Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

zzz.bat -- possibly Trojan.KillProc


  • This topic is locked This topic is locked
12 replies to this topic

#1 ewillyb

ewillyb

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 30 January 2014 - 01:29 PM

When I bootup, I get a cmd window which references a zzz.bat file in a Chrome browser program files directory.
 
I did some research which suggested it was a trojan. Trojan.KillProc.
 
The Kaspersky forum advised running ComboFix.
Which I did.
 
Which led me here.
 
I've attached the dds.txt and attach.txt files.
 
Please help me interpret.
 
Thank you,

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.9.2
Run by ebollinger at 23:14:21 on 2014-01-27
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16316.12997 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Program Files (x86)\OCS Inventory Agent\ocsservice.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\Products\Time Services\timesvc.exe
C:\Program Files (x86)\Triumfant, Inc\Triumfant Agent\TriumfantAgent.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exe
C:\Windows\system32\taskeng.exe
C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ebollinger\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Telephony Toolbar Services: {431A60E6-675F-4b9f-B3F0-66E0FECC8B34} - C:\Program Files (x86)\BroadSoft\BroadWorks Assistant Enterprise\bin\BW_Assistant_Enterprise_IE_S.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Telephony Toolbar Call Control: {8F1FF1A7-C048-4d6b-B052-56E42CE427CB} - C:\Program Files (x86)\BroadSoft\BroadWorks Assistant Enterprise\bin\BW_Assistant_Enterprise_IE_CC.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Telephony Toolbar Call Control: {6F6690B9-C5DB-4F08-8833-F2EF4DEE956B} - C:\Program Files (x86)\BroadSoft\BroadWorks Assistant Enterprise\bin\BW_Assistant_Enterprise_IE_CC.dll
TB: Telephony Toolbar Services: {F10D927F-D3DF-4734-98AB-DD258253F5FD} - C:\Program Files (x86)\BroadSoft\BroadWorks Assistant Enterprise\bin\BW_Assistant_Enterprise_IE_S.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [EM_EXEC] C:\PROGRA~2\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoWelcomeScreen = dword:1
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableCAD = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoWelcomeScreen = dword:1
mPolicies-Explorer: NoStartMenuMyMusic = dword:1
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://dora.do.treas.gov/vdesk/terminal/f5tunsrv.cab#version=7000,2011,104,2309
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://dora.do.treas.gov/vdesk/terminal/InstallerControl.cab#version=7000,2010,1020,1507
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://dora.do.treas.gov/vdesk/terminal/f5InspectionHost.cab#version=7000,2010,1020,1407
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxps://msdn.vo.msecnd.net/pr/MSDownloadManager_en-US.cab?e=1624911450&h=257922df4d56ad0f5be36b0e4bfa8756
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://ffx1vpn2.datatel.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {DC7D77DA-E1AC-4D40-930B-B87B2954E034} - hxxps://ffx2labmgr/LabManager/ControlPanel/Machines/MachineDetails/ActiveXControls/ViewerXVNC/vmware-mks.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/webex/ieatgpc1.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://dora.do.treas.gov/vdesk/terminal/urxhost.cab#version=7000,2011,124,911
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://remote.dot.gov/dana-cached/sc/JuniperSetupClient.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{15EA9D83-C0C8-4275-BC2E-90D0355AB226} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E808099D-E334-411B-AE55-936338D6BC05} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E808099D-E334-411B-AE55-936338D6BC05}\24C656E6E6562786163737564747 : DHCPNameServer = 8.8.8.8 8.8.4.4 8.8.8.8 8.8.4.4
TCP: Interfaces\{E808099D-E334-411B-AE55-936338D6BC05}\44D494D24434D27455543545143434543535 : DHCPNameServer = 4.2.2.2 64.83.1.9
TCP: Interfaces\{E808099D-E334-411B-AE55-936338D6BC05}\44D494E434D2E45445D275942554C4543535 : DHCPNameServer = 10.0.0.3 10.0.0.225
TCP: Interfaces\{E808099D-E334-411B-AE55-936338D6BC05}\5476763707563647164796F6E6 : DHCPNameServer = 64.238.96.12 66.180.96.12
TCP: Interfaces\{E808099D-E334-411B-AE55-936338D6BC05}\65562796A7F6E602D496649623230303024393438302355636572756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E808099D-E334-411B-AE55-936338D6BC05}\C696E6B6379737 : DHCPNameServer = 167.206.13.180 167.206.13.181
TCP: Interfaces\{F22A4C34-2F25-483B-A75E-157CBFF27B48} : DHCPNameServer = 10.0.0.225 10.0.0.3 10.0.0.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
x64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 10.0.4.160 di-st-emmc-cr
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ebollinger\AppData\Roaming\Mozilla\Firefox\Profiles\p2iyp53i.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\ebollinger\AppData\Local\Citrix\Plugins\94\npappdetector.dll
FF - plugin: C:\Users\ebollinger\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\ebollinger\AppData\Local\SMPlugins\npsmlauncher.dll
FF - plugin: C:\Users\ebollinger\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\ebollinger\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\ebollinger\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\npMSDM.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2010-11-19 30320]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2010-6-16 23664]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2010-7-30 15400]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2010-11-19 50536]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2010-7-30 45496]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-11-19 74088]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-7-30 93032]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-9-26 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-10-6 72216]
R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-4-23 210784]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-9-28 2078112]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2010-4-30 6237800]
R2 OCS INVENTORY;OCS INVENTORY SERVICE;C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe [2008-10-10 69632]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2010-11-19 61952]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]
R2 timesvc;Time Service;C:\Program Files (x86)\Products\Time Services\timesvc.exe -service -servicename timesvc --> C:\Program Files (x86)\Products\Time Services\timesvc.exe -service -servicename timesvc [?]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2010-7-30 63928]
R2 TriumfantAgent;Triumfant Agent;C:\Program Files (x86)\Triumfant, Inc\Triumfant Agent\TriumfantAgent.exe [2013-3-29 102400]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-9-29 12728]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-19 2533400]
R2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2010-8-24 444976]
R2 vmware-converter-server;VMware vCenter Converter Standalone Server;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2010-8-24 444976]
R2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2010-8-24 444976]
R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2013-1-7 167040]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2010-11-19 292864]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2010-11-19 295088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-21 137648]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-19 56344]
R3 Mandiant_Tools;Mandiant_Tools;C:\ProgramData\Application Data\Time Services\mktools.sys [2013-3-22 25168]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-18 7680512]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2009-10-8 41536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-4-23 2175328]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-11-19 35104]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-11-19 164200]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2010-11-19 31152]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-11-19 75112]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-4 59392]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-9-29 126392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-5 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\System32\drivers\RsFx0150.sys [2010-4-3 313696]
.
=============== Created Last 30 ================
.
2014-01-24 22:57:09 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-24 22:40:30 98816 ----a-w- C:\Windows\sed.exe
2014-01-24 22:40:30 256000 ----a-w- C:\Windows\PEV.exe
2014-01-24 22:40:30 208896 ----a-w- C:\Windows\MBR.exe
2014-01-24 19:25:19 -------- d-----w- C:\Program Files\iPod
2014-01-24 19:25:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-24 19:25:18 -------- d-----w- C:\Program Files\iTunes
2014-01-24 19:25:18 -------- d-----w- C:\Program Files (x86)\iTunes
2014-01-22 22:18:58 -------- d-----w- C:\Program Files (x86)\Log Parser 2.2
2014-01-22 22:16:01 -------- d-----w- C:\Users\ebollinger\AppData\Roaming\LizardLabs
2014-01-22 22:14:48 -------- d-----w- C:\Program Files (x86)\LizardLabs
2014-01-22 02:48:56 -------- d-----w- C:\Users\ebollinger\AppData\Local\LogMeIn Client
2014-01-16 18:21:46 -------- d-----w- C:\Program Files (x86)\Fiddler2
2014-01-15 21:26:19 -------- d-----w- C:\Users\ebollinger\AppData\Local\Microsoft Corporation
2014-01-15 14:27:09 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 14:27:09 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 14:27:09 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 14:27:09 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 14:27:09 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 14:27:09 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 14:27:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 14:27:08 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-15 14:27:07 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-14 15:43:31 -------- d-----w- C:\Program Files (x86)\Remote Desktop Connection Manager
2014-01-08 00:02:26 -------- d-----w- C:\Users\ebollinger\AppData\Roaming\Verizon
2014-01-07 23:58:47 -------- d-----w- C:\Program Files (x86)\Verizon
2014-01-06 21:04:07 -------- d-----w- C:\test_truecrypt
2014-01-06 21:00:00 -------- d-----w- C:\Users\ebollinger\AppData\Roaming\TrueCrypt
2014-01-06 20:59:31 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2014-01-06 20:59:31 -------- d-----w- C:\Program Files\TrueCrypt
2014-01-02 18:17:18 -------- d-----w- C:\Users\ebollinger\.startmeeting
2014-01-02 18:17:16 -------- d-----w- C:\Users\ebollinger\AppData\Local\StartMeeting
2014-01-02 18:17:16 -------- d-----w- C:\Users\ebollinger\AppData\Local\SMPlugins
2013-12-31 18:05:45 -------- d-----w- C:\Shorties
.
==================== Find3M ====================
.
2014-01-24 16:35:30 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2014-01-24 16:35:29 92488 ----a-w- C:\Windows\System32\LMIinit.dll
2014-01-24 16:35:29 35656 ----a-w- C:\Windows\System32\LMIport.dll
2013-12-29 20:06:42 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-29 20:06:42 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-12 16:02:17 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 23:15:10.60 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/29/2010 4:31:19 AM
System Uptime: 1/27/2014 9:16:55 PM (2 hours ago)
.
Motherboard: LENOVO | | 43192PU
Processor: Intel® Core™ i7 CPU Q 720 @ 1.60GHz | None | 1600/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 98.48 GiB free.
D: is CDROM ()
E: is CDROM ()
Q: is FIXED (NTFS) - 10 GiB total, 2.484 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0001
Service: CVirtA
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0002
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0002
Service: vpnva
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&296CA6B2&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&296CA6B2&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
RP273: 1/22/2014 5:14:03 PM - Installed Log Parser Lizard
RP274: 1/22/2014 5:18:46 PM - Installed Log Parser 2.2
RP275: 1/24/2014 5:40:43 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
Access Help
Adobe Acrobat XI Standard
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Analytics for Twitter
Android SDK Tools
Any Video Converter 3.2.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Balsamiq Mockups For Desktop
Belarc Advisor 8.2
BIG-IP Edge Client Components (All Users)
Bonjour
BroadWorks Assistant - Enterprise 18 (18.0.91.1) MB6
Burn.Now 4.5
Canon MP600
CCleaner
Cisco AnyConnect VPN Client
Cisco Systems VPN Client 5.0.07.0290
Cisco WebEx Meetings
Client Security - Password Manager
Conexant 20585 SmartAudio HD
ConvertXtoDVD 4.1.19.365
Corel Burn.Now Lenovo Edition
Corel DVD MovieFactory 7
Corel DVD MovieFactory Lenovo Edition
Create Recovery Media
D3DX10
Debut Video Capture Software
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Direct DiscRecorder
Disable AMT Profile Synchronization Pop-up for Windows Vista/7
Fiddler
FileZilla Client 3.5.3
GDR 1617 for SQL Server 2008 R2 (KB2494088) (64-bit)
GIMP 2.6.11
Git version 1.8.4-preview20130916
GitHub
Google Chrome
Google Drive
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.5.0.1133
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HTC BMP USB Driver
HTC Driver Installer
Integrated Camera Driver Installer Package Ver.1.1.0.48
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® PROSet/Wireless WiFi Software
Intel® Turbo Boost Technology Monitor
InterVideo WinDVD 8
iTunes
Java 7 Update 9
Java Auto Updater
Java™ SE Development Kit 6 Update 27 (64-bit)
JavaFX 2.1.1
Junk Mail filter update
Lenovo Auto Scroll Utility
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
Lenovo Warranty Information
Lenovo Welcome
LiveUpdate 3.3 (Symantec Corporation)
Log Parser 2.2
Log Parser Lizard
Logitech MouseWare 9.29 .3
LogMeIn
MANDIANT Intelligent Response Agent
Message Center Plus
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Download Manager
Microsoft Mouse and Keyboard Center
Microsoft Office 2003 Web Components
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Meeting 2007
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Online Services Sign-in Assistant
Microsoft Project Professional 2010
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 (64-bit)
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft SQL Server PowerPivot for Excel (32-bit)
Microsoft SQL Server System CLR Types (x64)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 (x64)
Microsoft Sync Services for ADO.NET v2.0 (x64)
Microsoft Visio Professional 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Mobile Broadband
Movie Maker
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 11.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
NEC Electronics USB 3.0 Host Controller Driver
Neuratron AudioScore Ultimate Demo
Notepad++
NVIDIA Control Panel 268.24
NVIDIA Graphics Driver 268.24
NVIDIA HD Audio Driver 1.2.23.3
NVIDIA Install Application
NVIDIA Performance Drivers
OCS Inventory Agent 4.0.5.0
On Screen Display
Opera 12.16
Photo Common
Photo Gallery
Picasa 3
PowerISO
Python 2.6 matplotlib-1.3.0 (64-bit)
Python 2.6 numpy-1.7.1 (64-bit)
Python 2.6.6 (64-bit)
Python 2.7 GDAL-1.9.2 (64-bit)
Quantum GIS Lisboa 1.8.0 Lisboa
QuickTime
R for Windows 2.15.3
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
Remote Desktop Connection Manager
Rescue and Recovery
RICOH R5U230 Media Driver ver.2.06.02.02
RStudio
Rtools 3.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SES Driver
SketchUp 8
Skype Click to Call
Skype™ 5.10
SQL Server 2008 R2 Analysis Services
SQL Server 2008 R2 BI Development Studio
SQL Server 2008 R2 Client Tools
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Database Engine Services
SQL Server 2008 R2 Database Engine Shared
SQL Server 2008 R2 Integration Services
SQL Server 2008 R2 Management Studio
SQL Server 2008 R2 Reporting Services
Sql Server Customer Experience Improvement Program
StartMeeting
Symantec Endpoint Protection
System Update
Tether
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad FullScreen Magnifier
ThinkPad Modem Adapter
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Active Protection System
ThinkVantage Communications Utility
ThinkVantage Fingerprint Software
Triumfant Agent
TrueCrypt
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Vim 7.3 (self-installing)
VirtualCloneDrive
Visio Add-In for WBS Modeler
VLC media player 2.0.2
VMware Player
VMware Remote Console Plug-in
VMware vCenter Converter Standalone
Vz In-Home Agent
WinDirStat 1.1.2
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Driver Package - Intel (e1kexpress) Net (06/22/2010 11.5.10.1012)
Windows Driver Package - Intel (HECIx64) System (09/17/2009 6.0.0.1179)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)
Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07)
Windows Driver Package - Synaptics (SynTP) Mouse (04/22/2010 15.0.18.0)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinHTTrack Website Copier 3.47-27 (x64)
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
1/27/2014 9:40:27 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
1/27/2014 9:38:23 AM, Error: Service Control Manager [7000] - The KScan service failed to start due to the following error: The system cannot find the file specified.
1/27/2014 9:37:46 AM, Error: Service Control Manager [7022] - The HsfXAudioService service hung on starting.
1/27/2014 9:23:50 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
1/27/2014 9:23:00 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
1/27/2014 9:18:36 PM, Error: Service Control Manager [7038] - The ReportServer service was unable to log on as DMI\ebollinger with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/27/2014 9:18:36 PM, Error: Service Control Manager [7038] - The MSSQLServerOLAPService service was unable to log on as dmi\ebollinger with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/27/2014 9:18:36 PM, Error: Service Control Manager [7038] - The MSSQLSERVER service was unable to log on as dmi\ebollinger with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/27/2014 9:18:36 PM, Error: Service Control Manager [7000] - The SQL Server Reporting Services (MSSQLSERVER) service failed to start due to the following error: The service did not start due to a logon failure.
1/27/2014 9:18:36 PM, Error: Service Control Manager [7000] - The SQL Server Analysis Services (MSSQLSERVER) service failed to start due to the following error: The service did not start due to a logon failure.
1/27/2014 9:18:36 PM, Error: Service Control Manager [7000] - The SQL Server (MSSQLSERVER) service failed to start due to the following error: The service did not start due to a logon failure.
1/27/2014 9:18:36 PM, Error: Service Control Manager [7000] - The regi service failed to start due to the following error: The system cannot find the file specified.
1/27/2014 9:18:19 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
1/27/2014 9:18:17 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain DMI due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
1/26/2014 1:53:24 PM, Error: Service Control Manager [7022] - The Security Center service hung on starting.
1/26/2014 1:43:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VMware vCenter Converter Standalone Agent service to connect.
1/26/2014 1:43:48 PM, Error: Service Control Manager [7000] - The VMware vCenter Converter Standalone Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/25/2014 9:30:25 AM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
1/24/2014 6:11:24 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
1/24/2014 6:05:06 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/24/2014 5:58:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VMware vCenter Converter Standalone Server service to connect.
1/24/2014 5:58:10 PM, Error: Service Control Manager [7000] - The VMware vCenter Converter Standalone Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/24/2014 5:52:53 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/24/2014 5:52:00 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/24/2014 2:31:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VMware Authorization Service service to connect.
1/24/2014 2:31:45 PM, Error: Service Control Manager [7000] - The VMware Authorization Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/22/2014 10:42:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
1/22/2014 10:42:09 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/22/2014 10:38:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
1/21/2014 7:48:06 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
1/21/2014 3:05:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management & Security Application User Notification Service service to connect.
1/21/2014 3:05:11 PM, Error: Service Control Manager [7000] - The Intel® Management & Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/21/2014 3:05:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service UNS with arguments "" in order to run the server: {80C25488-192B-4DE2-8150-5B2D2A2F835E}
1/21/2014 12:55:07 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioSrv service.
1/21/2014 12:50:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/21/2014 12:49:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
.
==== End Of File ===========================


Eric

Attached Files


Edited by Oh My, 09 February 2014 - 03:00 PM.
Posted logs


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:18 PM

Posted 04 February 2014 - 01:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/522638 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:18 PM

Posted 09 February 2014 - 03:01 PM

Greetings Eric and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this for me.

===================================================

Obtaining Current ComboFix.txt

--------------------

Please copy and paste the contents of the following file in your reply.
 

C:\ComboFix.txt


===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:18 PM

Posted 12 February 2014 - 07:14 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 ewillyb

ewillyb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 13 February 2014 - 12:17 AM

ComboFix 14-01-23.02 - ebollinger 01/24/2014  17:43:39.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16316.13340 [GMT -5:00]
Running from: c:\users\ebollinger\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ebollinger\AppData\Local\assembly\tmp
c:\users\ebollinger\g2mdlhlpx.exe
c:\windows\SysWow64\c.bat
G:\autorun.inf
Q:\AUTORUN.INF
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vpnagent
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-24 to 2014-01-24  )))))))))))))))))))))))))))))))
.
.
2014-01-24 22:52 . 2014-01-24 22:52 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-01-24 19:25 . 2014-01-24 19:25 -------- d-----w- c:\program files\iPod
2014-01-24 19:25 . 2014-01-24 19:26 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-24 19:25 . 2014-01-24 19:26 -------- d-----w- c:\program files\iTunes
2014-01-24 19:25 . 2014-01-24 19:26 -------- d-----w- c:\program files (x86)\iTunes
2014-01-22 22:18 . 2014-01-22 22:18 -------- d-----w- c:\program files (x86)\Log Parser 2.2
2014-01-22 22:16 . 2014-01-22 22:16 -------- d-----w- c:\users\ebollinger\AppData\Roaming\LizardLabs
2014-01-22 22:14 . 2014-01-22 22:14 -------- d-----w- c:\program files (x86)\LizardLabs
2014-01-22 02:48 . 2014-01-22 14:36 -------- d-----w- c:\users\ebollinger\AppData\Local\LogMeIn Client
2014-01-16 18:21 . 2014-01-16 18:21 -------- d-----w- c:\program files (x86)\Fiddler2
2014-01-15 21:26 . 2014-01-15 21:26 -------- d-----w- c:\users\ebollinger\AppData\Local\Microsoft Corporation
2014-01-15 14:27 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 14:27 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 14:27 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 14:27 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 14:27 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 14:27 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 14:27 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 14:27 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 14:27 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-14 15:43 . 2014-01-14 15:43 -------- d-----w- c:\program files (x86)\Remote Desktop Connection Manager
2014-01-08 00:02 . 2014-01-08 00:02 -------- d-----w- c:\users\ebollinger\AppData\Roaming\Verizon
2014-01-07 23:58 . 2014-01-07 23:58 -------- d-----w- c:\program files (x86)\Verizon
2014-01-06 21:04 . 2014-01-06 21:05 -------- d-----w- C:\test_truecrypt
2014-01-06 21:00 . 2014-01-06 21:04 -------- d-----w- c:\users\ebollinger\AppData\Roaming\TrueCrypt
2014-01-06 20:59 . 2014-01-06 20:59 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2014-01-06 20:59 . 2014-01-06 20:59 -------- d-----w- c:\program files\TrueCrypt
2014-01-02 18:17 . 2014-01-02 18:17 -------- d-----w- c:\users\ebollinger\.startmeeting
2014-01-02 18:17 . 2014-01-02 18:17 -------- d-----w- c:\users\ebollinger\AppData\Local\StartMeeting
2014-01-02 18:17 . 2014-01-02 18:17 -------- d-----w- c:\users\ebollinger\AppData\Local\SMPlugins
2013-12-31 18:05 . 2014-01-02 16:57 -------- d-----w- C:\Shorties
2013-12-28 17:01 . 2013-12-28 17:02 -------- d-----w- c:\program files\WinHTTrack
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-24 16:35 . 2011-10-06 15:06 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-01-24 16:35 . 2011-10-06 15:06 35656 ----a-w- c:\windows\system32\LMIport.dll
2014-01-24 16:35 . 2011-10-06 15:06 92488 ----a-w- c:\windows\system32\LMIinit.dll
2014-01-16 00:09 . 2011-03-05 20:11 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-29 20:06 . 2012-03-30 13:54 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-29 20:06 . 2011-05-19 12:44 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-12 16:02 . 2011-10-06 15:06 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-12-03 04:11 . 2013-12-03 04:11 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 04:11 . 2013-12-03 04:11 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-03 04:11 . 2013-12-03 04:11 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-03 04:11 . 2013-12-03 04:11 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-03 04:11 . 2013-12-03 04:11 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-03 04:11 . 2013-12-03 04:11 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-03 04:11 . 2013-12-03 04:11 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-03 04:11 . 2013-12-03 04:11 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-03 04:11 . 2013-12-03 04:11 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-03 04:11 . 2013-12-03 04:11 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-03 04:11 . 2013-12-03 04:11 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-03 04:11 . 2013-12-03 04:11 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-03 04:11 . 2013-12-03 04:11 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-03 04:11 . 2013-12-03 04:11 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-03 04:11 . 2013-12-03 04:11 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-03 04:11 . 2013-12-03 04:11 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-03 04:11 . 2013-12-03 04:11 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-03 04:11 . 2013-12-03 04:11 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-03 04:11 . 2013-12-03 04:11 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-03 04:11 . 2013-12-03 04:11 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-03 04:11 . 2013-12-03 04:11 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-03 04:11 . 2013-12-03 04:11 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-03 04:11 . 2013-12-03 04:11 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-03 04:11 . 2013-12-03 04:11 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-03 04:11 . 2013-12-03 04:11 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-03 04:11 . 2013-12-03 04:11 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-03 04:11 . 2013-12-03 04:11 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 04:11 . 2013-12-03 04:11 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-03 04:11 . 2013-12-03 04:11 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-03 04:11 . 2013-12-03 04:11 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-03 04:11 . 2013-12-03 04:11 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-03 04:11 . 2013-12-03 04:11 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-03 04:11 . 2013-12-03 04:11 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-03 04:11 . 2013-12-03 04:11 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-03 04:11 . 2013-12-03 04:11 413696 ----a-w- c:\windows\system32\html.iec
2013-12-03 04:11 . 2013-12-03 04:11 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 04:11 . 2013-12-03 04:11 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-03 04:11 . 2013-12-03 04:11 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-03 04:11 . 2013-12-03 04:11 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-03 04:11 . 2013-12-03 04:11 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-03 04:11 . 2013-12-03 04:11 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-03 04:11 . 2013-12-03 04:11 235520 ----a-w- c:\windows\system32\url.dll
2013-12-03 04:11 . 2013-12-03 04:11 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-03 04:11 . 2013-12-03 04:11 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-03 04:11 . 2013-12-03 04:11 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-03 04:11 . 2013-12-03 04:11 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-03 04:11 . 2013-12-03 04:11 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-03 04:11 . 2013-12-03 04:11 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-03 04:11 . 2013-12-03 04:11 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-03 04:11 . 2013-12-03 04:11 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-03 04:11 . 2013-12-03 04:11 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-03 04:11 . 2013-12-03 04:11 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-03 04:11 . 2013-12-03 04:11 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-03 04:11 . 2013-12-03 04:11 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-03 04:11 . 2013-12-03 04:11 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-03 04:11 . 2013-12-03 04:11 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-03 04:11 . 2013-12-03 04:11 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-03 04:11 . 2013-12-03 04:11 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-03 04:11 . 2013-12-03 04:11 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-26 11:54 . 2013-12-11 14:52 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-11 14:52 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-11 14:52 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-11 14:52 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-11 14:52 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-11 14:52 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-11 14:52 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-11 14:52 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-11 14:52 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-11 14:52 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-11 14:52 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-11 14:52 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-11 14:52 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-11 14:52 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-11 14:52 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-11 14:52 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 14:52 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-11 14:52 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-11 14:52 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-11 14:52 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-11 14:52 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-11 14:52 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-11 14:52 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-11 14:52 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-10 21:18 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-10 21:18 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 02:23 . 2013-12-10 21:18 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-10 21:18 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-10 21:18 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-10 21:18 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-03 00:27 220632 ----a-w- c:\users\ebollinger\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-03 00:27 220632 ----a-w- c:\users\ebollinger\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-03 00:27 220632 ----a-w- c:\users\ebollinger\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-28 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-05-03 112152]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-08-04 1129832]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"EM_EXEC"="c:\progra~2\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-07-26 34816]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-09-05 3478392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-11-20 64112]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ   kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-354596566-239819288-449157275-2658\Scripts\Logon\0\0]
"Script"=itdept.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-354596566-239819288-449157275-2658\Scripts\Logon\1\0]
"Script"=finance.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-354596566-239819288-449157275-2658\Scripts\Logon\2\0]
"Script"=printers.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-354596566-239819288-449157275-2658\Scripts\Logon\2\1]
"Script"=shares.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-354596566-239819288-449157275-3642\Scripts\Logon\0\0]
"Script"=triumfant.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-354596566-239819288-449157275-3642\Scripts\Logon\1\0]
"Script"=timesec install new.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-354596566-239819288-449157275-3642\Scripts\Logon\2\0]
"Script"=finance.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
2;2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [x]
R2 vmware-converter-server;VMware vCenter Converter Standalone Server;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [x]
R3 bmdrvr;Modified Clusters Tracking Driver;SysWOW64\drivers\bmdrvr.sys;SysWOW64\drivers\bmdrvr.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 KScan;KScan;c:\windows\system32\kscan.sys;c:\windows\SYSNATIVE\kscan.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0150.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [x]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [x]
S2 OCS INVENTORY;OCS INVENTORY SERVICE;c:\program files (x86)\OCS Inventory Agent\ocsservice.exe;c:\program files (x86)\OCS Inventory Agent\ocsservice.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 timesvc;Time Service;c:\program files (x86)\Products\Time Services\timesvc.exe;c:\program files (x86)\Products\Time Services\timesvc.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 TriumfantAgent;Triumfant Agent;c:\program files (x86)\Triumfant, Inc\Triumfant Agent\TriumfantAgent.exe;c:\program files (x86)\Triumfant, Inc\Triumfant Agent\TriumfantAgent.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Mandiant_Tools;Mandiant_Tools;c:\programdata\Application Data\Time Services\mktools.sys;c:\programdata\Application Data\Time Services\mktools.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28 20:20]
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28 20:20]
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-354596566-239819288-449157275-3642Core.job
- c:\users\ebollinger\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-26 14:46]
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-354596566-239819288-449157275-3642UA.job
- c:\users\ebollinger\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-26 14:46]
.
2014-01-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-05-07 19:52]
.
2014-01-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-05-08 18:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-03 00:27 244696 ----a-w- c:\users\ebollinger\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-03 00:27 244696 ----a-w- c:\users\ebollinger\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-03 00:27 244696 ----a-w- c:\users\ebollinger\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
"TpShocks"="TpShocks.exe" [2010-07-02 380776]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
Trusted Zone: skillport.com\dmi-learning
Trusted Zone: skillport.com\www
Trusted Zone: skillsoft.com\www
Trusted Zone: skillsoft.com\www.support
Trusted Zone: treas.gov\dora.do
TCP: DhcpNameServer = 10.0.0.225 10.0.0.3 10.0.0.2
TCP: Interfaces\{15EA9D83-C0C8-4275-BC2E-90D0355AB226}: NameServer = 8.8.8.8,8.8.4.4
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://ffx1vpn2.datatel.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {DC7D77DA-E1AC-4D40-930B-B87B2954E034} - hxxps://ffx2labmgr/LabManager/ControlPanel/Machines/MachineDetails/ActiveXControls/ViewerXVNC/vmware-mks.cab
FF - ProfilePath - c:\users\ebollinger\AppData\Roaming\Mozilla\Firefox\Profiles\p2iyp53i.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-autoauto - c.bat
SafeBoot-Symantec Antvirus
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Belarc Advisor - c:\progra~2\Belarc\Advisor\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
   6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}"=hex:51,66,7a,6c,4c,1d,38,12,38,80,55,
   bb,4c,f5,b9,07,e0,03,0c,7b,9e,91,8a,c6
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:0b,06,e9,54,02,5e,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0a,be,fc,9b,a7,b3,4a,46,b0,5e,58,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0a,be,fc,9b,a7,b3,4a,46,b0,5e,58,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\progra~2\ThinkPad\UTILIT~1\PWMUI.EXE
c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
.
**************************************************************************
.
Completion time: 2014-01-24  18:08:24 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-24 23:08
.
Pre-Run: 105,449,578,496 bytes free
Post-Run: 104,997,023,744 bytes free
.
- - End Of File - - A2020C94FED208B93363142BC7755277
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2014 01
Ran by ebollinger (administrator) on DML-RBOLLINGER2 on 13-02-2014 00:13:11
Running from C:\Users\ebollinger\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
(http://www.ocsinventory-ng.org) C:\Program Files (x86)\OCS Inventory Agent\ocsservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
() C:\Program Files (x86)\Products\Time Services\timesvc.exe
(Triumfant, Inc.) C:\Program Files (x86)\Triumfant, Inc\Triumfant Agent\TriumfantAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
() C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
(Lenovo Group Limited) c:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exe
(Google Inc.) C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\chrome.exe
(Google) C:\Users\ebollinger\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69560 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2010-07-01] (Lenovo.)
HKLM\...\Run: [IntelliType Pro] - c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-02] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [ccApp] - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2009-07-08] (Symantec Corporation)
HKLM-x32\...\Run: [EM_EXEC] - C:\Program Files (x86)\Logitech\MouseWare\system\EM_EXEC.EXE [34816 2001-07-26] (Logitech Inc.                    )
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VMware hqtray] - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe [64112 2010-11-19] (VMware, Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\.DEFAULT\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuMyMusic] 1
HKU\S-1-5-21-354596566-239819288-449157275-3642\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-28] (Google Inc.)
HKU\S-1-5-21-354596566-239819288-449157275-3642\...\Run: [GoToMeeting] - C:\Program Files (x86)\Citrix\GoToMeeting\1133\g2mstart.exe [40816 2013-04-08] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-354596566-239819288-449157275-3642\...\Run: [Google Update] - C:\Users\ebollinger\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-24] (Google Inc.)
HKU\S-1-5-21-354596566-239819288-449157275-3642\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-354596566-239819288-449157275-3642\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Telephony Toolbar Services - {431A60E6-675F-4b9f-B3F0-66E0FECC8B34} - C:\Program Files (x86)\BroadSoft\BroadWorks Assistant Enterprise\bin\BW_Assistant_Enterprise_IE_S.dll (BroadSoft® Australia Pty Ltd)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Telephony Toolbar Call Control - {8F1FF1A7-C048-4d6b-B052-56E42CE427CB} - C:\Program Files (x86)\BroadSoft\BroadWorks Assistant Enterprise\bin\BW_Assistant_Enterprise_IE_CC.dll (BroadSoft® Australia Pty Ltd)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Telephony Toolbar Call Control - {6F6690B9-C5DB-4F08-8833-F2EF4DEE956B} - C:\Program Files (x86)\BroadSoft\BroadWorks Assistant Enterprise\bin\BW_Assistant_Enterprise_IE_CC.dll (BroadSoft® Australia Pty Ltd)
Toolbar: HKLM-x32 - Telephony Toolbar Services - {F10D927F-D3DF-4734-98AB-DD258253F5FD} - C:\Program Files (x86)\BroadSoft\BroadWorks Assistant Enterprise\bin\BW_Assistant_Enterprise_IE_S.dll (BroadSoft® Australia Pty Ltd)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {B94C2238-346E-4C5E-9B36-8CC627F35574} 
DPF: HKLM-x32 {CC679CB8-DC4B-458B-B817-D447B3B6AC31} https://ffx1vpn2.datatel.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://dora.do.treas.gov/vdesk/terminal/urxhost.cab#version=7000,2011,124,911
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://remote.dot.gov/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 12 C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll [330352] (VMware, Inc.)
Winsock: Catalog9 13 C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll [330352] (VMware, Inc.)
Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll [438384] (VMware, Inc.)
Winsock: Catalog9-x64 13 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll [438384] (VMware, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.10.10.1
Tcpip\..\Interfaces\{15EA9D83-C0C8-4275-BC2E-90D0355AB226}: [NameServer]8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\ebollinger\AppData\Roaming\Mozilla\Firefox\Profiles\p2iyp53i.default
FF SelectedSearchEngine: Google
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/DownloadManager,version=1.1 - C:\Windows\ ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\ebollinger\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @startmeeting.com/launcher - C:\Users\ebollinger\AppData\Local\SMPlugins\npsmlauncher.dll (Start Meeting)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\ebollinger\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\ebollinger\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\ebollinger\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\ebollinger\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\ebollinger\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\ebollinger\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\ebollinger\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\ebollinger\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Telephony Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\{318DDCC6-4A8F-4ad7-AFA8-F40F0D044C90} [2014-02-06]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-06]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-09-06]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2014-01-16]
FF HKCU\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension
FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension [2010-11-19]
 
Chrome: 
=======
CHR HomePage: hxxp://my.yahoo.com/
CHR Plugin: (Shockwave Flash) - C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\ebollinger\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\ebollinger\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\ebollinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-02]
CHR Extension: (YouTube) - C:\Users\ebollinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-20]
CHR Extension: (Google Search) - C:\Users\ebollinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-20]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\ebollinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-09-06]
CHR Extension: (Chrome Remote Desktop) - C:\Users\ebollinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-01-25]
CHR Extension: (TweetDeck by Twitter) - C:\Users\ebollinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2013-10-25]
CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\ebollinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-05-29]
CHR Extension: (LogMeIn) - C:\Users\ebollinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj [2013-03-15]
CHR Extension: (Google Wallet) - C:\Users\ebollinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\ebollinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-20]
CHR HKLM-x32\...\Chrome\Extension: [bfcnflkdmlnlalbefllfaimhjgmkonbn] - C:\123.crx [2014-01-24]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-09-05]
CHR StartMenuInternet: Google Chrome - C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [164200 2010-08-04] (Lenovo.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-07-13] (Symantec Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-01-24] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-01-24] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [210784 2011-04-23] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2078112 2011-09-28] (Microsoft Corp.)
S2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [61916000 2011-04-23] (Microsoft Corporation)
S2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe [54568288 2010-04-03] (Microsoft Corporation)
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [6237800 2010-04-30] ()
R2 OCS INVENTORY; C:\Program Files (x86)\OCS Inventory Agent\ocsservice.exe [69632 2008-10-10] (http://www.ocsinventory-ng.org)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
S2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2175328 2011-04-23] (Microsoft Corporation)
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3197256 2009-09-17] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [411976 2009-09-17] (Symantec Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [428384 2011-04-23] (Microsoft Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-09-17] (Symantec Corporation)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited)
R2 timesvc; C:\Program Files (x86)\Products\Time Services\timesvc.exe [13410760 2012-12-14] ()
R2 TriumfantAgent; C:\Program Files (x86)\Triumfant, Inc\Triumfant Agent\TriumfantAgent.exe [102400 2013-03-29] (Triumfant, Inc.)
R3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe [191024 2008-12-01] (VMware, Inc.)
S2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [444976 2010-08-24] (VMware, Inc.)
R2 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [444976 2010-08-24] (VMware, Inc.)
R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [444976 2010-08-24] (VMware, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [47152 2009-11-05] (VMware, Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
S3 KScan; C:\Windows\SysWOW64\kscan.sys [45568 2013-03-29] ()
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 Mandiant_Tools; C:\ProgramData\Application Data\Time Services\mktools.sys [25168 2013-03-22] ()
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20140212.002\eng64.sys [126040 2013-08-30] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20140212.002\ex64.sys [2099288 2013-08-30] (Symantec Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2010-11-19] ()
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWOW64\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWOW64\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2010-12-28] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2009-05-27] (Symantec Corporation)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-04] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [29808 2010-11-19] (VMware, Inc.)
R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys [32816 2008-12-01] (VMware, Inc.)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52784 2009-09-17] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-09-30] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 regi; \??\C:\Windows\system32\drivers\regi.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-13 00:13 - 2014-02-13 00:13 - 00037685 _____ () C:\Users\ebollinger\Desktop\FRST.txt
2014-02-13 00:11 - 2014-02-13 00:13 - 00000000 ____D () C:\FRST
2014-02-13 00:10 - 2014-02-13 00:10 - 02152448 _____ (Farbar) C:\Users\ebollinger\Desktop\FRST64.exe
2014-02-06 16:32 - 2014-02-06 16:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-06 16:19 - 2014-02-06 16:19 - 00001978 _____ () C:\Users\ebollinger\Desktop\CSTPOINT.EXE.lnk
2014-02-06 16:19 - 2014-02-06 16:19 - 00000000 ____D () C:\Program Files (x86)\RemotePackages
2014-02-06 16:18 - 2014-02-06 16:18 - 00000000 ____D () C:\Users\ebollinger\Downloads\CSTPOINT
2014-02-06 16:01 - 2014-02-06 16:01 - 00000000 ____D () C:\Users\ebollinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartMeeting
2014-02-05 22:23 - 2014-02-05 23:48 - 00000000 ____D () C:\Users\ebollinger\Desktop\EMMC_2_3_1
2014-02-05 15:34 - 2014-02-05 15:34 - 00491520 _____ () C:\Users\ebollinger\Downloads\Grant Process Step for TrAMS v1.1.vsd
2014-01-30 16:54 - 2014-01-30 16:54 - 02753345 _____ () C:\Users\ebollinger\Downloads\vsmartcard-2012-04-11_win32.zip
2014-01-30 12:53 - 2014-01-30 12:53 - 00143360 _____ () C:\Users\ebollinger\Downloads\image.jpeg
2014-01-28 16:01 - 2014-01-28 16:01 - 00042627 _____ () C:\Users\ebollinger\Downloads\ANUC.ps1
2014-01-27 23:15 - 2014-01-30 13:27 - 00035487 _____ () C:\Users\ebollinger\Desktop\dds.txt
2014-01-27 23:15 - 2014-01-30 13:27 - 00023357 _____ () C:\Users\ebollinger\Desktop\attach.txt
2014-01-25 10:47 - 2014-01-25 10:47 - 00688992 ____R (Swearware) C:\Users\ebollinger\Downloads\dds.com
2014-01-24 18:08 - 2014-01-24 18:08 - 00044450 _____ () C:\ComboFix.txt
2014-01-24 17:40 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-01-24 17:40 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-01-24 17:40 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-24 17:40 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-24 17:40 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-24 17:40 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-01-24 17:40 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-01-24 17:40 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-01-24 17:39 - 2014-01-24 18:08 - 00000000 ____D () C:\Qoobox
2014-01-24 17:39 - 2014-01-24 18:05 - 00000000 ____D () C:\Windows\erdnt
2014-01-24 17:37 - 2014-01-24 17:37 - 05175240 ____R (Swearware) C:\Users\ebollinger\Downloads\ComboFix.exe
2014-01-24 14:37 - 2014-01-24 14:37 - 00009281 _____ () C:\123.crx
2014-01-24 14:26 - 2014-01-24 14:26 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-24 14:25 - 2014-01-24 14:26 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-24 14:25 - 2014-01-24 14:26 - 00000000 ____D () C:\Program Files\iTunes
2014-01-24 14:25 - 2014-01-24 14:26 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-24 14:25 - 2014-01-24 14:25 - 00000000 ____D () C:\Program Files\iPod
2014-01-22 17:18 - 2014-01-22 17:18 - 00000000 ____D () C:\Program Files (x86)\Log Parser 2.2
2014-01-22 17:17 - 2014-01-22 17:18 - 01478656 _____ () C:\Users\ebollinger\Downloads\LogParser.msi
2014-01-22 17:16 - 2014-01-22 17:16 - 00000000 ____D () C:\Users\ebollinger\AppData\Roaming\LizardLabs
2014-01-22 17:14 - 2014-01-22 17:14 - 00002619 _____ () C:\Users\Public\Desktop\Log Parser Lizard.lnk
2014-01-22 17:14 - 2014-01-22 17:14 - 00000000 ____D () C:\Program Files (x86)\LizardLabs
2014-01-22 17:11 - 2014-01-22 17:13 - 23458816 _____ () C:\Users\ebollinger\Downloads\LogParserLizardSetup.msi
2014-01-21 21:48 - 2014-01-22 09:36 - 00000000 ____D () C:\Users\ebollinger\AppData\Local\LogMeIn Client
2014-01-21 15:14 - 2014-01-21 15:15 - 00000000 ____D () C:\Users\ebollinger\Documents\DMI-VPN-CONNECTION
2014-01-21 14:18 - 2014-01-21 15:13 - 00000592 _____ () C:\Users\ebollinger\Documents\DMI-VPN-CONNECTION.zip
2014-01-17 10:53 - 2014-01-16 16:57 - 00001675 _____ () C:\Users\ebollinger\Desktop\Bulk_Testing.csv
2014-01-16 13:22 - 2014-01-16 13:36 - 00000000 ____D () C:\Users\ebollinger\Documents\Fiddler2
2014-01-16 13:21 - 2014-01-16 13:21 - 00000000 ____D () C:\Program Files (x86)\Fiddler2
2014-01-15 16:26 - 2014-01-15 16:26 - 00000000 ____D () C:\Users\ebollinger\AppData\Local\Microsoft Corporation
2014-01-15 15:36 - 2014-01-15 15:36 - 00022325 ____N () C:\Users\ebollinger\Downloads\CSTPOINT.zip
2014-01-15 11:46 - 2014-01-15 12:07 - 00000000 ____D () C:\Users\ebollinger\Documents\share
2014-01-15 11:25 - 2014-01-21 21:48 - 00000000 ____D () C:\Users\ebollinger\Downloads\SQLServer2008R2CU13
2014-01-15 09:27 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 09:27 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 09:27 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 09:27 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 09:27 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 09:27 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 09:27 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 09:27 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 09:27 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 10:43 - 2014-01-14 10:43 - 00000000 ____D () C:\Program Files (x86)\Remote Desktop Connection Manager
2014-01-14 10:42 - 2014-01-14 10:42 - 00807424 _____ () C:\Users\ebollinger\Downloads\RDCMan.msi
 
==================== One Month Modified Files and Folders =======
 
2014-02-13 00:13 - 2014-02-13 00:13 - 00037685 _____ () C:\Users\ebollinger\Desktop\FRST.txt
2014-02-13 00:13 - 2014-02-13 00:11 - 00000000 ____D () C:\FRST
2014-02-13 00:10 - 2014-02-13 00:10 - 02152448 _____ (Farbar) C:\Users\ebollinger\Desktop\FRST64.exe
2014-02-12 23:52 - 2010-11-19 18:24 - 01187310 _____ () C:\Windows\WindowsUpdate.log
2014-02-12 23:50 - 2010-12-28 15:20 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-12 23:20 - 2011-01-05 12:08 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-354596566-239819288-449157275-3642UA.job
2014-02-12 23:16 - 2011-10-06 10:06 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-02-12 21:47 - 2010-12-28 15:21 - 00000000 ____D () C:\Program Files (x86)\OCS Inventory Agent
2014-02-12 16:20 - 2011-01-05 12:08 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-354596566-239819288-449157275-3642Core.job
2014-02-12 16:15 - 2011-01-05 12:08 - 00003912 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-354596566-239819288-449157275-3642UA
2014-02-12 16:15 - 2011-01-05 12:08 - 00003516 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-354596566-239819288-449157275-3642Core
2014-02-12 16:00 - 2010-11-19 18:35 - 00000332 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-02-12 01:50 - 2010-12-28 15:20 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-12 01:45 - 2010-12-28 15:20 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-12 01:45 - 2010-12-28 15:20 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-11 20:20 - 2009-07-13 23:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-11 20:20 - 2009-07-13 23:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-11 20:06 - 2011-01-05 21:51 - 00000000 ____D () C:\ProgramData\VMware
2014-02-11 20:03 - 2013-10-26 18:56 - 00011170 _____ () C:\Windows\setupact.log
2014-02-11 20:03 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-10 23:06 - 2009-07-14 00:13 - 00942754 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-09 08:51 - 2013-03-22 08:53 - 00000000 ____D () C:\ProgramData\Time Services
2014-02-08 20:15 - 2011-10-03 21:08 - 00000000 ____D () C:\Users\ebollinger\AppData\Roaming\Mozilla
2014-02-07 23:45 - 2013-02-18 21:36 - 00000000 ____D () C:\Users\ebollinger\Documents\SketchUp
2014-02-07 22:41 - 2013-04-25 10:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-07 18:31 - 2010-12-29 04:46 - 00000248 _____ () C:\Windows\system32\config\netlogon.ftl
2014-02-07 17:39 - 2014-01-08 11:46 - 00004440 _____ () C:\Users\ebollinger\Desktop\MDMinc.rdg
2014-02-07 17:39 - 2014-01-08 11:45 - 00004454 _____ () C:\Users\ebollinger\Desktop\Future.rdg
2014-02-07 17:39 - 2014-01-08 11:41 - 00004471 _____ () C:\Users\ebollinger\Desktop\MDMINCDISA STTIG.rdg
2014-02-07 17:39 - 2014-01-08 11:41 - 00002549 _____ () C:\Users\ebollinger\Desktop\MDMINCDISA New.rdg
2014-02-07 11:01 - 2011-10-03 21:08 - 00000000 ____D () C:\Users\ebollinger\AppData\Roaming\VMware
2014-02-06 16:33 - 2014-02-06 16:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-06 16:25 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-02-06 16:19 - 2014-02-06 16:19 - 00001978 _____ () C:\Users\ebollinger\Desktop\CSTPOINT.EXE.lnk
2014-02-06 16:19 - 2014-02-06 16:19 - 00000000 ____D () C:\Program Files (x86)\RemotePackages
2014-02-06 16:18 - 2014-02-06 16:18 - 00000000 ____D () C:\Users\ebollinger\Downloads\CSTPOINT
2014-02-06 16:01 - 2014-02-06 16:01 - 00000000 ____D () C:\Users\ebollinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartMeeting
2014-02-06 16:01 - 2014-01-02 13:17 - 00001145 _____ () C:\Users\ebollinger\Desktop\StartMeeting.lnk
2014-02-06 16:01 - 2014-01-02 13:17 - 00000000 ____D () C:\Users\ebollinger\.startmeeting
2014-02-05 23:48 - 2014-02-05 22:23 - 00000000 ____D () C:\Users\ebollinger\Desktop\EMMC_2_3_1
2014-02-05 15:34 - 2014-02-05 15:34 - 00491520 _____ () C:\Users\ebollinger\Downloads\Grant Process Step for TrAMS v1.1.vsd
2014-02-05 15:17 - 2012-02-03 17:21 - 00002404 _____ () C:\Users\ebollinger\Desktop\Google Chrome.lnk
2014-01-31 08:57 - 2009-07-14 00:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-30 16:54 - 2014-01-30 16:54 - 02753345 _____ () C:\Users\ebollinger\Downloads\vsmartcard-2012-04-11_win32.zip
2014-01-30 13:28 - 2011-07-25 22:08 - 00000000 ____D () C:\misc
2014-01-30 13:27 - 2014-01-27 23:15 - 00035487 _____ () C:\Users\ebollinger\Desktop\dds.txt
2014-01-30 13:27 - 2014-01-27 23:15 - 00023357 _____ () C:\Users\ebollinger\Desktop\attach.txt
2014-01-30 12:53 - 2014-01-30 12:53 - 00143360 _____ () C:\Users\ebollinger\Downloads\image.jpeg
2014-01-29 12:57 - 2011-10-14 12:02 - 00001379 _____ () C:\Users\ebollinger\Desktop\GoToMeeting.lnk
2014-01-28 16:38 - 2013-12-31 13:05 - 00000000 ____D () C:\Shorties
2014-01-28 16:01 - 2014-01-28 16:01 - 00042627 _____ () C:\Users\ebollinger\Downloads\ANUC.ps1
2014-01-25 10:47 - 2014-01-25 10:47 - 00688992 ____R (Swearware) C:\Users\ebollinger\Downloads\dds.com
2014-01-24 18:08 - 2014-01-24 18:08 - 00044450 _____ () C:\ComboFix.txt
2014-01-24 18:08 - 2014-01-24 17:39 - 00000000 ____D () C:\Qoobox
2014-01-24 18:08 - 2013-01-25 13:51 - 00000000 ____D () C:\Users\jinqui
2014-01-24 18:08 - 2011-10-21 08:21 - 00000000 ____D () C:\Users\ebollinger\AppData\Local\Apps\2.0
2014-01-24 18:05 - 2014-01-24 17:39 - 00000000 ____D () C:\Windows\erdnt
2014-01-24 17:57 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-01-24 17:54 - 2013-10-26 22:41 - 00011564 _____ () C:\Windows\PFRO.log
2014-01-24 17:53 - 2009-07-13 21:34 - 25952256 _____ () C:\Windows\system32\config\system.bak
2014-01-24 17:53 - 2009-07-13 21:34 - 127401984 _____ () C:\Windows\system32\config\software.bak
2014-01-24 17:53 - 2009-07-13 21:34 - 01835008 _____ () C:\Windows\system32\config\default.bak
2014-01-24 17:53 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-01-24 17:53 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-01-24 17:52 - 2011-10-03 15:55 - 00000000 ____D () C:\Users\ebollinger
2014-01-24 17:37 - 2014-01-24 17:37 - 05175240 ____R (Swearware) C:\Users\ebollinger\Downloads\ComboFix.exe
2014-01-24 14:37 - 2014-01-24 14:37 - 00009281 _____ () C:\123.crx
2014-01-24 14:26 - 2014-01-24 14:26 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-24 14:26 - 2014-01-24 14:25 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-24 14:26 - 2014-01-24 14:25 - 00000000 ____D () C:\Program Files\iTunes
2014-01-24 14:26 - 2014-01-24 14:25 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-24 14:25 - 2014-01-24 14:25 - 00000000 ____D () C:\Program Files\iPod
2014-01-24 14:21 - 2011-12-24 16:05 - 00000000 ____D () C:\ProgramData\Apple
2014-01-24 11:35 - 2011-10-06 10:06 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-01-24 11:35 - 2011-10-06 10:06 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-01-24 11:35 - 2011-10-06 10:06 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-01-24 11:35 - 2011-10-06 10:06 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-01-23 09:49 - 2012-07-10 08:21 - 00000000 ____D () C:\Windows\Offline Address Books
2014-01-22 17:18 - 2014-01-22 17:18 - 00000000 ____D () C:\Program Files (x86)\Log Parser 2.2
2014-01-22 17:18 - 2014-01-22 17:17 - 01478656 _____ () C:\Users\ebollinger\Downloads\LogParser.msi
2014-01-22 17:16 - 2014-01-22 17:16 - 00000000 ____D () C:\Users\ebollinger\AppData\Roaming\LizardLabs
2014-01-22 17:15 - 2011-10-04 13:01 - 00000000 ____D () C:\Users\ebollinger\AppData\Local\Google
2014-01-22 17:14 - 2014-01-22 17:14 - 00002619 _____ () C:\Users\Public\Desktop\Log Parser Lizard.lnk
2014-01-22 17:14 - 2014-01-22 17:14 - 00000000 ____D () C:\Program Files (x86)\LizardLabs
2014-01-22 17:13 - 2014-01-22 17:11 - 23458816 _____ () C:\Users\ebollinger\Downloads\LogParserLizardSetup.msi
2014-01-22 14:01 - 2011-10-03 21:13 - 00002004 ____H () C:\Users\ebollinger\Documents\Default.rdp
2014-01-22 10:36 - 2011-10-04 13:01 - 00003930 __RSH () C:\Users\ebollinger\ntuser.pol
2014-01-22 09:36 - 2014-01-21 21:48 - 00000000 ____D () C:\Users\ebollinger\AppData\Local\LogMeIn Client
2014-01-21 21:48 - 2014-01-15 11:25 - 00000000 ____D () C:\Users\ebollinger\Downloads\SQLServer2008R2CU13
2014-01-21 15:15 - 2014-01-21 15:14 - 00000000 ____D () C:\Users\ebollinger\Documents\DMI-VPN-CONNECTION
2014-01-21 15:13 - 2014-01-21 14:18 - 00000592 _____ () C:\Users\ebollinger\Documents\DMI-VPN-CONNECTION.zip
2014-01-19 15:14 - 2012-07-04 14:08 - 00000000 ____D () C:\Users\ebollinger\AppData\Roaming\vlc
2014-01-19 11:00 - 2010-11-19 18:35 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-01-16 17:04 - 2014-01-06 15:59 - 00000930 _____ () C:\Users\Public\Desktop\TrueCrypt.lnk
2014-01-16 17:04 - 2013-12-28 12:02 - 00000891 _____ () C:\Users\ebollinger\Desktop\HTTrack Website Copier.lnk
2014-01-16 16:57 - 2014-01-17 10:53 - 00001675 _____ () C:\Users\ebollinger\Desktop\Bulk_Testing.csv
2014-01-16 13:36 - 2014-01-16 13:22 - 00000000 ____D () C:\Users\ebollinger\Documents\Fiddler2
2014-01-16 13:21 - 2014-01-16 13:21 - 00000000 ____D () C:\Program Files (x86)\Fiddler2
2014-01-16 08:56 - 2009-07-13 23:45 - 00434592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 19:12 - 2013-07-29 08:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 19:09 - 2011-03-05 15:11 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 16:26 - 2014-01-15 16:26 - 00000000 ____D () C:\Users\ebollinger\AppData\Local\Microsoft Corporation
2014-01-15 16:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-15 15:36 - 2014-01-15 15:36 - 00022325 ____N () C:\Users\ebollinger\Downloads\CSTPOINT.zip
2014-01-15 12:07 - 2014-01-15 11:46 - 00000000 ____D () C:\Users\ebollinger\Documents\share
2014-01-14 10:43 - 2014-01-14 10:43 - 00000000 ____D () C:\Program Files (x86)\Remote Desktop Connection Manager
2014-01-14 10:42 - 2014-01-14 10:42 - 00807424 _____ () C:\Users\ebollinger\Downloads\RDCMan.msi
 
Some content of TEMP:
====================
C:\Users\ebollinger\AppData\Local\Temp\G2MInstallerExtractor.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-08 15:10
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2014 01
Ran by ebollinger at 2014-02-13 00:14:18
Running from C:\Users\ebollinger\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Symantec Endpoint Protection (Enabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection (Enabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
 
==================== Installed Programs ======================
 
64 Bit HP CIO Components Installer (Version: 2.2.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Access Help (x32 Version: 3.01 - Lenovo)
Adobe Acrobat XI Standard (x32 Version: 11.0.05 - Adobe Systems)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8 - Adobe Systems Incorporated)
Analytics for Twitter (x32 Version: 1.3.0 - Microsoft)
Android SDK Tools (x32 Version: 1.14 - Google Inc.)
Any Video Converter 3.2.5 (x32 Version:  - Any-Video-Converter.com)
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Balsamiq Mockups For Desktop (x32 Version: 2.1.14 - Balsamiq, SRL)
Balsamiq Mockups For Desktop (x32 Version: 2.1.14 - Balsamiq, SRL) Hidden
Belarc Advisor 8.2 (x32 Version: 8.2.7.18 - Belarc Inc.)
BIG-IP Edge Client Components (All Users) (x32 Version: 70.2010.1020.1507 - F5 Networks, Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BroadWorks Assistant - Enterprise 18 (18.0.91.1) MB6 (x32 Version: 18.0.91.1 - BroadSoft)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Canon MP600 (Version:  - )
CCleaner (Version: 4.01 - Piriform)
Cisco AnyConnect VPN Client (x32 Version: 2.5.3055 - Cisco Systems, Inc.)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.7 - Cisco Systems, Inc.)
Cisco WebEx Meetings (x32 Version:  - Cisco WebEx LLC)
Client Security - Password Manager (Version: 8.30.0023.00 - Lenovo Group Limited)
Conexant 20585 SmartAudio HD (Version: 4.95.43.52 - Conexant)
ConvertXtoDVD 4.1.19.365 (x32 Version: 4.1.19.365 - )
Corel Burn.Now Lenovo Edition (x32 Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (x32 Version: 7.0.0 - Corel Corporation)
Create Recovery Media (x32 Version: 1.20.0.00 - Lenovo Group Limited)
CSTPOINT.EXE (x32 Version: 0.1 - !nfernandez)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (x32 Version:  - NCH Software)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows Vista/7 (Version: 1.00 - )
Fiddler (x32 Version: 2.4.5.9 - Telerik)
FileZilla Client 3.5.3 (x32 Version: 3.5.3 - FileZilla Project)
GDR 1617 for SQL Server 2008 R2 (KB2494088) (64-bit) (Version: 10.50.1617.0 - Microsoft Corporation)
GIMP 2.6.11 (x32 Version: 2.6.11 - The GIMP Team)
Git version 1.8.4-preview20130916 (x32 Version: 1.8.4-preview20130916 - The Git Development Community)
GitHub (HKCU Version: 1.1.0.0 - GitHub, Inc.)
Google Chrome (HKCU Version: 32.0.1700.107 - Google Inc.)
Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)
Google Talk Plugin (x32 Version: 2.3.2.0 - Google)
Google Talk Plugin (x32 Version: 5.1.4.17398 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKCU Version: 6.0.0.1259 - CitrixOnline)
HTC BMP USB Driver (x32 Version: 1.0.5375 - HTC)
HTC Driver Installer (x32 Version: 3.0.0.021 - HTC Corporation)
Integrated Camera Driver Installer Package Ver.1.1.0.48 (x32 Version: 1.1.0.48 - RICOH)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 13.02.0000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (Version: 1.0.186.3 - Intel)
InterVideo WinDVD 8 (x32 Version: 8.0.20.199 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.199 - InterVideo Inc.) Hidden
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 9 (x32 Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java™ SE Development Kit 6 Update 27 (64-bit) (Version: 1.6.0.270 - Oracle)
JavaFX 2.1.1 (x32 Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (Version: 1.00 - )
Lenovo System Interface Driver (Version: 1.02 - )
Lenovo ThinkVantage Toolbox (Version: 6.0.5514.61 - PC-Doctor, Inc.)
Lenovo Warranty Information (x32 Version: 1.0.0004.00 - Lenovo)
Lenovo Welcome (x32 Version: 2.02.003.0 - Lenovo)
LiveUpdate 3.3 (Symantec Corporation) (x32 Version: 3.3.0.92 - Symantec Corporation)
Log Parser 2.2 (x32 Version: 2.2.10 - Microsoft Corporation)
Log Parser Lizard (x32 Version: 1.0.0 - LizardLabs)
Logitech MouseWare 9.29 .3 (x32 Version:  - )
LogMeIn (x32 Version: 4.1.1890 - LogMeIn, Inc.)
MANDIANT Intelligent Response Agent (x32 Version: 2.3.2400 - MANDIANT)
Message Center Plus (x32 Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Download Manager (x32 Version: 1.2.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.0.162.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.0.162.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (x32 Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Meeting 2007 (x32 Version: 8.0.6362.202 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Project MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Project Professional 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Online Services Sign-in Assistant (Version: 7.250.4287.0 - Microsoft Corporation)
Microsoft Project Professional 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971119) (x32 Version: 9.0.30731 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2008 SP1 (x32 Version:  - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Native Client (Version: 10.50.1617.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (x32 Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.50.1617.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (x32 Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server PowerPivot for Excel (32-bit) (x32 Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 (x64) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 (x64) (Version: 2.0.1215.0 - Microsoft Corporation)
Microsoft Visio Professional 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2.0 - ENU (x32 Version: 9.0.35191 - Microsoft Corporation)
Mobile Broadband (x32 Version: 3.6.0034 - Lenovo)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0 (x86 en-US) (x32 Version: 27.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0 - Mozilla)
Mozilla Thunderbird 11.0.1 (x86 en-US) (x32 Version: 11.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Neuratron AudioScore Ultimate Demo (x32 Version: 7.0.0 - Neuratron Ltd)
Notepad++ (x32 Version: 6.5 - Notepad++ Team)
NVIDIA Control Panel 268.24 (Version: 268.24 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 268.24 (Version: 268.24 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.23.3 (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.41.0 - NVIDIA Corporation) Hidden
NVIDIA Performance Drivers (Version: 2.2.5.0 - NVIDIA Corporation)
OCS Inventory Agent 4.0.5.0 (x32 Version: 4.0.5.0 - OCS Inventory NG Team)
On Screen Display (Version: 6.10.01 - )
Opera 12.16 (x32 Version: 12.16.1860 - Opera Software ASA)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
PowerISO (x32 Version: 5.2 - Power Software Ltd)
Python 2.6 matplotlib-1.3.0 (64-bit) (Version:  - )
Python 2.6 numpy-1.7.1 (64-bit) (Version:  - )
Python 2.6.6 (64-bit) (Version: 2.6.6150 - Python Software Foundation)
Python 2.7 GDAL-1.9.2 (64-bit) (Version:  - )
Quantum GIS Lisboa 1.8.0 Lisboa (x32 Version: 1.8.0-r${SVN_REVISION}-2 - QGIS Development Team)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
R for Windows 2.15.3 (Version: 2.15.3 - R Core Team)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00 - )
Remote Desktop Connection Manager (x32 Version: 2.2.0423 - Microsoft Corporation)
Rescue and Recovery (x32 Version: 4.30.0025.00 - Lenovo Group Limited)
RICOH R5U230 Media Driver ver.2.06.02.02 (x32 Version: 2.06.02.02 - RICOH)
RStudio (x32 Version: 0.97.336 - RStudio)
Rtools 3.0 (x32 Version:  - The R Foundation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SES Driver (Version: 1.0.0 - Western Digital)
SketchUp 8 (x32 Version: 3.0.16846 - Trimble Navigation Limited)
Skype Click to Call (x32 Version: 5.8.8855 - Skype Technologies S.A.)
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
SQL Server 2008 R2 Analysis Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 BI Development Studio (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Client Tools (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Integration Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Management Studio (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Reporting Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
StartMeeting (HKCU Version: 1.3.3178.1001 - Start Meeting LLC)
Symantec Endpoint Protection (Version: 11.0.5002.333 - Symantec Corporation)
System Update (x32 Version: 4.00.0030 - Lenovo)
Tether (x32 Version: 1.0.2 - ClockworkMod)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.2.1.100 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (Version: 2.15 - )
ThinkPad Modem Adapter (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Management Driver (Version: 1.60.0.4 - )
ThinkPad Power Manager (x32 Version: 3.28 - )
ThinkPad UltraNav Driver (Version: 15.0.18.0 - )
ThinkPad UltraNav Utility (x32 Version: 2.13.0 - Lenovo)
ThinkVantage Active Protection System (Version: 1.72 - Lenovo)
ThinkVantage Communications Utility (Version: 1.42 - Lenovo)
ThinkVantage Fingerprint Software (Version: 5.9.3.6264 - UPEK Inc.)
Triumfant Agent (x32 Version: 4.3.4160.779 - Triumfant, Inc.)
TrueCrypt (x32 Version: 7.1a - TrueCrypt Foundation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vim 7.3 (self-installing) (Version:  - )
VirtualCloneDrive (x32 Version:  - Elaborate Bytes)
Visio Add-In for WBS Modeler (Version: 2.0.1003 - TCSL)
VLC media player 2.0.2 (x32 Version: 2.0.2 - VideoLAN)
VMware Player (x32 Version: 2.5.5.15075 - VMware, Inc.)
VMware Remote Console Plug-in (x32 Version: 2.5.0.122581 - VMware, Inc.)
VMware vCenter Converter Standalone (x32 Version: 4.3.0.292238 - VMware, Inc.)
Vz In-Home Agent (x32 Version: 9.0.55.0 - Verizon)
WinDirStat 1.1.2 (HKCU Version:  - )
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Intel (e1kexpress) Net  (06/22/2010 11.5.10.1012) (Version: 06/22/2010 11.5.10.1012 - Intel)
Windows Driver Package - Intel (HECIx64) System  (09/17/2009 6.0.0.1179) (Version: 09/17/2009 6.0.0.1179 - Intel)
Windows Driver Package - Intel System  (06/04/2009 1.0.0.0002) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Intel System  (10/28/2009 9.1.1.1022) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel USB  (08/20/2009 9.1.1.1020) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07) (Version: 10/26/2009 6.10.02.07 - Ricoh Company)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/22/2010 15.0.18.0) (Version: 04/22/2010 15.0.18.0 - Synaptics)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0) (Version: 03/06/2009 1.0.0008.0 - Western Digital Technologies)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinHTTrack Website Copier 3.47-27 (x64) (Version: 3.47.27 - HTTrack)
Yahoo! Messenger (x32 Version:  - Yahoo! Inc.)
 
==================== Restore Points  =========================
 
06-02-2014 21:18:24 Installed CSTPOINT.EXE
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2014-02-02 12:32 - 00000078 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
10.0.4.160 di-st-emmc-cr
10.0.4.160:34809 stigca
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0A84BAC7-4227-41A5-AC25-A50FA535A111} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {0B545D11-BC67-4BB0-8DCC-D239A187B19C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {1216F7C6-C34B-47ED-A636-B5674B698D55} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {17FAFBF7-32B5-4E95-A176-37B602A6623F} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2010-05-07] (PC-Doctor, Inc.)
Task: {2C0E78A5-4E2E-4829-8947-845EAA50285F} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-08-04] (Lenovo Group Limited)
Task: {30A25058-9F63-4440-A3D0-D13D4662B3EE} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {405CE8E8-0742-463A-B9B0-4B1EA8BE87F4} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdrcui.exe [2010-06-08] (PC-Doctor, Inc.)
Task: {5F1A35CF-3519-4AFB-94D3-2C370E71E550} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2010-05-07] ()
Task: {66BF8A80-2685-4203-9631-4F15A0C53EB7} - System32\Tasks\MAIN_USB_BKP => C:\MyTasks\main_usb_bkp_job.bat [2011-07-05] ()
Task: {66CDE16B-F9A0-4ACB-8B3E-B6C1DE3C78A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28] (Google Inc.)
Task: {946DD3FB-140D-4EC2-AC51-0AC798B1B637} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-354596566-239819288-449157275-3642UA => C:\Users\ebollinger\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-24] (Google Inc.)
Task: {A2FAC7F9-53C7-49DA-8364-747CBA37E06C} - System32\Tasks\{22FF58C4-143F-49C4-990F-9F51FF8272D9} => Iexplore.exe http://ui.skype.com/ui/0/4.2.0.155.375/en/go/help.faq.installer?LastError=1603
Task: {B1195245-11E6-48E3-86A2-54EDCEAAC6CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28] (Google Inc.)
Task: {C4AD7322-ABCF-4DA3-956E-F417C4AD60E3} - System32\Tasks\LaunchCSS => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2009-08-26] (Lenovo Group Limited)
Task: {C5435892-0D38-485E-8913-21035C1F187A} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {CF60801A-1844-4312-B184-5A147A6AA89C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-354596566-239819288-449157275-3642Core => C:\Users\ebollinger\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-24] (Google Inc.)
Task: {E56D6D88-71F1-46AE-95CA-B3D9B125689D} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {FD470774-A320-43B7-A22B-AEA256855E36} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {FE1D0DF8-6101-436D-8329-2E6F77FDCB14} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-354596566-239819288-449157275-3642Core.job => C:\Users\ebollinger\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-354596566-239819288-449157275-3642UA.job => C:\Users\ebollinger\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdrcui.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-11-19 18:11 - 2010-08-04 13:28 - 00038912 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2009-05-28 01:09 - 2009-05-28 01:09 - 00049976 ____N () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-23 12:26 - 2010-03-23 12:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2011-09-15 11:06 - 2011-09-15 11:06 - 00088576 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-03-29 10:16 - 2013-03-29 10:16 - 00349696 _____ () C:\Program Files (x86)\Triumfant, Inc\Triumfant Agent\sqlite3.DLL
2010-08-24 07:37 - 2010-08-24 07:37 - 00428592 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\sqlite3.dll
2010-08-24 07:38 - 2010-08-24 07:38 - 01235504 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\libxml2.dll
2010-08-24 07:39 - 2010-08-24 07:39 - 00084528 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\mspack.dll
2010-11-19 23:11 - 2010-11-19 23:11 - 00970352 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2010-11-19 23:11 - 2010-11-19 23:11 - 00068720 _____ () C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
2009-08-28 17:15 - 2009-08-28 17:15 - 00241664 ____N () C:\Program Files (x86)\Lenovo\Rescue and Recovery\CDRecord.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2009-08-28 17:27 - 2009-08-28 17:27 - 00247096 ____N () C:\Program Files (x86)\Common Files\Lenovo\CDRecord.dll
2013-09-05 09:04 - 2013-09-05 09:04 - 03990248 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-01-08 08:41 - 2012-01-08 08:41 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-05 15:17 - 2014-02-01 18:41 - 00715592 _____ () C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-05 15:17 - 2014-02-01 18:41 - 00100168 _____ () C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-05 15:17 - 2014-02-01 18:42 - 04055368 _____ () C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-05 15:17 - 2014-02-01 18:42 - 00399688 _____ () C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-05 15:17 - 2014-02-01 18:41 - 01634632 _____ () C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2014-02-05 15:17 - 2014-02-01 18:42 - 13616456 _____ () C:\Users\ebollinger\AppData\Local\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^ebollinger^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^ebollinger^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^ebollinger^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^eric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Boxoft Tools => "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\ebollinger\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoToMeeting => "C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe" "/Trigger RunAtLogon"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: openvpn-gui => C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: VMware hqtray => "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/12/2014 09:47:23 PM) (Source: OCS INVENTORY SERVICE) (User: )
Description: ERROR: OCS Inventory NG Agent encounter an error, exit code is 4.
 
Error: (02/12/2014 09:47:00 PM) (Source: OCS INVENTORY SERVICE) (User: )
Description: ERROR: OCS Inventory NG Agent encounter an error, exit code is 4.
 
Error: (02/12/2014 06:40:43 PM) (Source: OCS INVENTORY SERVICE) (User: )
Description: ERROR: OCS Inventory NG Agent encounter an error, exit code is 4.
 
Error: (02/12/2014 06:40:20 PM) (Source: OCS INVENTORY SERVICE) (User: )
Description: ERROR: OCS Inventory NG Agent encounter an error, exit code is 4.
 
Error: (02/12/2014 03:57:26 AM) (Source: OCS INVENTORY SERVICE) (User: )
Description: ERROR: OCS Inventory NG Agent encounter an error, exit code is 4.
 
Error: (02/12/2014 00:57:30 AM) (Source: OCS INVENTORY SERVICE) (User: )
Description: ERROR: OCS Inventory NG Agent encounter an error, exit code is 4.
 
Error: (02/11/2014 09:33:59 PM) (Source: OCS INVENTORY SERVICE) (User: )
Description: ERROR: OCS Inventory NG Agent encounter an error, exit code is 4.
 
Error: (02/11/2014 09:05:06 PM) (Source: OCS INVENTORY SERVICE) (User: )
Description: ERROR: OCS Inventory NG Agent encounter an error, exit code is 4.
 
Error: (02/11/2014 08:48:08 PM) (Source: OCS INVENTORY SERVICE) (User: )
Description: ERROR: OCS Inventory NG Agent encounter an error, exit code is 4.
 
Error: (02/11/2014 08:22:36 PM) (Source: OCS INVENTORY SERVICE) (User: )
Description: ERROR: OCS Inventory NG Agent encounter an error, exit code is 4.
 
 
System errors:
=============
Error: (02/12/2014 10:40:29 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain DMI due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (02/12/2014 08:33:32 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (02/12/2014 08:20:42 PM) (Source: TermService) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.
 
Error: (02/12/2014 08:05:44 PM) (Source: Microsoft-Windows-GroupPolicy) (User: DMI)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (02/12/2014 06:08:59 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain DMI due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (02/12/2014 01:09:00 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain DMI due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (02/12/2014 09:08:53 AM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain DMI due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (02/12/2014 08:16:47 AM) (Source: TermService) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.
 
Error: (02/12/2014 04:09:00 AM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain DMI due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (02/12/2014 00:09:00 AM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain DMI due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
 
Microsoft Office Sessions:
=========================
Error: (02/12/2014 09:47:23 PM) (Source: OCS INVENTORY SERVICE)(User: )
Description: OCS Inventory NG Agent encounter an error, exit code is 4
 
Error: (02/12/2014 09:47:00 PM) (Source: OCS INVENTORY SERVICE)(User: )
Description: OCS Inventory NG Agent encounter an error, exit code is 4
 
Error: (02/12/2014 06:40:43 PM) (Source: OCS INVENTORY SERVICE)(User: )
Description: OCS Inventory NG Agent encounter an error, exit code is 4
 
Error: (02/12/2014 06:40:20 PM) (Source: OCS INVENTORY SERVICE)(User: )
Description: OCS Inventory NG Agent encounter an error, exit code is 4
 
Error: (02/12/2014 03:57:26 AM) (Source: OCS INVENTORY SERVICE)(User: )
Description: OCS Inventory NG Agent encounter an error, exit code is 4
 
Error: (02/12/2014 00:57:30 AM) (Source: OCS INVENTORY SERVICE)(User: )
Description: OCS Inventory NG Agent encounter an error, exit code is 4
 
Error: (02/11/2014 09:33:59 PM) (Source: OCS INVENTORY SERVICE)(User: )
Description: OCS Inventory NG Agent encounter an error, exit code is 4
 
Error: (02/11/2014 09:05:06 PM) (Source: OCS INVENTORY SERVICE)(User: )
Description: OCS Inventory NG Agent encounter an error, exit code is 4
 
Error: (02/11/2014 08:48:08 PM) (Source: OCS INVENTORY SERVICE)(User: )
Description: OCS Inventory NG Agent encounter an error, exit code is 4
 
Error: (02/11/2014 08:22:36 PM) (Source: OCS INVENTORY SERVICE)(User: )
Description: OCS Inventory NG Agent encounter an error, exit code is 4
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-01-24 17:52:00.366
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-01-24 17:52:00.132
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-02-03 17:16:16.597
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-02-03 17:16:16.556
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-02-03 17:16:16.514
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-02-03 17:16:16.474
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-02-03 17:15:30.319
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-02-03 17:15:30.279
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-02-03 17:15:30.238
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-02-03 17:15:30.198
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 26%
Total physical RAM: 16315.52 MB
Available physical RAM: 11949.03 MB
Total Pagefile: 32629.22 MB
Available Pagefile: 28053.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:287.15 GB) (Free:86.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.48 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 078D8330)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:18 PM

Posted 13 February 2014 - 09:50 AM

Hi Eric,

Nice to have you aboard. Let's get started with this.

Do your recoginze this at all?

10.0.4.160 di-st-emmc-cr
10.0.4.160:34809 stigca


Please do these things for me.

===================================================

Removing Chrome Extension/Plugin

--------------------
  • Lauch Chrome web browser
  • Type chrome:settings and press Enter
  • Delete the following (if present):

Extension: bfcnflkdmlnlalbefllfaimhjgmkonbn

  • Close Chrome, relaunch it and check the performance
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
2014-01-24 14:37 - 2014-01-24 14:37 - 00009281 _____ () C:\123.crx
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Reboot your computer and check for the Command window notification
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Were you able to delete the Chrome Extension?
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 ewillyb

ewillyb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 14 February 2014 - 12:13 AM

Chrome extension did not exist.

I DO recognize those hosts file entries. They are legit.

Computer is about the same. Hard to tell.

 

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01
Ran by ebollinger at 2014-02-13 23:56:05 Run:1
Running from C:\Users\ebollinger\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
2014-01-24 14:37 - 2014-01-24 14:37 - 00009281 _____ () C:\123.crx
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\PROTOCOLS\Handler\belarc => Key deleted successfully.
HKCR\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} => Key not found.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
C:\123.crx => Moved successfully.
 
==== End of Fixlog ====


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:18 PM

Posted 14 February 2014 - 09:53 AM

Hi Eric,
 

Computer is about the same. Hard to tell.

Your original concern was the appearance of zzz.bat.  Are you still experiencing that and/or other issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:18 PM

Posted 17 February 2014 - 04:05 PM

Greetings Eric,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 ewillyb

ewillyb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 17 February 2014 - 05:07 PM

I guess you can close it.

 

Do you know if zzz.bat was related to a trojan or something else to be concerned about in the first place?

 

Many thanks!



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:18 PM

Posted 17 February 2014 - 11:59 PM

If you still have any concerns I would be more than happy to continue on.

Without more information regarding zzz.bat it is impossible to know what it was. It could be good or bad. You have identified a bad version of the file in your research but it could also be a good file which is intended to block certain thing in web browsers.

Please let me know if you have any other concerns.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 ewillyb

ewillyb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 18 February 2014 - 12:51 PM

Close it out.

Thanks so much for your assistance.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:18 PM

Posted 18 February 2014 - 01:11 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users