 | 000,066,648 | ---- | M] () -- C:\Documents and Settings\jody\My Documents\Dell Director, Customer Success - Technical Support.pdf
[2014/01/01 12:28:52 | 000,897,277 | ---- | M] () -- C:\Documents and Settings\jody\My Documents\3-IMAG2868.jpg
[2014/01/01 07:48:45 | 001,385,988 | ---- | M] () -- C:\Documents and Settings\jody\My Documents\1-IMAG2864.jpg
[2014/01/01 07:48:45 | 001,136,501 | ---- | M] () -- C:\Documents and Settings\jody\My Documents\2-IMAG2866.jpg
[2013/12/30 11:47:38 | 001,205,313 | ---- | M] () -- C:\Documents and Settings\jody\My Documents\COBITlaminate.pdf
[2013/12/27 12:26:59 | 000,016,735 | ---- | M] () -- C:\Documents and Settings\jody\My Documents\JPMC for target or unusual activity.CSV
[2013/12/26 15:58:05 | 000,028,213 | ---- | M] () -- C:\Documents and Settings\jody\My Documents\Print-Me.pdf
[2013/12/26 13:19:21 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/26 13:19:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/12/26 13:06:25 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/12/26 13:06:22 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/12/26 13:06:22 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/12/26 13:06:22 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/12/26 13:06:22 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/12/24 10:59:32 | 000,073,440 | ---- | M] () -- C:\Documents and Settings\jody\My Documents\Ebay sold - Logitech Label.pdf
[2013/12/23 22:41:59 | 000,018,975 | ---- | M] () -- C:\Documents and Settings\jody\My Documents\Workday application.pdf
[2013/12/23 14:03:12 | 000,667,648 | ---- | M] () -- C:\Documents and Settings\jody\Desktop\IDE ATA and ATAPI disks use PIO mode MicrosoftFixit50644.msi
[2013/12/22 18:43:24 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/12/22 18:43:00 | 012,582,688 | ---- | M] (Malwarebytes Corp.) -- C:\Documents and Settings\jody\Desktop\mbar-1.07.0.1008.exe
[2013/12/22 18:07:54 | 001,233,962 | ---- | M] () -- C:\Documents and Settings\jody\Desktop\AdwCleaner.exe
[2013/12/21 06:56:51 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\jody\Desktop\MBR.dat
[2013/12/21 06:45:32 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\jody\Desktop\aswMBR.exe
[2013/12/21 00:24:46 | 000,377,856 | ---- | M] () -- C:\Documents and Settings\jody\Desktop\GMERkww7i608.exe
[2013/12/21 00:23:45 | 008,656,400 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\jody\Desktop\RootkitBuster_v5_1061.exe
[2013/12/21 00:03:29 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\jody\Desktop\tdsskiller.exe
[2013/12/20 23:03:23 | 000,166,400 | ---- | M] () -- C:\Documents and Settings\jody\Desktop\ConflictInfo.exe
[2013/12/20 23:02:08 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\jody\Desktop\exeHelper.com
[2013/12/18 12:56:54 | 001,103,877 | ---- | M] () -- C:\Documents and Settings\jody\My Documents\Logitech C920 receipt IMAG2813.jpg
[2013/12/17 07:49:53 | 000,486,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/17 07:49:53 | 000,081,518 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/11 23:02:46 | 001,938,314 | ---- | M] () -- C:\Documents and Settings\jody\My Documents\Camille 2013-12-11 fax and resend 21 pages.tif
[2013/12/11 03:17:08 | 000,394,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/10 17:04:54 | 000,062,893 | ---- | M] () -- C:\Documents and Settings\jody\My Documents\Sears Holding Corp Sr. Manager, Voice of Customer Program Management and Insight Activation - Member Feedback and Insight Division.pdf
[2013/12/10 16:52:30 | 000,013,453 | ---- | M] () -- C:\Documents and Settings\jody\My Documents\Johnbblankk CISSP 2013-12-10.pdf
[2013/12/10 16:03:45 | 000,081,243 | ---- | M] () -- C:\Documents and Settings\jody\My Documents\Dell IT Director-Production support, Round Rock, TX.pdf
[2013/12/10 15:51:20 | 000,084,141 | ---- | M] () -- C:\Documents and Settings\jody\My Documents\Dell Technical Support Director, Round Rock, TX.pdf
[2013/12/10 15:22:28 | 000,049,861 | ---- | M] () -- C:\Documents and Settings\jody\My Documents\Vitalogics - Director of Customer Support and Training.pdf
[2013/12/10 12:55:44 | 000,122,368 | ---- | M] () -- C:\Documents and Settings\jody\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini.del
[2013/12/10 10:33:11 | 000,807,838 | ---- | M] () -- C:\Documents and Settings\jody\My Documents\Fax resend to Altatel-Lucent-12102013-081726.tif
[2013/12/10 10:09:48 | 001,423,038 | ---- | M] () -- C:\Documents and Settings\jody\My Documents\FAX to Alcatel Lucent-resend.pdf
[2013/12/09 15:40:21 | 000,434,392 | ---- | M] () -- C:\Documents and Settings\jody\My Documents\FAX to Alcatel Lucent.pdf
[2013/12/09 15:07:11 | 000,139,558 | ---- | M] () -- C:\WINDOWS\hpoins21.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/08 10:04:06 | 2146,422,784 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/08 09:58:11 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/01/08 09:58:11 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/01/08 09:58:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/01/08 09:58:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/01/08 09:58:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/01/06 19:33:48 | 000,043,654 | ---- | C] () -- C:\Documents and Settings\jody\My Documents\Customer Support Survey - Norton Symantec.pdf
[2014/01/06 12:50:10 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\jody\Desktop\Shortcut to procexp.exe.lnk
[2014/01/03 10:01:20 | 000,030,126 | ---- | C] () -- C:\Documents and Settings\jody\My Documents\Dell Submission Dir Cust Sucess 13001FXB.pdf
[2014/01/03 09:29:17 | 000,066,648 | ---- | C] () -- C:\Documents and Settings\jody\My Documents\Dell Director, Customer Success - Technical Support.pdf
[2014/01/01 12:28:52 | 000,897,277 | ---- | C] () -- C:\Documents and Settings\jody\My Documents\3-IMAG2868.jpg
[2014/01/01 07:48:45 | 001,385,988 | ---- | C] () -- C:\Documents and Settings\jody\My Documents\1-IMAG2864.jpg
[2014/01/01 07:48:45 | 001,136,501 | ---- | C] () -- C:\Documents and Settings\jody\My Documents\2-IMAG2866.jpg
[2013/12/31 21:53:40 | 001,750,752 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/12/30 11:47:38 | 001,205,313 | ---- | C] () -- C:\Documents and Settings\jody\My Documents\COBITlaminate.pdf
[2013/12/29 14:11:10 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\jody\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/27 12:22:39 | 000,016,735 | ---- | C] () -- C:\Documents and Settings\jody\My Documents\JPMC for target or unusual activity.CSV
[2013/12/26 15:58:05 | 000,028,213 | ---- | C] () -- C:\Documents and Settings\jody\My Documents\Print-Me.pdf
[2013/12/24 10:59:32 | 000,073,440 | ---- | C] () -- C:\Documents and Settings\jody\My Documents\Ebay sold - Logitech Label.pdf
[2013/12/23 22:41:59 | 000,018,975 | ---- | C] () -- C:\Documents and Settings\jody\My Documents\Workday application.pdf
[2013/12/23 14:02:27 | 000,667,648 | ---- | C] () -- C:\Documents and Settings\jody\Desktop\IDE ATA and ATAPI disks use PIO mode MicrosoftFixit50644.msi
[2013/12/22 18:07:52 | 001,233,962 | ---- | C] () -- C:\Documents and Settings\jody\Desktop\AdwCleaner.exe
[2013/12/21 06:56:51 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\jody\Desktop\MBR.dat
[2013/12/21 00:24:45 | 000,377,856 | ---- | C] () -- C:\Documents and Settings\jody\Desktop\GMERkww7i608.exe
[2013/12/20 23:03:23 | 000,166,400 | ---- | C] () -- C:\Documents and Settings\jody\Desktop\ConflictInfo.exe
[2013/12/20 23:02:08 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\jody\Desktop\exeHelper.com
[2013/12/18 12:56:54 | 001,103,877 | ---- | C] () -- C:\Documents and Settings\jody\My Documents\Logitech C920 receipt IMAG2813.jpg
[2013/12/11 22:54:53 | 001,938,314 | ---- | C] () -- C:\Documents and Settings\jody\My Documents\Camille 2013-12-11 fax and resend 21 pages.tif
[2013/12/10 17:04:54 | 000,062,893 | ---- | C] () -- C:\Documents and Settings\jody\My Documents\Sears Holding Corp Sr. Manager, Voice of Customer Program Management and Insight Activation - Member Feedback and Insight Division.pdf
[2013/12/10 16:03:45 | 000,081,243 | ---- | C] () -- C:\Documents and Settings\jody\My Documents\Dell IT Director-Production support, Round Rock, TX.pdf
[2013/12/10 15:51:20 | 000,084,141 | ---- | C] () -- C:\Documents and Settings\jody\My Documents\Dell Technical Support Director, Round Rock, TX.pdf
[2013/12/10 15:22:28 | 000,049,861 | ---- | C] () -- C:\Documents and Settings\jody\My Documents\Vitalogics - Director of Customer Support and Training.pdf
[2013/12/10 14:33:30 | 000,013,453 | ---- | C] () -- C:\Documents and Settings\jody\My Documents\Johnbblankk CISSP 2013-12-10.pdf
[2013/12/10 10:33:11 | 000,807,838 | ---- | C] () -- C:\Documents and Settings\jody\My Documents\Fax resend to Altatel-Lucent-12102013-081726.tif
[2013/12/10 10:09:48 | 001,423,038 | ---- | C] () -- C:\Documents and Settings\jody\My Documents\FAX to Alcatel Lucent-resend.pdf
[2013/12/09 15:40:21 | 000,434,392 | ---- | C] () -- C:\Documents and Settings\jody\My Documents\FAX to Alcatel Lucent.pdf
[2013/12/09 15:01:54 | 000,139,558 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2013/12/09 15:01:54 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2013/12/05 12:40:28 | 000,004,971 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\wjxstxvo.tjy
[2013/11/22 16:24:22 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\WDPABKP.dat
[2013/11/09 10:11:23 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2013/11/09 00:14:20 | 001,003,520 | ---- | C] () -- C:\WINDOWS\AtrexCfg.exe
[2013/11/07 22:21:25 | 000,000,256 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2013/11/07 22:21:23 | 000,001,840 | ---- | C] () -- C:\WINDOWS\_isenv31.ini
[2013/11/07 22:21:23 | 000,000,521 | ---- | C] () -- C:\WINDOWS\_iserr31.ini
[2013/11/07 12:54:00 | 000,394,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/21 13:08:36 | 010,919,784 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2012/09/21 13:08:36 | 000,338,136 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2012/09/21 13:08:36 | 000,103,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2012/09/21 12:48:30 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2012/09/10 20:01:28 | 000,061,304 | ---- | C] () -- C:\Documents and Settings\jody\g2mdlhlpx.exe
[2012/08/03 21:21:18 | 000,000,071 | ---- | C] () -- C:\WINDOWS\ENX230.ini
[2012/03/14 16:29:28 | 003,690,242 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-981743920-2115803770-991051512-1005-0.dat
[2012/03/14 10:59:17 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/15 18:39:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/24 20:19:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/01/24 00:42:58 | 000,000,071 | ---- | C] () -- C:\WINDOWS\ENX430.ini
[2011/05/12 13:04:59 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\jody\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/12 12:59:57 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/04 13:52:34 | 000,284,714 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/10/12 08:43:30 | 000,122,368 | ---- | C] () -- C:\Documents and Settings\jody\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini.del
[2010/07/31 22:50:52 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\jody\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2010/07/29 06:06:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 10:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\jody\My Documents\Nielsen Signed Offer John bblankk 2010-08-19.pdf:SummaryInformation

< End of report >

 

******

OTL Extras logfile created on: 1/8/2014 11:26:53 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\jody\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.64% Memory free
3.85 Gb Paging File | 3.08 Gb Available in Paging File | 80.12% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 221.25 Gb Total Space | 65.57 Gb Free Space | 29.64% Space Free | Partition Type: NTFS
Drive D: | 5.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: T42-14 | User Name: jody | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-981743920-2115803770-991051512-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with PhotoPhilia] -- "C:\Program Files\Pholix Software\PhotoPhilia\Pholi.exe" /nologo /explorer:"%1" (Pholix Software)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8743:TCP" = 8743:TCP:*:Enabled:AllShareFrameWorkDMS Action TCP Port
"8643:TCP" = 8643:TCP:*:Enabled:AllShareFrameWorkDMS Event TCP Port
"7676:TCP" = 7676:TCP:*:Enabled:AllShareFrameWorkDMS Service TCP Port1
"7679:TCP" = 7679:TCP:*:Enabled:AllShareFrameWorkDMS Service TCP Port2
"24234:TCP" = 24234:TCP:*:Enabled:AllShareFramework DMS service UDP Port1
"7900:TCP" = 7900:TCP:*:Enabled:AllShareFramework DMS service UDP Port2
"1900:TCP" = 1900:TCP:*:Enabled:UPnP Multicast Port
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector
"C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics
"C:\Program Files\Input Director\InputDirector.exe" = C:\Program Files\Input Director\InputDirector.exe:*:Enabled:Input Director -- (Imperative Software Pty Ltd)
"C:\Program Files\Input Director\InputDirectorSessionHelper.exe" = C:\Program Files\Input Director\InputDirectorSessionHelper.exe:*:Enabled:Input Director Session Helper -- ()
"C:\Program Files\Input Director\InputDirectorClipboardHelper.exe" = C:\Program Files\Input Director\InputDirectorClipboardHelper.exe:*:Enabled:Input Director Clipboard Helper -- (Imperative Software Pty Ltd)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\jody\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\jody\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Documents and Settings\jody\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\jody\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Input Director\InputDirector.exe" = C:\Program Files\Input Director\InputDirector.exe:*:Enabled:Input Director -- (Imperative Software Pty Ltd)
"C:\Program Files\Input Director\InputDirectorSessionHelper.exe" = C:\Program Files\Input Director\InputDirectorSessionHelper.exe:*:Enabled:Input Director Session Helper -- ()
"C:\Program Files\Input Director\InputDirectorClipboardHelper.exe" = C:\Program Files\Input Director\InputDirectorClipboardHelper.exe:*:Enabled:Input Director Clipboard Helper -- (Imperative Software Pty Ltd)
"C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkDMS.exe" = C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkDMS.exe:*:Enabled:AllShareFrameworkDMS
"C:\Program Files\Samsung\Samsung Link\Samsung Link.exe" = C:\Program Files\Samsung\Samsung Link\Samsung Link.exe:*:Enabled:Samsung Link
"C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe" = C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe:*:Enabled:Samsung Link
"C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\AllShareFrameworkDMS.exe" = C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\AllShareFrameworkDMS.exe:*:Enabled:AllShareFrameworkDMS
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Azureus Software, Inc)
"C:\Program Files\Atrex\atrex32.exe" = C:\Program Files\Atrex\atrex32.exe:*:Enabled:Atrex -- (Millennium Software, Inc)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0+ (r484)
"{01b19ee2-f793-4fda-8aab-60fa495c4869}" = WD SmartWare Installer
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16906D21-0656-4F8B-9A01-C3D24B5401FC}" = Intel® PROSet for Wired Connections
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{307ECD26-43D7-4AD4-82CF-794B63EDF096}" = Citrix Online Launcher
"{31EAB550-69A3-11DF-305E-0255484C0124}" = Atrex
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{39417F21-6193-4349-AE25-8813A6273546}" = TurboTax 2012 wiliper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{455EC32F-4157-438D-9E3A-40E93B09FC3C}" = WD Quick View
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4E8444C5-766E-4f4d-82F8-BB83E2FBB42A}" = HP Deskjet F2200 All-In-One Driver 10.0 Rel .3
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5D112C61-C8D0-4718-8DD7-B9115EB9AF90}" = LogMeIn
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FEF2583-382C-4795-947F-CE54E3F0E16A}" = WD SmartWare
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6346B2AE-0DBB-45A3-9ECA-D23CAC27AB7E}" = TurboTax 2011 wiliper
"{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1
"{6CC9CD2D-382E-47EA-91FD-218A70C171CC}" = Microsoft Office Configuration Analyzer Tool 1.1
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70632C41-BDAC-4128-9FBF-287F9FF53DE5}" = TurboTax 2010 wiliper
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = IBM Active Protection System
"{72E40002-8CEC-47C1-A099-83AC8E173BF0}" = WD Drive Utilities
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard
"{82B2DB92-98CA-4a0e-B1BD-18B6E2D320CB}" = Memeo Backup
"{82E7071E-2386-4B87-9C18-EDB8A7FBE4FF}" = Garmin City Navigator North America NT 2011.31 Update
"{83270912-15C7-4336-822E-E8F1B1BBCA60}" = WD Security
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D3D561-D1FD-4d57-8395-20030467E0F9}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{65482307-FE7D-4E7F-9DEF-3F0E841BC77A}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-BA7E-000000000005}" = Adobe Acrobat X Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2DEA1ED-F9D0-401D-9714-6FA8E89EF9D7}" = Palm
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{E98D6792-FC51-4187-9448-CA9BF893384E}" = IBM Integrated Bluetooth II Software
"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features
"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EFD2807A-C66B-4C13-8FB8-42FCA6DEF171}" = TurboTax 2012 wcaiper
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"8461-7759-5462-8226" = Vuze
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 2.0
"CCleaner" = CCleaner
"Copernic Agent Basic" = Copernic Agent Basic
"DivX Setup.divx.com" = DivX Setup
"DVDFab 8_is1" = DVDFab 8.0.6.1 (18/12/2010)
"EasyEject Utility" = IBM ThinkPad EasyEject Utility
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Calendar Sync" = Google Calendar Sync
"Google Chrome" = Google Chrome
"hp officejet v series 1352033668" = hp officejet v series
"ie8" = Windows Internet Explorer 8
"Input Director" = Input Director v1.3 BETA
"InstallShield_{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.3.0 (Basic)
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Logitech Unifying" = Logitech Unifying Software 2.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton Security Suite
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"PdaNet_is1" = PdaNet+ for Android 4.12
"PhotoPhilia" = PhotoPhilia 1.9
"PhotoPhilia Player" = PhotoPhilia Player 1.9
"Power Management Driver" = Lenovo Power Management Driver
"Presentation Director" = ThinkPad Presentation Director
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Adapters and Drivers
"sp6" = Logitech SetPoint 6.61
"Street Atlas USA 8.0" = Street Atlas USA 8.0
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad Configuration" = IBM ThinkPad Configuration
"ThinkPadSoftwareInstaller" = ThinkPad Software Installer
"TrackPoint" = ThinkPad TrackPoint Driver
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"TurboTax 2012" = TurboTax 2012
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Tweak UI 2.10" = Tweak UI
"UN070410" = BUFFALO TurboUSB for FLASH/HDD
"VLC media player" = VLC media player 2.1.2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-981743920-2115803770-991051512-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 5.9.0.1216
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/13/2013 9:16:11 PM | Computer Name = T42-14 | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 wdsmartware.exe, P2 2.1.4974.12693, P3 520b9c2a,
 P4 mscorlib, P5 4.0.0.0, P6 517a1c71, P7 3fde, P8 13c, P9 system.aggregateexception,
 P10 NIL.
 
Error - 12/13/2013 9:24:55 PM | Computer Name = T42-14 | Source = .NET Runtime | ID = 1026
Description = Application: WDSmartWare.exe Framework Version: v4.0.30319 Description:
 The process was terminated due to an unhandled exception. Exception Info: System.AggregateException
Stack:

   at System.Threading.Tasks.TaskExceptionHolder.Finalize()
 
Error - 12/16/2013 12:54:29 AM | Computer Name = T42-14 | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 wdsmartware.exe, P2 2.1.4974.12693, P3 520b9c2a,
 P4 mscorlib, P5 4.0.0.0, P6 517a1c71, P7 3fde, P8 13c, P9 system.aggregateexception,
 P10 NIL.
 
Error - 12/16/2013 8:10:17 PM | Computer Name = T42-14 | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 wdsmartware.exe, P2 2.1.4974.12693, P3 520b9c2a,
 P4 mscorlib, P5 4.0.0.0, P6 517a1c71, P7 3fde, P8 13c, P9 system.aggregateexception,
 P10 NIL.
 
Error - 12/16/2013 8:11:38 PM | Computer Name = T42-14 | Source = .NET Runtime | ID = 1026
Description = Application: WDSmartWare.exe Framework Version: v4.0.30319 Description:
 The process was terminated due to an unhandled exception. Exception Info: System.AggregateException
Stack:

   at System.Threading.Tasks.TaskExceptionHolder.Finalize()
 
Error - 12/17/2013 10:34:47 PM | Computer Name = T42-14 | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 outlook.exe, P2 12.0.6680.5000, P3
 ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
 
Error - 12/18/2013 12:10:18 AM | Computer Name = T42-14 | Source = Chrome | ID = 1
Description =
 
Error - 12/18/2013 12:19:26 AM | Computer Name = T42-14 | Source = Chrome | ID = 1
Description =
 
Error - 12/18/2013 12:41:24 AM | Computer Name = T42-14 | Source = Chrome | ID = 1
Description =
 
Error - 12/21/2013 1:16:29 AM | Computer Name = T42-14 | Source = Application Error | ID = 1000
Description = Faulting application grep.3xe, version 0.0.0.0, faulting module grep.3xe,
 version 0.0.0.0, fault address 0x00008e3c.
 
[ Application Events ]
Error - 12/13/2013 9:16:11 PM | Computer Name = T42-14 | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 wdsmartware.exe, P2 2.1.4974.12693, P3 520b9c2a,
 P4 mscorlib, P5 4.0.0.0, P6 517a1c71, P7 3fde, P8 13c, P9 system.aggregateexception,
 P10 NIL.
 
Error - 12/13/2013 9:24:55 PM | Computer Name = T42-14 | Source = .NET Runtime | ID = 1026
Description = Application: WDSmartWare.exe Framework Version: v4.0.30319 Description:
 The process was terminated due to an unhandled exception. Exception Info: System.AggregateException
Stack:

   at System.Threading.Tasks.TaskExceptionHolder.Finalize()
 
Error - 12/16/2013 12:54:29 AM | Computer Name = T42-14 | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 wdsmartware.exe, P2 2.1.4974.12693, P3 520b9c2a,
 P4 mscorlib, P5 4.0.0.0, P6 517a1c71, P7 3fde, P8 13c, P9 system.aggregateexception,
 P10 NIL.
 
Error - 12/16/2013 8:10:17 PM | Computer Name = T42-14 | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 wdsmartware.exe, P2 2.1.4974.12693, P3 520b9c2a,
 P4 mscorlib, P5 4.0.0.0, P6 517a1c71, P7 3fde, P8 13c, P9 system.aggregateexception,
 P10 NIL.
 
Error - 12/16/2013 8:11:38 PM | Computer Name = T42-14 | Source = .NET Runtime | ID = 1026
Description = Application: WDSmartWare.exe Framework Version: v4.0.30319 Description:
 The process was terminated due to an unhandled exception. Exception Info: System.AggregateException
Stack:

   at System.Threading.Tasks.TaskExceptionHolder.Finalize()
 
Error - 12/17/2013 10:34:47 PM | Computer Name = T42-14 | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 outlook.exe, P2 12.0.6680.5000, P3
 ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
 
Error - 12/18/2013 12:10:18 AM | Computer Name = T42-14 | Source = Chrome | ID = 1
Description =
 
Error - 12/18/2013 12:19:26 AM | Computer Name = T42-14 | Source = Chrome | ID = 1
Description =
 
Error - 12/18/2013 12:41:24 AM | Computer Name = T42-14 | Source = Chrome | ID = 1
Description =
 
Error - 12/21/2013 1:16:29 AM | Computer Name = T42-14 | Source = Application Error | ID = 1000
Description = Faulting application grep.3xe, version 0.0.0.0, faulting module grep.3xe,
 version 0.0.0.0, fault address 0x00008e3c.
 
[ Application Events ]
Error - 12/13/2013 9:16:11 PM | Computer Name = T42-14 | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 wdsmartware.exe, P2 2.1.4974.12693, P3 520b9c2a,
 P4 mscorlib, P5 4.0.0.0, P6 517a1c71, P7 3fde, P8 13c, P9 system.aggregateexception,
 P10 NIL.
 
Error - 12/13/2013 9:24:55 PM | Computer Name = T42-14 | Source = .NET Runtime | ID = 1026
Description = Application: WDSmartWare.exe Framework Version: v4.0.30319 Description:
 The process was terminated due to an unhandled exception. Exception Info: System.AggregateException
Stack:

   at System.Threading.Tasks.TaskExceptionHolder.Finalize()
 
Error - 12/16/2013 12:54:29 AM | Computer Name = T42-14 | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 wdsmartware.exe, P2 2.1.4974.12693, P3 520b9c2a,
 P4 mscorlib, P5 4.0.0.0, P6 517a1c71, P7 3fde, P8 13c, P9 system.aggregateexception,
 P10 NIL.
 
Error - 12/16/2013 8:10:17 PM | Computer Name = T42-14 | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 wdsmartware.exe, P2 2.1.4974.12693, P3 520b9c2a,
 P4 mscorlib, P5 4.0.0.0, P6 517a1c71, P7 3fde, P8 13c, P9 system.aggregateexception,
 P10 NIL.
 
Error - 12/16/2013 8:11:38 PM | Computer Name = T42-14 | Source = .NET Runtime | ID = 1026
Description = Application: WDSmartWare.exe Framework Version: v4.0.30319 Description:
 The process was terminated due to an unhandled exception. Exception Info: System.AggregateException
Stack:

   at System.Threading.Tasks.TaskExceptionHolder.Finalize()
 
Error - 12/17/2013 10:34:47 PM | Computer Name = T42-14 | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 outlook.exe, P2 12.0.6680.5000, P3
 ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
 
Error - 12/18/2013 12:10:18 AM | Computer Name = T42-14 | Source = Chrome | ID = 1
Description =
 
Error - 12/18/2013 12:19:26 AM | Computer Name = T42-14 | Source = Chrome | ID = 1
Description =
 
Error - 12/18/2013 12:41:24 AM | Computer Name = T42-14 | Source = Chrome | ID = 1
Description =
 
Error - 12/21/2013 1:16:29 AM | Computer Name = T42-14 | Source = Application Error | ID = 1000
Description = Faulting application grep.3xe, version 0.0.0.0, faulting module grep.3xe,
 version 0.0.0.0, fault address 0x00008e3c.
 
[ OSession Events ]
Error - 10/21/2011 6:26:09 PM | Computer Name = T42-15 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8671
 seconds with 1020 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 1/8/2014 6:28:11 AM | Computer Name = T42-14 | Source = DCOM | ID = 10010
Description = The server {80EE4901-33A8-11D1-A213-0080C88593A5} did not register
 with DCOM within the required timeout.
 
Error - 1/8/2014 11:48:03 AM | Computer Name = T42-14 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 1/8/2014 11:49:12 AM | Computer Name = T42-14 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   BHDrvx86  ccSet_N360  eeCtrl  Fips  intelppm  lenovo.smi  Smapint  SRTSPX  SymIRON  SYMTDI  TDSMAPI
TPHKDRV
TPPWRIF
TSMAPIP
 
Error - 1/8/2014 11:54:38 AM | Computer Name = T42-14 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 1/8/2014 11:54:52 AM | Computer Name = T42-14 | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service WDBackup with
 arguments ""  in order to run the server:  {81213AB4-5937-4340-88CD-66B4BC80DF73}
 
Error - 1/8/2014 11:54:52 AM | Computer Name = T42-14 | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service WDBackup with
 arguments ""  in order to run the server:  {59484148-65C9-4467-A092-3F8380023772}
 
Error - 1/8/2014 11:54:54 AM | Computer Name = T42-14 | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service WDBackup with
 arguments ""  in order to run the server:  {81213AB4-5937-4340-88CD-66B4BC80DF73}
 
Error - 1/8/2014 11:54:54 AM | Computer Name = T42-14 | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service WDBackup with
 arguments ""  in order to run the server:  {59484148-65C9-4467-A092-3F8380023772}
 
Error - 1/8/2014 11:55:21 AM | Computer Name = T42-14 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 1/8/2014 12:32:14 PM | Computer Name = T42-14 | Source = Service Control Manager | ID = 7034
Description = The IBM KCU Service service terminated unexpectedly.  It has done
this 1 time(s).
 
[ System Events ]
Error - 1/8/2014 6:28:11 AM | Computer Name = T42-14 | Source = DCOM | ID = 10010
Description = The server {80EE4901-33A8-11D1-A213-0080C88593A5} did not register
 with DCOM within the required timeout.
 
Error - 1/8/2014 11:48:03 AM | Computer Name = T42-14 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 1/8/2014 11:49:12 AM | Computer Name = T42-14 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   BHDrvx86  ccSet_N360  eeCtrl  Fips  intelppm  lenovo.smi  Smapint  SRTSPX  SymIRON  SYMTDI  TDSMAPI
TPHKDRV
TPPWRIF
TSMAPIP
 
Error - 1/8/2014 11:54:38 AM | Computer Name = T42-14 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 1/8/2014 11:54:52 AM | Computer Name = T42-14 | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service WDBackup with
 arguments ""  in order to run the server:  {81213AB4-5937-4340-88CD-66B4BC80DF73}
 
Error - 1/8/2014 11:54:52 AM | Computer Name = T42-14 | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service WDBackup with
 arguments ""  in order to run the server:  {59484148-65C9-4467-A092-3F8380023772}
 
Error - 1/8/2014 11:54:54 AM | Computer Name = T42-14 | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service WDBackup with
 arguments ""  in order to run the server:  {81213AB4-5937-4340-88CD-66B4BC80DF73}
 
Error - 1/8/2014 11:54:54 AM | Computer Name = T42-14 | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service WDBackup with
 arguments ""  in order to run the server:  {59484148-65C9-4467-A092-3F8380023772}
 
Error - 1/8/2014 11:55:21 AM | Computer Name = T42-14 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 1/8/2014 12:32:14 PM | Computer Name = T42-14 | Source = Service Control Manager | ID = 7034
Description = The IBM KCU Service service terminated unexpectedly.  It has done
this 1 time(s).
 
 
< End of report >


Edited by dr.wireMORE, 08 January 2014 - 12:59 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:42 PM

Posted 13 January 2014 - 10:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please run this tool and post the log for my review. Wait for further instructions.


Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#3 dr.wireMORE

dr.wireMORE
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Americas
  • Local time:07:42 PM

Posted 13 January 2014 - 12:43 PM

Problems downloading from bleeping computer.  Multiple attempts to download resulted in a 127kb file.  Including trying to save as different names. Same issue for 32 bit and 64 bit.  Went to a mirror, major geek, to download the 32-bit file, which was successful. 

 

On my desktop in a folder called

                C:\Documents and Settings\jody\Desktop\FRST\frst.exe

 

Run: I was prompted to update which I did NOT, since I downloaded from MajorGeeks, AND because it was not part of your directions.  dw

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-11-2013 (ATTENTION: ====> FRST version is 50 days old and could be outdated)
Ran by jody (administrator) on T42-14 on 13-01-2014 11:21:40
Running from C:\Documents and Settings\jody\Desktop\FRST
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(WIDCOMM, Inc.) C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\21.1.0.18\N360.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
() C:\WINDOWS\system32\TpKmpSvc.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\21.1.0.18\N360.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
() C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Software 2000 Limited) C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
(IBM Corp.) C:\IBMTOOLS\utils\ibmprc.exe
(IBM Corp.) C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe
(Lenovo Group Limited) C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Google) C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
() C:\Program Files\PdaNet for Android\PdaNetPC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 10\TscHelp.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TpShocks] - C:\WINDOWS\system32\TpShocks.exe [102400 2004-03-26] (IBM Corp.)
HKLM\...\Run: [TPKMAPHELPER] - C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [897024 2004-02-04] (IBM Corp.)
HKLM\...\Run: [TP4EX] - C:\WINDOWS\system32\TP4EX.exe [53248 2002-09-04] (IBM Corporation)
HKLM\...\Run: [SynTPLpr] - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [110592 2004-06-16] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [512000 2004-06-16] (Synaptics, Inc.)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [1368064 2004-04-01] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\SMax4.exe [794624 2004-03-26] (Analog Devices, Inc.)
HKLM\...\Run: [S3TRAY2] - C:\WINDOWS\system32\S3Tray2.exe [69632 2001-10-12] (S3 Graphics, Inc.)
HKLM\...\Run: [PWRMGRTR] - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [PRONoMgrWired] - C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe [86016 2003-08-06] (Intel® Corporation)
HKLM\...\Run: [IBMPRC] - C:\IBMTOOLS\utils\ibmprc.exe [90112 2004-03-19] (IBM Corp.)
HKLM\...\Run: [EZEJMNAP] - C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe [208896 2003-12-25] (IBM Corp.)
HKLM\...\Run: [TrackPointSrv] - C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [95264 2011-11-01] (Lenovo Group Limited)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\LMIinit: C:\Windows\system32\LMIinit.dll (LogMeIn, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKCU\...\Run: [Google Update] - C:\Documents and Settings\jody\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2010-08-08] (Google Inc.)
HKCU\...\Policies\system: [DisableCMD] 0
HKCU\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKCU\...\Policies\Explorer: [NoFolderOptions] 0
HKU\Default User\...\Run: [ibmmessages] - C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [ 2004-07-22] (IBM)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKCU - Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://support.lenovo.com/Resources/Lenovo/AutoDetect/acpir.cab
DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logmein.com/activex/RACtrl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Handler: AutorunsDisabled\copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8

Chrome:
=======
CHR HomePage: hxxp://search.yahoo.com/?type=994519&fr=spigot-yhp-ch
CHR RestoreOnStartup: "hxxp://www.yahoo.com/"
CHR DefaultSearchURL: (Yahoo) - http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=994519&p={searchTerms}
CHR DefaultSuggestURL: (Yahoo) - http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\jody\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\jody\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Documents and Settings\jody\Application Data\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\jody\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\DOCUME~1\jody\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\DOCUME~1\jody\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\DOCUME~1\jody\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\jody\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Voice (by Google)) - C:\DOCUME~1\jody\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.4_0
CHR Extension: (Norton Identity Protection) - C:\DOCUME~1\jody\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.2.3_0
CHR Extension: (Google Wallet) - C:\DOCUME~1\jody\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\DOCUME~1\jody\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Security Suite\Engine\21.1.0.18\Exts\Chrome.crx

========================== Services (Whitelisted) =================

R2 btwdins; C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe [135168 2004-01-20] (WIDCOMM, Inc.)
R2 IBM Rapid Restore Ultra Service; C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe [339968 2004-03-19] ()
S4 InputDirector; C:\Program Files\Input Director\IDWinService.exe [36864 2011-12-14] ()
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2011-04-04] (Lenovo Group Limited)
R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2010-07-28] (Memeo)
R2 N360; C:\Program Files\Norton Security Suite\Engine\21.1.0.18\diMaster.dll [567600 2013-10-07] (Symantec Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-07-16] (Intel® Corporation)
R2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [69632 2011-05-10] ()
R2 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [148840 2011-05-10] (Lenovo Group Limited)
S4 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [372809 2006-02-06] (Intel Corporation )
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.)
R2 SUService; c:\program files\lenovo\system update\suservice.exe [28672 2011-04-18] (Lenovo Group Limited)
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [130920 2011-04-20] (Lenovo Group Limited)
R2 TpKmpSVC; C:\WINDOWS\system32\TpKmpSVC.exe [32768 2003-07-11] ()
R2 TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-08-14] (Western Digital Technologies, Inc.)
S4 LK; C:\DOCUME~1\jody\LOCALS~1\Temp\LK.exe [x]

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [17801 2013-03-21] (Meetinghouse Data Communications)
R3 AR5211; C:\Windows\System32\DRIVERS\ar5211.sys [472224 2007-05-02] (Atheros Communications, Inc.)
S3 bfturboh; C:\Windows\System32\drivers\bfturboh.sys [15872 2009-01-21] ()
R1 BHDrvx86; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20131218.001\BHDrvx86.sys [1098968 2013-12-17] (Symantec Corporation)
R0 BTKRNL; C:\Windows\System32\drivers\btkrnl.sys [1260106 2004-01-20] (WIDCOMM, Inc.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1501000.012\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40448 2004-07-14] (Sonic Solutions)
R3 E1000; C:\Windows\System32\DRIVERS\e1000325.sys [125952 2004-10-26] (Intel Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-24] (Symantec Corporation)
R2 EGATHDRV; C:\WINDOWS\SYSTEM32\EGATHDRV.SYS [5120 2004-03-19] (IBM Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-12-04] (Symantec Corporation)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2007-10-30] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2007-10-30] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2007-10-30] (HP)
R3 HSFHWICH; C:\Windows\System32\DRIVERS\HSFHWICH.sys [197888 2004-07-22] (Conexant Systems, Inc.)
R2 ibmfilter; C:\WINDOWS\system32\drivers\ibmfilter.sys [64256 2004-09-23] (IBM)
R3 IDSxpx86; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140110.001\IDSxpx86.sys [382608 2013-12-12] (Symantec Corporation)
S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2013-05-23] (Logitech, Inc.)
S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2013-05-23] (Logitech, Inc.)
S3 ltmodem5; C:\Windows\System32\DRIVERS\ltmdmnt.sys [606684 2004-08-03] (LT)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28312 2013-05-23] (Logitech, Inc.)
R3 NAVENG; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140113.002\NAVENG.SYS [93272 2014-01-12] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140113.002\NAVEX15.SYS [1612376 2014-01-12] (Symantec Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
R2 PMEM; C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS [7012 2000-05-31] (Microsoft Corporation)
R3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)
S3 pnetmdm; C:\Windows\System32\DRIVERS\pnetmdm.sys [9472 2006-09-28] (June Fabrics Technology)
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11354 2005-11-07] (Intel Corporation)
S3 S3SSavage; C:\Windows\System32\DRIVERS\s3ssavm.sys [95104 2001-11-01] (S3 Graphics, Inc.)
S1 ShockMgr; C:\Windows\System32\Drivers\ShockMgr.sys [4608 2004-05-14] (IBM Corporation)
R1 Smapint; C:\Windows\System32\drivers\Smapint.sys [14848 2004-07-29] (Microsoft Corporation)
R3 SRTSP; C:\Windows\system32\drivers\N360\1501000.012\SRTSP.SYS [651352 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1501000.012\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
S4 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
S4 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
R0 SymDS; C:\Windows\System32\drivers\N360\1501000.012\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1501000.012\SYMEFA.SYS [935512 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-11-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1501000.012\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
R1 SYMTDI; C:\Windows\system32\drivers\N360\1501000.012\SYMTDI.SYS [421592 2013-09-25] (Symantec Corporation)
R1 TDSMAPI; C:\Windows\System32\drivers\TDSMAPI.SYS [9341 2004-07-29] ()
S4 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25723 2004-09-02] (Sonic Solutions)
S4 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-09-02] (Sonic Solutions)
S4 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-09-02] (Sonic Solutions)
S4 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2004-09-02] (Sonic Solutions)
S4 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86202 2004-09-02] (Sonic Solutions)
S4 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [14715 2004-09-02] (Sonic Solutions)
S4 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-09-02] (Sonic Solutions)
S4 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-09-02] (Sonic Solutions)
S4 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-09-02] (Sonic Solutions)
R3 Tp4Track; C:\Windows\System32\DRIVERS\tp4track.sys [24872 2011-11-01] (Lenovo Group Limited)
R1 TPHKDRV; C:\Windows\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwrif.sys [12144 2011-05-10] (Lenovo Group Limited)
R1 TSMAPIP; C:\Windows\System32\drivers\TSMAPIP.SYS [7168 2007-03-09] ()
S3 TwoTrack; C:\Windows\System32\DRIVERS\TwoTrack.sys [11520 2001-08-17] (IBM Corporation)
S3 w29n51; C:\Windows\System32\DRIVERS\w29n51.sys [2216064 2009-11-11] (Intel® Corporation)
S3 catchme; \??\C:\DOCUME~1\jody\LOCALS~1\Temp\catchme.sys [x]
S4 LMIRfsClientNP; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 w22n51; System32\DRIVERS\w22n51.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-13 11:16 - 2014-01-13 11:16 - 00000000 ____D C:\FRST
2014-01-13 11:10 - 2014-01-13 11:21 - 00000000 ____D C:\Documents and Settings\jody\Desktop\FRST
2014-01-13 00:03 - 2014-01-13 00:03 - 00497946 _____ C:\Documents and Settings\jody\Desktop\1389591523 RootkitBuster Full Results.txt
2014-01-12 23:38 - 2014-01-12 23:38 - 00000000 ____D C:\Documents and Settings\jody\Desktop\log
2014-01-12 23:38 - 2014-01-12 23:37 - 00205072 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2014-01-12 23:37 - 2014-01-12 23:38 - 00000000 ____D C:\Documents and Settings\jody\Desktop\TMRBLog
2014-01-12 23:16 - 2014-01-12 23:16 - 00104664 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-01-12 16:32 - 2014-01-12 16:32 - 00000626 _____ C:\WINDOWS\setupapi.log
2014-01-10 23:01 - 2014-01-10 23:24 - 00002445 _____ C:\Documents and Settings\jody\Desktop\HiJackThis.lnk
2014-01-10 23:01 - 2014-01-10 23:01 - 00000000 ____D C:\Documents and Settings\jody\Start Menu\Programs\HiJackThis
2014-01-10 22:59 - 2014-01-10 22:59 - 01402880 _____ C:\Documents and Settings\jody\Desktop\HiJackThis.msi
2014-01-09 19:32 - 2014-01-09 19:32 - 02409708 _____ C:\Documents and Settings\jody\My Documents\EBAY RMA Dell Latitude E4300 Core 2 Duo 2_Page_2.tif
2014-01-09 19:32 - 2014-01-09 19:32 - 00644704 _____ C:\Documents and Settings\jody\My Documents\EBAY RMA Dell Latitude E4300 Core 2 Duo 2_Page_1.tif
2014-01-08 13:54 - 2014-01-08 13:54 - 00122076 _____ C:\Documents and Settings\jody\Desktop\OTL.Txt
2014-01-08 12:55 - 2014-01-08 12:56 - 00000000 ____D C:\Documents and Settings\jody\Desktop\OTL Saved
2014-01-08 11:52 - 2014-01-08 11:52 - 00987410 _____ C:\Documents and Settings\jody\Desktop\SecurityCheck.exe
2014-01-08 11:26 - 2014-01-08 11:26 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\jody\Desktop\OTL.exe
2014-01-08 10:57 - 2014-01-08 10:57 - 00688992 ____R (Swearware) C:\Documents and Settings\jody\Desktop\dds.com
2014-01-08 10:26 - 2014-01-08 10:26 - 00003525 _____ C:\Documents and Settings\jody\Desktop\RootkitReveal.txt
2014-01-08 09:58 - 2011-06-26 00:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2014-01-08 09:58 - 2010-11-07 11:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2014-01-08 09:58 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-01-08 09:58 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-01-08 09:58 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-01-08 09:58 - 2000-08-30 18:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-01-08 09:58 - 2000-08-30 18:00 - 00098816 _____ C:\WINDOWS\sed.exe
2014-01-08 09:58 - 2000-08-30 18:00 - 00080412 _____ C:\WINDOWS\grep.exe
2014-01-08 09:58 - 2000-08-30 18:00 - 00068096 _____ C:\WINDOWS\zip.exe
2014-01-08 09:56 - 2014-01-08 09:58 - 00000000 ____D C:\Qoobox
2014-01-08 09:53 - 2014-01-08 09:53 - 05162308 ____R (Swearware) C:\Documents and Settings\jody\Desktop\ComboFix.exe
2014-01-07 10:13 - 2014-01-07 10:13 - 00002751 _____ C:\Documents and Settings\jody\My Documents\Dustin phone screen TEKservices, State Farm.txt
2014-01-06 23:45 - 2014-01-07 00:06 - 00000000 ____D C:\Documents and Settings\jody\Application Data\Yahoo!
2014-01-06 23:45 - 2014-01-07 00:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo!
2014-01-06 12:50 - 2014-01-06 12:50 - 00000715 _____ C:\Documents and Settings\jody\Desktop\procexp.exe.lnk
2013-12-31 21:53 - 2014-01-13 00:21 - 01750752 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-12-31 09:47 - 2013-12-31 09:47 - 00000083 _____ C:\Documents and Settings\jody\My Documents\dell e4300.txt
2013-12-29 14:11 - 2014-01-11 14:28 - 00036352 _____ C:\Documents and Settings\jody\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-29 13:13 - 2013-12-29 20:21 - 00000000 ____D C:\Documents and Settings\jody\My Documents\Audit, IT Audit, Risk IT
2013-12-27 12:22 - 2013-12-27 12:26 - 00016735 _____ C:\Documents and Settings\jody\My Documents\JPMC for target or unusual activity.CSV
2013-12-26 13:21 - 2013-12-26 13:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google
2013-12-26 13:07 - 2013-12-26 13:06 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-26 13:06 - 2013-12-26 13:06 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-26 13:06 - 2013-12-26 13:06 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-26 13:06 - 2013-12-26 13:06 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-12-23 11:58 - 2013-12-23 14:03 - 00001294 _____ C:\Documents and Settings\jody\Desktop\Interrupts.txt
2013-12-22 18:43 - 2014-01-12 23:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-12-22 18:43 - 2014-01-12 23:16 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-12-22 18:42 - 2013-12-22 18:43 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\jody\Desktop\mbar-1.07.0.1008.exe
2013-12-22 18:07 - 2013-12-22 18:07 - 01233962 _____ C:\Documents and Settings\jody\Desktop\AdwCleaner.exe
2013-12-21 06:56 - 2013-12-21 06:56 - 00003207 _____ C:\Documents and Settings\jody\Desktop\aswMBR.txt
2013-12-21 06:56 - 2013-12-21 06:56 - 00000512 _____ C:\Documents and Settings\jody\Desktop\MBR.dat
2013-12-21 06:45 - 2013-12-21 06:45 - 04745728 _____ (AVAST Software) C:\Documents and Settings\jody\Desktop\aswMBR.exe
2013-12-21 06:40 - 2013-12-21 06:40 - 00099594 _____ C:\Documents and Settings\jody\Desktop\TDSKiller Report.txt
2013-12-21 06:15 - 2013-12-21 06:15 - 00048155 _____ C:\Documents and Settings\jody\Desktop\Gmer.log
2013-12-21 06:14 - 2013-12-21 06:14 - 00048155 _____ C:\Documents and Settings\jody\Desktop\Gmer copy.txt
2013-12-21 00:24 - 2013-12-21 00:24 - 00377856 _____ C:\Documents and Settings\jody\Desktop\GMERkww7i608.exe
2013-12-21 00:23 - 2013-12-21 00:23 - 08656400 _____ (Trend Micro Inc.) C:\Documents and Settings\jody\Desktop\RootkitBuster_v5_1061.exe
2013-12-21 00:09 - 2013-12-21 00:09 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-12-21 00:03 - 2013-12-21 00:03 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\jody\Desktop\tdsskiller.exe
2013-12-20 23:03 - 2013-12-20 23:03 - 00166400 _____ C:\Documents and Settings\jody\Desktop\ConflictInfo.exe
2013-12-20 23:03 - 2013-12-20 23:03 - 00000751 _____ C:\Documents and Settings\jody\Desktop\ConflictInfo.txt
2013-12-20 23:02 - 2013-12-20 23:02 - 00294400 _____ C:\Documents and Settings\jody\Desktop\exeHelper.com
2013-12-20 11:43 - 2013-12-20 11:45 - 00000267 _____ C:\Documents and Settings\jody\My Documents\Rachel corydon comcast linksys details.txt

==================== One Month Modified Files and Folders =======

2014-01-13 11:21 - 2014-01-13 11:10 - 00000000 ____D C:\Documents and Settings\jody\Desktop\FRST
2014-01-13 11:16 - 2014-01-13 11:16 - 00000000 ____D C:\FRST
2014-01-13 11:04 - 2013-02-14 16:26 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-13 10:30 - 2013-11-22 12:55 - 01382083 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-13 10:29 - 2013-11-22 16:24 - 00008192 _____ C:\WINDOWS\system32\WDPABKP.dat
2014-01-13 10:29 - 2011-06-17 08:24 - 00000298 _____ C:\WINDOWS\Tasks\PMTask.job
2014-01-13 10:29 - 1980-01-01 01:00 - 00002278 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-13 10:28 - 2013-11-22 12:57 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-13 10:28 - 2013-11-22 12:57 - 00000049 _____ C:\WINDOWS\wiaservc.log
2014-01-13 10:28 - 2013-02-14 16:26 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-13 10:27 - 2003-02-20 10:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-13 00:22 - 2013-11-22 12:56 - 00032398 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-13 00:21 - 2013-12-31 21:53 - 01750752 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-01-13 00:21 - 2010-07-29 06:43 - 00000178 ___SH C:\Documents and Settings\jody\ntuser.ini
2014-01-13 00:03 - 2014-01-13 00:03 - 00497946 _____ C:\Documents and Settings\jody\Desktop\1389591523 RootkitBuster Full Results.txt
2014-01-12 23:38 - 2014-01-12 23:38 - 00000000 ____D C:\Documents and Settings\jody\Desktop\log
2014-01-12 23:38 - 2014-01-12 23:37 - 00000000 ____D C:\Documents and Settings\jody\Desktop\TMRBLog
2014-01-12 23:37 - 2014-01-12 23:38 - 00205072 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2014-01-12 23:37 - 2013-12-22 18:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-01-12 23:37 - 2013-11-22 15:17 - 00000000 ____D C:\Documents and Settings\jody\Desktop\mbar
2014-01-12 23:24 - 2010-10-18 13:54 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-981743920-2115803770-991051512-1005UA.job
2014-01-12 23:16 - 2014-01-12 23:16 - 00104664 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-01-12 23:16 - 2013-12-22 18:43 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-12 16:32 - 2014-01-12 16:32 - 00000626 _____ C:\WINDOWS\setupapi.log
2014-01-11 14:28 - 2013-12-29 14:11 - 00036352 _____ C:\Documents and Settings\jody\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-10 23:43 - 2010-07-29 06:43 - 00000000 ____D C:\Documents and Settings\jody
2014-01-10 23:32 - 2012-11-30 11:14 - 00000000 ___RD C:\Documents and Settings\jody\My Documents\Dropbox
2014-01-10 23:24 - 2014-01-10 23:01 - 00002445 _____ C:\Documents and Settings\jody\Desktop\HiJackThis.lnk
2014-01-10 23:01 - 2014-01-10 23:01 - 00000000 ____D C:\Documents and Settings\jody\Start Menu\Programs\HiJackThis
2014-01-10 22:59 - 2014-01-10 22:59 - 01402880 _____ C:\Documents and Settings\jody\Desktop\HiJackThis.msi
2014-01-10 14:47 - 2013-09-30 10:38 - 00042990 _____ C:\Documents and Settings\jody\My Documents\jobs.xlsx
2014-01-10 12:00 - 2013-06-17 13:02 - 00000590 _____ C:\WINDOWS\Tasks\____Volume_8b293bf3_9b12_11df_b555_000e35613068______Volume_a7de7ffb_bd74_11e2_8a6f_00166fcd6ff9__.job
2014-01-10 11:24 - 2010-10-18 13:54 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-981743920-2115803770-991051512-1005Core.job
2014-01-10 04:34 - 2010-08-02 09:26 - 00000264 _____ C:\WINDOWS\Tasks\defrag 4am.job
2014-01-09 19:36 - 2012-09-18 18:51 - 00001072 _____ C:\Documents and Settings\jody\My Documents\jfbblankk_resume_-_Caterpillar IT PM opportunity.docx.lnk
2014-01-09 19:32 - 2014-01-09 19:32 - 02409708 _____ C:\Documents and Settings\jody\My Documents\EBAY RMA Dell Latitude E4300 Core 2 Duo 2_Page_2.tif
2014-01-09 19:32 - 2014-01-09 19:32 - 00644704 _____ C:\Documents and Settings\jody\My Documents\EBAY RMA Dell Latitude E4300 Core 2 Duo 2_Page_1.tif
2014-01-08 21:09 - 2010-07-30 23:27 - 00000000 ____D C:\My Originals
2014-01-08 20:42 - 2010-09-14 21:56 - 00000000 __SHD C:\WINDOWS\CSC
2014-01-08 16:51 - 2010-12-10 11:06 - 00000000 ____D C:\Documents and Settings\jody\Application Data\vlc
2014-01-08 15:40 - 2003-02-20 10:09 - 00000000 ____D C:\WINDOWS\Registration
2014-01-08 15:23 - 2013-10-22 09:06 - 00000000 ____D C:\Documents and Settings\jody\My Documents\ATI 2013-09-20
2014-01-08 13:54 - 2014-01-08 13:54 - 00122076 _____ C:\Documents and Settings\jody\Desktop\OTL.Txt
2014-01-08 12:56 - 2014-01-08 12:55 - 00000000 ____D C:\Documents and Settings\jody\Desktop\OTL Saved
2014-01-08 11:52 - 2014-01-08 11:52 - 00987410 _____ C:\Documents and Settings\jody\Desktop\SecurityCheck.exe
2014-01-08 11:26 - 2014-01-08 11:26 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\jody\Desktop\OTL.exe
2014-01-08 11:21 - 2010-09-10 17:59 - 00016400 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2014-01-08 10:57 - 2014-01-08 10:57 - 00688992 ____R (Swearware) C:\Documents and Settings\jody\Desktop\dds.com
2014-01-08 10:26 - 2014-01-08 10:26 - 00003525 _____ C:\Documents and Settings\jody\Desktop\RootkitReveal.txt
2014-01-08 10:25 - 2003-02-20 10:20 - 00000000 __SHD C:\Documents and Settings\LocalService
2014-01-08 09:58 - 2014-01-08 09:56 - 00000000 ____D C:\Qoobox
2014-01-08 09:56 - 2010-07-29 07:17 - 00000000 ____D C:\WINDOWS\ERDNT
2014-01-08 09:55 - 2010-09-29 08:09 - 00000000 ____D C:\Program Files\Sysinternals
2014-01-08 09:53 - 2014-01-08 09:53 - 05162308 ____R (Swearware) C:\Documents and Settings\jody\Desktop\ComboFix.exe
2014-01-08 09:51 - 2011-06-21 17:31 - 00001984 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-07 10:13 - 2014-01-07 10:13 - 00002751 _____ C:\Documents and Settings\jody\My Documents\Dustin phone screen TEKservices, State Farm.txt
2014-01-07 00:06 - 2014-01-06 23:45 - 00000000 ____D C:\Documents and Settings\jody\Application Data\Yahoo!
2014-01-07 00:06 - 2014-01-06 23:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo!
2014-01-06 17:02 - 2010-10-18 14:05 - 00013485 _____ C:\Documents and Settings\jody\My Documents\Google Voice accounts.xlsx
2014-01-06 16:58 - 2010-08-24 10:14 - 00000000 ____D C:\My Documents Personal
2014-01-06 12:50 - 2014-01-06 12:50 - 00000715 _____ C:\Documents and Settings\jody\Desktop\procexp.exe.lnk
2014-01-06 09:24 - 2010-07-29 14:27 - 00000000 ____D C:\Program Files\Palm
2013-12-31 09:47 - 2013-12-31 09:47 - 00000083 _____ C:\Documents and Settings\jody\My Documents\dell e4300.txt
2013-12-30 11:09 - 2010-07-29 14:55 - 00000000 ____D C:\Documents and Settings\jody\Application Data\Skype
2013-12-29 20:21 - 2013-12-29 13:13 - 00000000 ____D C:\Documents and Settings\jody\My Documents\Audit, IT Audit, Risk IT
2013-12-27 12:26 - 2013-12-27 12:22 - 00016735 _____ C:\Documents and Settings\jody\My Documents\JPMC for target or unusual activity.CSV
2013-12-27 08:55 - 2010-08-04 11:16 - 00000000 ____D C:\Program Files\Google
2013-12-26 13:53 - 2013-11-22 14:44 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-26 13:52 - 2013-12-26 13:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google
2013-12-26 13:52 - 2010-08-04 11:16 - 00000000 ____D C:\Documents and Settings\jody\Local Settings\Application Data\Google
2013-12-26 13:35 - 2012-10-14 22:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2013-12-26 13:19 - 2012-10-23 02:03 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-26 13:19 - 2012-10-23 02:03 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-26 13:18 - 2010-07-29 15:09 - 00000000 ____D C:\Documents and Settings\jody\Local Settings\Application Data\Adobe
2013-12-26 13:11 - 2010-07-29 14:48 - 00000000 ____D C:\Program Files\Java
2013-12-26 13:06 - 2013-12-26 13:07 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-26 13:06 - 2013-12-26 13:06 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-26 13:06 - 2013-12-26 13:06 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-26 13:06 - 2013-12-26 13:06 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-12-26 13:06 - 2011-11-22 11:22 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-12-23 14:03 - 2013-12-23 11:58 - 00001294 _____ C:\Documents and Settings\jody\Desktop\Interrupts.txt
2013-12-23 09:13 - 2010-11-10 19:40 - 00007746 _____ C:\Documents and Settings\jody\My Documents\startup.txt
2013-12-23 08:41 - 2003-02-20 10:10 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-12-22 18:43 - 2013-12-22 18:42 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\jody\Desktop\mbar-1.07.0.1008.exe
2013-12-22 18:10 - 2013-11-22 20:42 - 00000000 ____D C:\AdwCleaner
2013-12-22 18:08 - 2013-11-22 20:38 - 00006921 _____ C:\Documents and Settings\jody\My Documents\Pup Optional Conduit MBAM removal.txt
2013-12-22 18:07 - 2013-12-22 18:07 - 01233962 _____ C:\Documents and Settings\jody\Desktop\AdwCleaner.exe
2013-12-21 06:56 - 2013-12-21 06:56 - 00003207 _____ C:\Documents and Settings\jody\Desktop\aswMBR.txt
2013-12-21 06:56 - 2013-12-21 06:56 - 00000512 _____ C:\Documents and Settings\jody\Desktop\MBR.dat
2013-12-21 06:45 - 2013-12-21 06:45 - 04745728 _____ (AVAST Software) C:\Documents and Settings\jody\Desktop\aswMBR.exe
2013-12-21 06:40 - 2013-12-21 06:40 - 00099594 _____ C:\Documents and Settings\jody\Desktop\TDSKiller Report.txt
2013-12-21 06:15 - 2013-12-21 06:15 - 00048155 _____ C:\Documents and Settings\jody\Desktop\Gmer.log
2013-12-21 06:14 - 2013-12-21 06:14 - 00048155 _____ C:\Documents and Settings\jody\Desktop\Gmer copy.txt
2013-12-21 00:24 - 2013-12-21 00:24 - 00377856 _____ C:\Documents and Settings\jody\Desktop\GMERkww7i608.exe
2013-12-21 00:23 - 2013-12-21 00:23 - 08656400 _____ (Trend Micro Inc.) C:\Documents and Settings\jody\Desktop\RootkitBuster_v5_1061.exe
2013-12-21 00:09 - 2013-12-21 00:09 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-12-21 00:03 - 2013-12-21 00:03 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\jody\Desktop\tdsskiller.exe
2013-12-20 23:03 - 2013-12-20 23:03 - 00166400 _____ C:\Documents and Settings\jody\Desktop\ConflictInfo.exe
2013-12-20 23:03 - 2013-12-20 23:03 - 00000751 _____ C:\Documents and Settings\jody\Desktop\ConflictInfo.txt
2013-12-20 23:02 - 2013-12-20 23:02 - 00294400 _____ C:\Documents and Settings\jody\Desktop\exeHelper.com
2013-12-20 22:31 - 2003-02-20 10:20 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-12-20 22:31 - 2003-02-20 10:20 - 00000000 ____D C:\Documents and Settings\Administrator
2013-12-20 19:03 - 2010-07-30 15:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973540_WM9$
2013-12-20 11:45 - 2013-12-20 11:43 - 00000267 _____ C:\Documents and Settings\jody\My Documents\Rachel corydon comcast linksys details.txt
2013-12-17 07:49 - 2003-02-20 10:03 - 00578242 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-16 21:24 - 2010-07-29 12:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB970238$
2013-12-16 21:23 - 2012-03-14 16:29 - 03690242 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-981743920-2115803770-991051512-1005-0.dat
2013-12-16 21:23 - 2011-01-04 13:52 - 00284714 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:42 PM

Posted 14 January 2014 - 09:07 AM


This will remove the empty items from the registry.
I do not think that you problem will be solved with this fix.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S4 LK; C:\DOCUME~1\jody\LOCALS~1\Temp\LK.exe [x]
S4 LMIRfsClientNP; No ImagePath[/B]

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.
===

Run this repair tool. Keep me posted on the end results.

Download this program to your desktop.
Tweaking.com - Windows Repair 1.9.16
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Repair CD/DVD Missing/Not Working
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair


#5 dr.wireMORE

dr.wireMORE
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Americas
  • Local time:07:42 PM

Posted 14 January 2014 - 01:41 PM

Results:  during the repair_windows, (about 2/3 done) was prompted to turn off the firewall, which I did.  Later, after the reboot, windows reports no firewall/anti-virus, but Norton says everything is ok (see image).  Cautious, I disabled the wireless (took it off the network) and used another computer to give you this report and the logs.

 

While you did not ask for the Windows_Repair log (toook about 45 minutes to run) they are both attached in two zips:

Logs

Repair_Info.

 

(PS:  I have noticed before we started, and on-going during this repair, that to do a download, I seem to have to do it twice.  As in two clicks to get something to happen on the internet (download or such) where typically it always worked the first time.) FYI

(PPS: thank you for your efforts to resolve this for me.)  DW

 

FIXLOG.TXT

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-11-2013
Ran by jody at 2014-01-14 11:10:14 Run:1
Running from C:\Documents and Settings\jody\Desktop\FRST
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S4 LK; C:\DOCUME~1\jody\LOCALS~1\Temp\LK.exe [x]
S4 LMIRfsClientNP; No ImagePath[/B]

end

*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => Value deleted successfully.
HKCR\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
LK => Service deleted successfully.
LMIRfsClientNP => Service deleted successfully.

==== End of Fixlog ====

 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:42 PM

Posted 14 January 2014 - 02:23 PM

(PS: I have noticed before we started, and on-going during this repair, that to do a download, I seem to have to do it twice. As in two clicks to get something to happen on the internet (download or such) where typically it always worked the first time.) FYI

Open the properties of your mouse and look at the various settings.
This double click may have been changed by the fixes, not sure.

Is your other problem persisting?

#7 dr.wireMORE

dr.wireMORE
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Americas
  • Local time:07:42 PM

Posted 14 January 2014 - 02:41 PM

 

Open the properties of your mouse and look at the various settings.
This double click may have been changed by the fixes, not sure.

Is your other problem persisting?

 

Hi nasdaq, appreciate all your help.  Is your other problem persisting?  Which of my problems are you referring to? Still doesn't feel right; the double click on an internet file seems to have gone away; Windows not recognizing Norton is new.

 

A list, if it helps: (Believing that my Norton was in fact running, I came back on-line, connected to the network.)

 

Microsoft rootkit reveal, and showed 27 items:  didn't check.

 

Download of Farbar from Bleeping Computer:  This now works, and it is full size. (yahoo)

 

Mouse settings?  There is no issue with my mouse settings.  It was a double take in internet explorer only, no where else. (Makes me worry that my clicks are being spoofed, unverified.  Just sharing that as part of full-disclosure)

 

System has not hung during our testing; not sure if that problem is here / not. Have been very careful to only do as you instruct.

 

Windows Security Settings (new) not recognizing that Norton is installed:  This remains, but Norton is installed/working.

 

Combofix not running? Would not run such a tool withour your advice.

 

dw

 

 

 

 

 

 

 



#8 dr.wireMORE

dr.wireMORE
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Americas
  • Local time:07:42 PM

Posted 14 January 2014 - 03:11 PM

Update:  as I was re-reading my above post, the unit just hung (original problem.)

- press and hold the power button, nothing. (usually this will produce a hard shut-off, but it isn't.)

- alt ctrl del, nothing; x2, nothing

- there is a bit of disk activity, not a lot.

 

Pulled the power, removed one of two batteries (in the CD-slot) <down>.  Makes me wonder about the back battery, given it was on a/c power. Then I restarted.  Gave you this update quickly, using a separate laptop for speed of reply.

 

WIth A/C disconnected, tried to power-up using just the back battery, nada

Tried to power-up using just the CD slot battery, came up.

 

With just the CD slot battery, 50 minutes remain

Adding the back battery, says 2Hrs, 29 minutes remain. 

(Just sharing, not sure if that adds any info to the issue.  )

Plugged in a/c power, says batteries (combined) at 95%

 

As part of trying all combinations, did a shut-down, and removed A/C and the CD battery. (leaving just the back battery)

Started right up. 

Confirmed: boots up with CD battery alone; or Back Battery; or with both batteries. 

 

Whew, was worried it was a defective battery, whew.

 

dw

 

dw


Edited by dr.wireMORE, 14 January 2014 - 03:17 PM.


#9 dr.wireMORE

dr.wireMORE
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Americas
  • Local time:07:42 PM

Posted 14 January 2014 - 03:41 PM

Upon boot up, I went to the event viewer.  There are a zillion new, today, warnings on WinMGMT.  Now, while I can get it up and running, the screen saver is running, but I can't break into it. Meaning get context to do anything. So the laptop is running a normal screen saver, but can't get it to recognize the keyboard/mouse/activity. <drats> (from a different laptop.)



#10 dr.wireMORE

dr.wireMORE
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Americas
  • Local time:07:42 PM

Posted 14 January 2014 - 04:02 PM

Hi, restarted in safe mode; configured a different screen saver just in case, rebooted normally.  Standing by for your advice.  DW



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:42 PM

Posted 15 January 2014 - 09:00 AM

Run this tool and keep me posted one the issue.

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset Registry Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Remove Policies Set By Infections
Repair Icons
Remove Temp Files
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair


#12 dr.wireMORE

dr.wireMORE
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Americas
  • Local time:07:42 PM

Posted 15 January 2014 - 11:19 AM

Attached File  All_Post_Windows_Repair_Logs 2.zip   11.59KB   0 downloadsNote to self:  went to the previously downloaded zip file and extracted from the zip, the original  Repair_Windows.exe, on top of the previous one used, as instructed. 

 

Took the laptop off the lan, and disconnected from the wireless

Disabled Norton firewall/anti-virus (not sure I did this the first time.)

Start scan with the settings advised

  1. Noticed in the cmd windows a handful of registry repair actions failed.
  2. About ½ way, prompted if I want to turn off Windows firewall, said no.
  3. Total time, 10-15 minutes.

 

It restarted normally.  I went to the Security Center to confirm all is well.

  1. Firewall was up
  2. Antivirus, previously set to not monitor, was still not monitoring.  Unchecked not to monitor.
    1. Enabled Norton smart firewall.  Security Center still has the windows firewall on, this is unusual. Now I have two firewalls, when Norton should be taking over. <drats>
    2. Enabled Norton anti-virus.  Security center did not detect that I had an anti-virus. <drats>
    3. (Net, no change to my security center, since the first run of Repair_Windows.exe)
       
  3. Ran process explorer just in case something was odd, or funny.  Overall, CPU usage was the lowest I have ever seen! Memory usage lowest I have seen lately as well.  For sure, the laptop is running better/faster.  
  4. Put back on the lan, and connected the wireless.
  5. Rebooted and double checked the Security Center. Still doesn’t detect I have Norton  installed. <drats>

Checking the repair folder, there were new logs(attached); but the repairs_info hadn't changed (not attached)

 

DW (who says thank you for your investment in my successful cleaning. Are we pretty confident that I have no root kits or such lurking hidden, spoofing my activity? Will we be able to fix the Security Center? Why did TrendMicro RootKitBuster flag all my favorites with file_stream? <before we started working together, not after>) 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:42 PM

Posted 15 January 2014 - 02:08 PM


Lets check these services.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#14 dr.wireMORE

dr.wireMORE
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Americas
  • Local time:07:42 PM

Posted 15 January 2014 - 10:45 PM

Thank you again for your input. There was no material change, I'll explain.

1-Before running FSS: Norton Running, but not detected by the Security Center. Security Center warning icon X in the system tray.

2-After running FSS: Norton running, but not detected by the Security Center. Security center warning icon X in the system tray. (no change)

3-After a reboot: Norton running, but not detected by the Security Center. Now, NO Security center warning icon. ?? <interesting development>

 

FSS.txt

 

Farbar Service Scanner Version: 08-01-2014
Ran by jody (administrator) on 15-01-2014 at 21:11:50
Running from "C:\Documents and Settings\jody\Desktop\Farbar Service Scanner"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(16) Bridge(15) BridgeMP(14) Gpc(7) IPSec(5) irda(9) NetBT(6) PSched(8) RFCOMM(17) s24trans(10) SYMTDI(12) Tcpip(4)
0x1100000005000000010000000200000003000000040000000C000000060000000700000008000000090000000A0000000B0000000D0000000E0000000F0000001000000011000000
IpSec Tag value is correct.

**** End of log ****

 



#15 dr.wireMORE

dr.wireMORE
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Americas
  • Local time:07:42 PM

Posted 16 January 2014 - 12:34 AM

Update and pardon the self-help in advance.

 

Believing that in the process we (I) corrupted Norton, working with Norton support (who couldn't fix it as is.) we did a Norton removal, reboot, Norton install, live update x3, reboot, enabled the full security center, rebooted after a last update, and the security center is now recognizing that Norton is running and has control of the firewall/anti-virus.

 

Can we check for any root kits?  And is there any concern that "favorites", all 184 entries are detected with a <file_stream>?

 

Hope you don't mind, trying to cautiously be helpful.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users