Jump to content

jng

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

Reputation

0 Neutral
  1. jng
    Thanks for all the help Borislav, much appreciated. Hopefully this assists some other people too, as it is just a misbehaving program!
  2. jng
    Hi Borislav, I live in Sydney and it usually pops up sometime between 7 - 10pm local time. It is currently 11pm Sunday, and since uninstalling on Friday night, I still have not experienced any popups. As I mentioned earlier, I had been getting the problem daily on a consistent basis, so it is becoming more convincing that the "Messenger Plus for Skype" from Yuna Software is the offending program. I have had that program for a while with no problems, so it does seem a bit unusual for it to pop up recently. I also still have the first version of the program which is for the now defunct Windows Live Messenger but it doesn't appear to cause me any problems. And sorry I didn't answer your post earlier, the browser being affected was google chrome. Thanks! Cheers
  3. jng
    A post by user Bernie56 was deleted: It said... Hello all A friend pointed out the following: http://www.malekal.com/2013/09/03/popup-de-publicites-popcash-et-yuna-software-messenger-plus/ which states that the problem stems from Messenger Plus from Yuna Software. Accordingly, I uninstalled that software and I am monitoring the internet traffic on my machine with Fiddler Web Debugger (http://fiddler2.com/). Although it is a bit early to tell, it seems that the problem was resolved. I will need to wait another 24 hours to be sure. Note that the uninstall of Messenger Plus crashed when it removed the program. I will need to clean it up. Thanks --------------------- Following this, I uninstalled this program last night and 24 hours later, I have still had no popups, which had been appearing daily for over a week at a similar time each day. If in another 24 hours I have still not experienced any popups, I would believe that this is the offending program.
  4. jng
    Just a heads up, I just got a pop-up again from the site. Seems to happen about once a day, thanks!
  5. jng
    OTL Fix Log All processes killed ========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\Jason Ng\Downloads\cmd.bat deleted successfully.C:\Users\Jason Ng\Downloads\cmd.txt deleted successfully.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 57472 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: Default.migrated User: Jason Ng->Temp folder emptied: 352793062 bytes->Temporary Internet Files folder emptied: 168925119 bytes->Java cache emptied: 2148874 bytes->Google Chrome cache emptied: 394523167 bytes->Flash cache emptied: 185087 bytes User: Public %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 1517002 bytes%systemroot%\System32 .tmp files removed: 11065344 bytes%systemroot%\System32 (64bit) .tmp files removed: 17014232 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 93526326 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytesRecycleBin emptied: 10627740468 bytes Total Files Cleaned = 11,129.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 09052013_182426 Files\Folders moved on Reboot...C:\Users\Jason Ng\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.C:\WINDOWS\temp\chrome_installer.log moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Junkware Removal Tool Log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.5.7 (09.01.2013:1)OS: Windows 8 Pro with Media Center x64Ran by Jason Ng on Thu 05/09/2013 at 18:41:38.04~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Thu 05/09/2013 at 18:54:14.39End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner Log # AdwCleaner v3.002 - Report created 05/09/2013 at 19:00:43# Updated 01/09/2013 by Xplode# Operating System : Windows 8 Pro with Media Center (64 bits)# Username : Jason Ng - JASON-X220# Running from : C:\Users\Jason Ng\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Google Chrome v29.0.1547.62 [ File : C:\Users\Jason Ng\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R1].txt - [846 octets] - [05/09/2013 18:59:26]AdwCleaner[s1].txt - [770 octets] - [05/09/2013 19:00:43] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [829 octets] ########## Thanks!
  6. jng
    Hi Borislav, Thank you heaps for your help, I hope we can solve this together. Seems quite a few other people have found this issue but I haven't found a solution to this problem anywhere. I ran the OTL Quick Scan and ticked Scan All Users, but I only got an OTL.txt, not an Extras.txt. The log is pasted as follows: OTL logfile created on: 4/09/2013 5:05:33 PM - Run 3OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jason Ng\Downloads64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16660)Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 3.89 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 66.61% Memory free6.51 Gb Paging File | 5.16 Gb Available in Paging File | 79.23% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)Drive C: | 452.58 Gb Total Space | 232.97 Gb Free Space | 51.48% Space Free | Partition Type: NTFSDrive Q: | 11.72 Gb Total Space | 3.06 Gb Free Space | 26.13% Space Free | Partition Type: NTFS Computer Name: JASON-X220 | User Name: Jason Ng | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/09/04 16:32:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jason Ng\Downloads\OTL.exePRC - [2013/06/29 10:49:28 | 000,068,608 | ---- | M] (IvoSoft) -- C:\Program Files\Classic Shell\ClassicShellService.exePRC - [2013/05/11 20:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013/02/27 15:13:05 | 000,125,952 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exePRC - [2012/12/26 05:38:00 | 000,476,816 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMUIAux.EXEPRC - [2012/12/26 05:38:00 | 000,129,168 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXEPRC - [2012/11/15 18:07:26 | 000,575,040 | ---- | M] (Lenovo Corporation) -- C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exePRC - [2012/11/15 18:07:18 | 000,661,056 | ---- | M] (Lenovo Corporation) -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exePRC - [2012/11/15 18:07:06 | 000,496,192 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exePRC - [2012/11/15 18:07:00 | 000,572,992 | ---- | M] (Lenovo Corporation) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exePRC - [2012/11/15 18:06:32 | 000,501,312 | ---- | M] (Lenovo Corporation) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exePRC - [2012/11/13 10:25:34 | 002,646,592 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exePRC - [2012/10/26 15:44:32 | 000,458,304 | ---- | M] () -- C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exePRC - [2012/10/26 15:44:12 | 000,013,888 | ---- | M] () -- C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exePRC - [2012/04/19 00:15:38 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exePRC - [2011/11/10 09:00:10 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2011/11/04 14:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exePRC - [2011/09/02 13:27:08 | 000,446,800 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exePRC - [2011/09/01 14:23:44 | 000,447,104 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exePRC - [2011/08/11 06:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exePRC - [2011/07/12 18:17:06 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exePRC - [2011/07/12 17:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exePRC - [2011/07/12 17:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exePRC - [2011/05/26 08:21:32 | 000,281,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exePRC - [2011/02/24 18:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exePRC - [2009/08/29 16:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Jason Ng\Local Settings\Apps\F.lux\flux.exePRC - [2009/05/28 16:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe ========== Modules (No Company Name) ========== MOD - [2013/08/17 20:35:41 | 006,998,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\acf905c62ab9c1b77ca69e8b745e3fdb\System.Core.ni.dllMOD - [2013/08/17 20:35:27 | 009,937,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\375a937eec7d6faa53ac11ab2973eb76\System.ni.dllMOD - [2013/08/15 19:53:55 | 000,158,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PWMUIAux\10f2c930c8adef282fc7f100539c51bf\PWMUIAux.ni.exeMOD - [2013/08/14 17:15:50 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6b49661877ca78101ebc697b9a6a95fd\System.Windows.Forms.ni.dllMOD - [2013/08/14 17:15:29 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e4447d26cd9083018bd28ddd60a0248\System.Drawing.ni.dllMOD - [2013/08/14 17:15:12 | 014,344,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5ee445d76a53f7f0ece31685fb193b90\PresentationFramework.ni.dllMOD - [2013/08/14 17:14:31 | 012,240,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\e160ec0c386568c802eff15bf297996b\PresentationCore.ni.dllMOD - [2013/08/14 17:13:57 | 003,350,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\56543ab218fc1a48a39941558fe7d736\WindowsBase.ni.dllMOD - [2013/08/14 17:13:45 | 007,988,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\1b46657236c1f942f9dbaf6aac73bb49\System.ni.dllMOD - [2013/07/12 19:26:47 | 000,970,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PWMUICtl\228121123dd4b12295c92c05746bcddb\PWMUICtl.ni.dllMOD - [2013/07/12 11:54:56 | 000,368,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\abb10610a31396b63a3cd6c4715b3780\PresentationFramework.Aero.ni.dllMOD - [2013/07/12 11:51:53 | 011,500,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\d1ce70bf6cbab6ab838cbd8b50e902c1\mscorlib.ni.dllMOD - [2013/07/12 11:48:11 | 001,156,608 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\cd6b8416903164862eba3d170df40c90\System.Management.ni.dllMOD - [2013/07/12 11:43:44 | 016,547,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\5e3a9f3d64adfb3c69b49d37368bf454\mscorlib.ni.dllMOD - [2012/12/26 05:38:00 | 000,103,424 | ---- | M] () -- C:\Program Files (x86)\ThinkPad\Utilities\US\PWMROV.DLLMOD - [2012/10/26 15:44:12 | 000,013,888 | ---- | M] () -- C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exeMOD - [2012/07/06 12:02:32 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dllMOD - [2010/04/07 03:05:16 | 002,085,888 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cv210.dllMOD - [2010/04/07 03:04:06 | 002,201,088 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cxcore210.dllMOD - [2009/08/29 16:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Jason Ng\Local Settings\Apps\F.lux\flux.exeMOD - [2009/05/28 16:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe ========== Services (SafeList) ========== SRV:64bit: - [2013/07/02 10:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)SRV:64bit: - [2013/06/29 10:49:28 | 000,068,608 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Program Files\Classic Shell\ClassicShellService.exe -- (ClassicShellService)SRV:64bit: - [2013/06/25 08:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)SRV:64bit: - [2013/06/01 19:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)SRV:64bit: - [2013/05/04 16:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)SRV:64bit: - [2013/05/04 16:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)SRV:64bit: - [2013/04/28 06:52:04 | 000,061,224 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)SRV:64bit: - [2013/04/09 14:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)SRV:64bit: - [2013/03/02 12:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)SRV:64bit: - [2013/03/02 12:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)SRV:64bit: - [2013/01/10 09:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)SRV:64bit: - [2013/01/10 09:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)SRV:64bit: - [2012/11/15 18:07:18 | 000,661,056 | ---- | M] (Lenovo Corporation) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM)SRV:64bit: - [2012/11/15 18:07:06 | 000,496,192 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)SRV:64bit: - [2012/11/15 18:06:32 | 000,501,312 | ---- | M] (Lenovo Corporation) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)SRV:64bit: - [2012/11/13 10:24:52 | 000,460,864 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe -- (LnvHotSpotSvc)SRV:64bit: - [2012/11/06 14:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)SRV:64bit: - [2012/09/20 19:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)SRV:64bit: - [2012/09/20 16:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)SRV:64bit: - [2012/07/26 13:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)SRV:64bit: - [2012/07/26 13:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)SRV:64bit: - [2012/07/26 13:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)SRV:64bit: - [2012/07/26 13:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)SRV:64bit: - [2012/07/26 13:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)SRV:64bit: - [2012/07/26 13:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)SRV:64bit: - [2012/07/26 13:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)SRV:64bit: - [2012/07/26 13:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)SRV:64bit: - [2012/07/26 13:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)SRV:64bit: - [2012/07/26 13:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)SRV:64bit: - [2012/07/26 13:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)SRV:64bit: - [2012/06/08 01:07:16 | 000,201,376 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)SRV:64bit: - [2011/12/15 19:23:46 | 002,246,184 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)SRV:64bit: - [2011/07/12 17:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)SRV:64bit: - [2011/07/12 17:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)SRV:64bit: - [2011/07/12 17:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)SRV:64bit: - [2011/01/14 08:05:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)SRV:64bit: - [2010/09/23 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2010/04/22 13:20:18 | 000,177,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe -- (PelService)SRV - [2013/06/26 15:57:38 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2013/05/11 20:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013/03/30 05:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2013/02/27 15:13:05 | 000,125,952 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)SRV - [2013/02/19 20:34:50 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)SRV - [2012/12/26 05:38:00 | 001,667,216 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)SRV - [2012/12/26 05:38:00 | 001,665,680 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)SRV - [2012/12/26 05:38:00 | 000,320,576 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)SRV - [2012/11/06 14:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)SRV - [2012/10/26 15:44:32 | 000,458,304 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe -- (LocationTaskManager)SRV - [2012/07/26 13:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)SRV - [2012/04/19 00:15:38 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)SRV - [2011/11/10 09:00:10 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2011/09/02 13:27:08 | 000,446,800 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe -- (SROSVC)SRV - [2011/09/01 14:23:44 | 000,447,104 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)SRV - [2011/08/11 06:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe -- (NSL)SRV - [2011/02/24 18:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- c:\program files\pc-doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020200}_0)DRV:64bit: - [2013/07/09 18:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)DRV:64bit: - [2013/07/02 10:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)DRV:64bit: - [2013/07/02 08:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)DRV:64bit: - [2013/06/29 16:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2013/06/21 10:07:52 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm)DRV:64bit: - [2013/06/21 10:07:52 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)DRV:64bit: - [2013/06/11 07:17:46 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)DRV:64bit: - [2013/06/01 21:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)DRV:64bit: - [2013/06/01 21:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)DRV:64bit: - [2013/06/01 13:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)DRV:64bit: - [2013/05/04 17:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)DRV:64bit: - [2013/05/04 17:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)DRV:64bit: - [2013/04/28 06:52:04 | 000,044,800 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ibmpmdrv.sys -- (IBMPMDRV)DRV:64bit: - [2013/04/24 01:23:00 | 000,460,528 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)DRV:64bit: - [2013/03/02 20:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)DRV:64bit: - [2013/03/02 20:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)DRV:64bit: - [2013/03/02 20:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)DRV:64bit: - [2013/02/19 20:34:56 | 009,000,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2013/01/16 20:04:45 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys -- (dtsoftbus01)DRV:64bit: - [2013/01/10 11:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)DRV:64bit: - [2012/12/26 05:38:00 | 000,029,512 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\DZHDD64.SYS -- (DzHDD64)DRV:64bit: - [2012/12/26 05:38:00 | 000,020,328 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\TPPWR64V.SYS -- (TPPWRIF)DRV:64bit: - [2012/11/27 13:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)DRV:64bit: - [2012/11/20 14:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)DRV:64bit: - [2012/11/06 13:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)DRV:64bit: - [2012/11/02 14:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\point64.sys -- (Point64)DRV:64bit: - [2012/10/17 22:19:22 | 000,044,344 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)DRV:64bit: - [2012/10/12 18:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2012/10/11 17:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)DRV:64bit: - [2012/10/11 17:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)DRV:64bit: - [2012/09/28 20:52:10 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dc3d.sys -- (dc3d)DRV:64bit: - [2012/09/20 17:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2012/09/20 17:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2012/07/26 15:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/07/26 15:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)DRV:64bit: - [2012/07/26 15:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)DRV:64bit: - [2012/07/26 15:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)DRV:64bit: - [2012/07/26 15:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)DRV:64bit: - [2012/07/26 15:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)DRV:64bit: - [2012/07/26 15:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)DRV:64bit: - [2012/07/26 15:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2012/07/26 15:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2012/07/26 15:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)DRV:64bit: - [2012/07/26 15:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2012/07/26 15:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)DRV:64bit: - [2012/07/26 15:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)DRV:64bit: - [2012/07/26 15:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2012/07/26 15:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)DRV:64bit: - [2012/07/26 15:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2012/07/26 15:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2012/07/26 14:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)DRV:64bit: - [2012/07/26 14:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)DRV:64bit: - [2012/07/26 13:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)DRV:64bit: - [2012/07/26 12:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)DRV:64bit: - [2012/07/26 12:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)DRV:64bit: - [2012/07/26 12:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)DRV:64bit: - [2012/07/26 12:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)DRV:64bit: - [2012/07/26 12:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)DRV:64bit: - [2012/07/26 12:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)DRV:64bit: - [2012/07/26 12:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)DRV:64bit: - [2012/07/26 12:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)DRV:64bit: - [2012/07/26 12:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)DRV:64bit: - [2012/07/26 12:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)DRV:64bit: - [2012/07/26 12:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)DRV:64bit: - [2012/07/26 12:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)DRV:64bit: - [2012/07/26 12:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)DRV:64bit: - [2012/07/26 12:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2012/07/26 12:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)DRV:64bit: - [2012/07/26 12:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)DRV:64bit: - [2012/07/26 12:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2012/07/26 12:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)DRV:64bit: - [2012/07/26 12:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)DRV:64bit: - [2012/07/26 12:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)DRV:64bit: - [2012/07/26 12:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)DRV:64bit: - [2012/07/26 12:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)DRV:64bit: - [2012/07/26 12:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)DRV:64bit: - [2012/07/26 12:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)DRV:64bit: - [2012/07/26 12:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)DRV:64bit: - [2012/07/09 12:43:12 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)DRV:64bit: - [2012/07/04 12:39:00 | 000,105,472 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\risdxc64.sys -- (risdxc)DRV:64bit: - [2012/06/30 12:00:53 | 001,119,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTL8192Ce)DRV:64bit: - [2012/06/21 13:59:50 | 001,586,848 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\CHDRT64.sys -- (CnxtHdAudService)DRV:64bit: - [2012/01/27 11:44:54 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\psadd.sys -- (psadd)DRV:64bit: - [2011/09/22 08:49:56 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)DRV:64bit: - [2011/08/18 11:00:44 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)DRV:64bit: - [2011/08/09 09:38:05 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NSTx64\0200000.010\ccSetx64.sys -- (ccSet_NST)DRV:64bit: - [2011/05/30 17:21:40 | 000,013,128 | ---- | M] (Authentec Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp2)DRV:64bit: - [2011/03/05 12:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\5U877.sys -- (5U877)DRV:64bit: - [2011/01/14 08:04:20 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\ApsX64.sys -- (Shockprf)DRV:64bit: - [2011/01/14 08:02:28 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\ApsHM64.sys -- (TPDIGIMN)DRV:64bit: - [2010/12/21 02:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\e1c62x64.sys -- (e1cexpress)DRV:64bit: - [2010/12/18 17:57:32 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btwavdt.sys -- (btwavdt)DRV:64bit: - [2010/11/06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2010/10/25 19:10:22 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dgderdrv.sys -- (dgderdrv)DRV:64bit: - [2010/10/25 19:03:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)DRV:64bit: - [2010/09/07 15:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\smiifx64.sys -- (lenovo.smi)DRV:64bit: - [2009/04/23 13:58:16 | 000,022,016 | ---- | M] (Primax Electronics Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\PELMoubt.SYS -- (pelmoubt)DRV:64bit: - [2007/09/20 12:11:18 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\pelbtm.sys -- (pelbtm)DRV - [2013/07/18 15:34:28 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)DRV - [2012/02/08 21:41:52 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)DRV - [2012/02/08 21:41:52 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)DRV - [2010/10/25 19:03:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENPIE - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]IE - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankIE - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SRIE - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enAU479IE - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jason Ng\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\ [2013/09/04 16:26:24 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP5X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2013/03/20 11:18:28 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2013/01/16 21:03:14 | 000,000,000 | ---D | M] [2012/12/16 02:01:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dllCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLLCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLLCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dllCHR - plugin: Java Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllCHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\WINDOWS\SysWOW64\npDeployJava1.dllCHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dllCHR - Extension: Chrome YouTube Downloader = C:\Users\Jason Ng\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.17_0\CHR - Extension: NetBank = C:\Users\Jason Ng\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnpedghacgigoamalnfnikaagobdbjp\1.0.0.4_0\CHR - Extension: ThinkVantage Password Manager = C:\Users\Jason Ng\AppData\Local\Google\Chrome\User Data\Default\Extensions\geempcnjhccnoepfmahaeemnnfnignab\4.10.6_0\CHR - Extension: AdBlock = C:\Users\Jason Ng\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0\CHR - Extension: Chrome In-App Payments service = C:\Users\Jason Ng\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\CHR - Extension: Auto Refresh Plus = C:\Users\Jason Ng\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\1.8.9.22_0\ O1 HOSTS File: ([2012/07/26 15:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hostsO2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O2:64bit: - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)O3:64bit: - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3 - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)O4:64bit: - HKLM..\Run: [Daemon for Mouse Suite] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE (Primax Electronics Ltd.)O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [intelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Corporation)O4:64bit: - HKLM..\Run: [LnvMobHotspotClient] C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe (Lenovo)O4:64bit: - HKLM..\Run: [PasswordManager] C:\Program Files\Lenovo\Password Manager\password_manager.exe (Lenovo Group Limited)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)O4:64bit: - HKLM..\Run: [TpShocks] C:\WINDOWS\SysNative\TpShocks.exe (Lenovo.)O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)O4 - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)O4 - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)O4 - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000..\Run: [F.lux] C:\Users\Jason Ng\Local Settings\Apps\F.lux\flux.exe ()O4 - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000..\Run: [Facebook Update] C:\Users\Jason Ng\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)O4 - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)O4 - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)O4 - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000..\Run: [LTT] C:\Program Files\PC-Doctor\EnableToolbarW32.exe File not foundO4 - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)O4 - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000..\Run: [Weather Tracker3] C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe ()O4 - Startup: C:\Users\Jason Ng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not foundO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)O9:64bit: - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.25.2)O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.25.2)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 149.171.96.2 149.171.192.2O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37B453C1-E7A8-4FA8-963A-3B3A8EFD0D3F}: DhcpNameServer = 192.168.0.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F15B934-BE1A-440B-829E-9CE82E3584CB}: DhcpNameServer = 149.171.96.2 149.171.192.2O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\ms-help - No CLSID value foundO18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O27:64bit: - HKLM IFEO\sidebar.exe: Debugger - C:\Program Files (x86)\Windows Sidebar\8GadgetPack.exe ()O27 - HKLM IFEO\sidebar.exe: Debugger - C:\Program Files (x86)\Windows Sidebar\8GadgetPack.exe ()O30 - LSA: Security Packages - (livessp) - File not foundO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2012/12/15 11:51:08 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O32 - AutoRun File - [2008/06/11 02:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/09/04 02:51:22 | 000,000,000 | ---D | C] -- C:\Users\Jason Ng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux[2013/09/04 02:51:18 | 000,000,000 | ---D | C] -- C:\Users\Jason Ng\Local Settings[2013/09/02 20:01:57 | 000,000,000 | ---D | C] -- C:\Users\Jason Ng\AppData\Roaming\SUPERAntiSpyware.com[2013/09/01 20:03:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss[2013/09/01 01:12:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT[2013/08/15 19:47:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\MRT[2013/08/13 13:37:02 | 000,000,000 | ---D | C] -- C:\Users\Jason Ng\Desktop\Livewire[2013/08/12 23:28:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump[2013/08/12 19:37:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log[2013/08/11 14:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo[2013/08/06 22:20:58 | 000,000,000 | ---D | C] -- C:\Users\Jason Ng\Desktop\Pictures[2013/08/06 20:59:43 | 000,203,672 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\SysNative\drivers\ssudmdm.sys[2013/08/06 20:59:43 | 000,103,448 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\SysNative\drivers\ssudbus.sys[2013/08/06 20:55:48 | 000,233,472 | ---- | C] (Teruten) -- C:\WINDOWS\SysWow64\FsUsbExService.Exe[3 C:\Users\Jason Ng\Desktop\*.tmp files -> C:\Users\Jason Ng\Desktop\*.tmp -> ][2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ][13 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ][1 C:\WINDOWS\SysNative\drivers\*.tmp files -> C:\WINDOWS\SysNative\drivers\*.tmp -> ][1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/09/04 17:04:01 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2013/09/04 16:30:56 | 000,848,230 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI[2013/09/04 16:30:56 | 000,723,700 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat[2013/09/04 16:30:56 | 000,136,838 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat[2013/09/04 16:28:03 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2013/09/04 16:27:04 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2013/09/04 16:25:15 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys[2013/09/04 16:25:10 | 3338,018,816 | -HS- | M] () -- C:\hiberfil.sys[2013/09/04 06:39:01 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-4142977412-1557321089-3802878651-1000UA.job[2013/09/03 21:39:01 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-4142977412-1557321089-3802878651-1000Core.job[2013/08/25 13:38:48 | 000,732,911 | ---- | M] () -- C:\Users\Jason Ng\Desktop\hungry-jacks-vouchers.pdf[2013/08/24 04:46:04 | 000,158,057 | ---- | M] () -- C:\Users\Jason Ng\Desktop\Family Law Act.rtf[2013/08/21 16:46:23 | 000,001,277 | ---- | M] () -- C:\Users\Jason Ng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk[2013/08/13 23:28:13 | 000,065,103 | ---- | M] () -- C:\Users\Jason Ng\Desktop\P1-BM657_EMERGE_G_20130811183032.jpg[3 C:\Users\Jason Ng\Desktop\*.tmp files -> C:\Users\Jason Ng\Desktop\*.tmp -> ][2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ][13 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ][1 C:\WINDOWS\SysNative\drivers\*.tmp files -> C:\WINDOWS\SysNative\drivers\*.tmp -> ][1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/09/03 21:11:49 | 000,387,583 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml[2013/08/25 13:38:13 | 000,732,911 | ---- | C] () -- C:\Users\Jason Ng\Desktop\hungry-jacks-vouchers.pdf[2013/08/24 04:34:58 | 000,158,057 | ---- | C] () -- C:\Users\Jason Ng\Desktop\Family Law Act.rtf[2013/08/13 23:28:11 | 000,065,103 | ---- | C] () -- C:\Users\Jason Ng\Desktop\P1-BM657_EMERGE_G_20130811183032.jpg[2013/08/06 20:55:48 | 000,110,592 | ---- | C] () -- C:\WINDOWS\SysWow64\FsUsbExDevice.Dll[2013/08/06 20:55:48 | 000,037,344 | ---- | C] () -- C:\WINDOWS\SysWow64\FsUsbExDisk.Sys[2013/02/28 13:00:00 | 000,002,495 | ---- | C] () -- C:\ProgramData\Network_Meter_Data.csv[2013/02/19 20:35:12 | 000,963,388 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin[2013/02/19 20:34:56 | 000,064,512 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll[2013/01/16 21:45:24 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll[2013/01/16 21:37:26 | 000,000,576 | ---- | C] () -- C:\Users\Jason Ng\AppData\Roaming\All CPU MeterV3_Settings.ini[2012/12/23 12:34:27 | 000,000,715 | ---- | C] () -- C:\WINDOWS\eReg.dat[2012/10/29 11:09:28 | 000,974,848 | ---- | C] () -- C:\WINDOWS\SysWow64\cis-2.4.dll[2012/10/29 11:09:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_bs-2.3.dll[2012/10/29 11:09:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_pe-2.3.dll[2012/10/29 11:09:28 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_se-2.3.dll[2012/10/29 11:09:28 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe[2012/10/10 01:22:28 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin[2012/07/26 18:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat[2012/07/26 18:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT[2012/07/26 17:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2012/07/26 11:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll[2012/07/26 06:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin[2012/07/26 06:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll[2012/06/11 16:28:05 | 000,000,261 | ---- | C] () -- C:\Users\Jason Ng\AppData\Roaming\Battery Meter_Settings.ini[2012/06/11 16:26:55 | 000,001,302 | ---- | C] () -- C:\Users\Jason Ng\AppData\Roaming\Network Meter_Settings.ini[2012/06/03 00:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat[2012/03/10 15:53:12 | 000,735,230 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI[2012/02/09 01:46:00 | 000,007,593 | ---- | C] () -- C:\Users\Jason Ng\AppData\Local\Resmon.ResmonCfg[2012/01/27 11:15:42 | 000,066,856 | ---- | C] () -- C:\WINDOWS\SysWow64\SynTPEnhPS.dll ========== ZeroAccess Check ========== [2013/01/17 10:54:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 16:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 15:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 13:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 13:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 13:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/12/23 12:29:42 | 000,000,000 | ---D | M] -- C:\Users\Jason Ng\AppData\Roaming\DAEMON Tools Lite[2012/05/04 17:31:51 | 000,000,000 | ---D | M] -- C:\Users\Jason Ng\AppData\Roaming\Dropbox[2012/02/08 20:44:48 | 000,000,000 | ---D | M] -- C:\Users\Jason Ng\AppData\Roaming\Leadertech[2013/01/17 00:44:39 | 000,000,000 | ---D | M] -- C:\Users\Jason Ng\AppData\Roaming\Lenovo[2013/01/17 09:28:44 | 000,000,000 | ---D | M] -- C:\Users\Jason Ng\AppData\Roaming\LSC[2012/07/14 17:33:57 | 000,000,000 | ---D | M] -- C:\Users\Jason Ng\AppData\Roaming\Origin[2013/01/17 09:34:46 | 000,000,000 | ---D | M] -- C:\Users\Jason Ng\AppData\Roaming\PCDr[2012/02/08 22:48:17 | 000,000,000 | ---D | M] -- C:\Users\Jason Ng\AppData\Roaming\PwrMgr[2013/06/26 16:06:58 | 000,000,000 | ---D | M] -- C:\Users\Jason Ng\AppData\Roaming\Red Alert 3[2012/11/27 23:39:32 | 000,000,000 | ---D | M] -- C:\Users\Jason Ng\AppData\Roaming\Samsung[2012/05/10 01:49:31 | 000,000,000 | ---D | M] -- C:\Users\Jason Ng\AppData\Roaming\Temp ========== Purity Check ========== < End of report >
  7. jng
    Hi everyone, Thanks to the generosity of everyone here in offering help. I think I have been infected with some Adware that I have not been successful in removing despite running multiple malware removers including Malwarebytes. Problem: A random ad will open in a new tab in my chrome browser without warning. It links to sites like casino.com and vube.com, but right before it opens, it opens a site with URL: http://7.rotator.wigetmedia.com/servlet/ajrotator/319235/0/vh?ajecscp=1378206909662&z=wiget&dim=79059&kw=&click= My logs are copied below, thanks for your help in advance! .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8 Pro with Media CenterBoot Device: \Device\HarddiskVolume1Install Date: 16/01/2013 9:01:43 PMSystem Uptime: 2/09/2013 10:37:52 PM (23 hours ago).Motherboard: LENOVO | | 4286CTOProcessor: Intel® Core i5-2520M CPU @ 2.50GHz | CPU | 800/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 453 GiB total, 234.371 GiB free.E: is CDROM ()Q: is FIXED (NTFS) - 12 GiB total, 3.062 GiB free..==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: WAN Miniport (Network Monitor)Device ID: ROOT\MS_NDISWANBH\0001Manufacturer: MicrosoftName: WAN Miniport (Network Monitor) #2PNP Device ID: ROOT\MS_NDISWANBH\0001Service: NdisWan.==== System Restore Points ===================.RP48: 2/09/2013 10:47:57 PM - Post Malware Clean.==== Installed Programs ======================.8GadgetPackAdobe AIRAdobe Reader XI (11.0.03)Adobe Shockwave Player 11.6Broadcom InConcert MaestroCisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleClassic ShellCommand & Conquer™ Red Alert™ 3Conexant 20672 SmartAudio HDCreate Recovery MediaD3DX10DAEMON Tools LiteDefinition Update for Microsoft Office 2010 (KB982726) 64-Bit EditionDropboxe-tax 2012e-tax 2013Evernote v. 4.2.3Facebook Video Calling 1.2.0.287Google ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperIntegrated Camera Driver Installer Package Ver.1.1.0.1147Integrated Camera TWAINIntel® Control CenterIntel® Identity Protection Technology 1.1.2.0Intel® Management Engine ComponentsIntel® Processor GraphicsJava 7 Update 25Java Auto UpdaterJava 6 Update 37Junk Mail filter updateLenovo Patch UtilityLenovo Patch Utility 64 bitLenovo Power Management DriverLenovo RegistrationLenovo Screen Reading OptimizerLenovo Settings - Camera AudioLenovo Settings Dependency PackageLenovo Settings Mobile HotspotLenovo SimpleTapLenovo Solution CenterLenovo System Interface DriverLenovo System UpdateLenovo User GuideLenovo Warranty InformationLenovo WelcomeMesh RuntimeMessage Center PlusMessenger Plus! 6Messenger Plus! for SkypeMicrosoft Application Error ReportingMicrosoft Flight Simulator XMicrosoft Mouse and Keyboard CenterMicrosoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 32-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 32-bit MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft Outlook Hotmail Connector 64-bitMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WSE 3.0 RuntimeMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKNorton Safe Web LiteOn Screen DisplayOriginPokerStarsPower ManagerRegistry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7RICOH_Media_Driver_v2.22.18.01Samsung KiesSamsung Story Album ViewerSAMSUNG USB Driver for Mobile PhonesService Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit EditionSimCity 4 Rush HourSkype™ 6.5SteamswMSMThe Sims™ 3ThinkPad FullScreen MagnifierThinkPad UltraNav DriverThinkPad UltraNav UtilityThinkPad Wireless LAN Adapter SoftwareThinkVantage Active Protection SystemThinkVantage AutoLockThinkVantage Fingerprint SoftwareThinkVantage Password ManagerUpdate for Microsoft Office 2010 (KB2760631) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2825640) 64-Bit EditionVIP AccessVLC media player 2.0.1Weatherzone Tracker v2.04Windows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0)Windows Driver Package - Intel System (09/10/2010 9.2.0.1011)Windows Driver Package - Intel System (11/20/2010 9.2.0.1016)Windows Driver Package - Intel USB (12/21/2010 9.2.0.1021)Windows Driver Package - Lenovo 1.62.00.00 (01/19/2011 1.62.00.00)Windows Driver Package - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWinRAR 4.11 (64-bit).==== Event Viewer Messages From Past Week ========.3/09/2013 10:31:29 AM, Error: Service Control Manager [7034] - The LnvMHService service terminated unexpectedly. It has done this 1 time(s).3/09/2013 10:30:47 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.2/09/2013 10:38:35 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {7160A13D-73DA-4CEA-95B9-37356478588A} and APPID Unavailable to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.1/09/2013 8:18:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}1/09/2013 8:15:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}1/09/2013 8:12:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}1/09/2013 8:12:26 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.1/09/2013 8:12:26 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.1/09/2013 8:12:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}1/09/2013 8:12:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}1/09/2013 8:12:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}1/09/2013 8:11:29 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.1/09/2013 8:11:29 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.1/09/2013 8:11:29 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub System service which failed to start because of the following error: A device attached to the system is not functioning.1/09/2013 8:11:29 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.1/09/2013 8:11:29 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.1/09/2013 8:11:29 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI Proxy Service Driver service which failed to start because of the following error: A device attached to the system is not functioning.1/09/2013 8:11:29 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.1/09/2013 8:11:29 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.1/09/2013 8:11:29 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.1/09/2013 8:11:29 PM, Error: Service Control Manager [7001] - The Conexant Audio Message Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.1/09/2013 8:10:47 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume Windows7_OS. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000035507. The name of the file is "<unable to determine file name>".1/09/2013 8:06:46 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume Windows7_OS. The exact nature of the corruption is unknown. The file system structures need to be scanned online..==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2Run by Jason Ng at 21:33:05 on 2013-09-03Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.61.2057.18.3979.1672 [GMT 10:00].AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\WINDOWS\system32\svchost.exe -k DcomLaunchC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exe -k RPCSSC:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\WINDOWS\system32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\dwm.exeC:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files\Classic Shell\ClassicShellService.exeC:\Windows\System32\WUDFHost.exeC:\Windows\System32\WUDFHost.exeC:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exeC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\System32\spoolsv.exeC:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exeC:\Program Files\LENOVO\HOTKEY\TPHKSVC.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\WINDOWS\system32\BtwRSupportService.exeC:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exeC:\WINDOWS\system32\CxAudMsg64.exeC:\Program Files (x86)\Intel\Services\IPT\jhi_service.exeC:\WINDOWS\system32\dashost.exeC:\Program Files\Lenovo\Communications Utility\CAMMUTE.exeC:\Program Files\LENOVO\HOTKEY\MICMUTE.exeC:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exeC:\Program Files\Lenovo\Communications Utility\vcamsvc.exeC:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exeC:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exeC:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exeC:\WINDOWS\SysWOW64\SAsrv.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\system32\wbem\unsecapp.exeC:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\taskhostex.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Classic Shell\ClassicStartMenu.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXEC:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXEC:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exeC:\PROGRA~2\ThinkPad\UTILIT~1\PWMUIAux.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exeC:\Windows\System32\RuntimeBroker.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\WINDOWS\system32\taskeng.exeC:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exeC:\WINDOWS\system32\wbem\unsecapp.exeC:\Program Files\Lenovo\AutoLock\ALCKRESI.exeC:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exeC:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXEC:\Program Files\CONEXANT\ForteConfig\fmapp.exeC:\Program Files\Lenovo\Communications Utility\TpKnrres.exeC:\Windows\System32\TpShocks.exeC:\Program Files\Lenovo\Lenovo Mouse Suite\Pelmiced.exeC:\Program Files\Microsoft Mouse and Keyboard Center\itype.exeC:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exeC:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exeC:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Windows\System32\StikyNot.exeC:\Program Files\Microsoft Office\Office14\ONENOTEM.EXEC:\Windows\SysWOW64\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exeC:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exeC:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exeC:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exeC:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Windows Media Player\wmplayer.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\SearchProtocolHost.exeC:\WINDOWS\system32\SearchFilterHost.exeC:\WINDOWS\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankmWinlogon: Userinit = userinit.exe,BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dllBHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dllBHO: Norton Safe Web Lite BHO: {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Norton Safe Web Lite: {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dllTB: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dllTB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorunuRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startupuRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preloaduRun: [LTT] C:\Program Files\PC-Doctor\EnableToolbarW32.exeuRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [Weather Tracker3] C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exeuRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunuRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silentuRun: [Facebook Update] "C:\Users\Jason Ng\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserveruRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exeuRun: [RESTART_STICKY_NOTES] C:\WINDOWS\System32\StikyNot.exemRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exemRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /bootmRun: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exemRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitormRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\Users\JASONN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXEmPolicies-System: DisableCAD = dword:1IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exeIE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dllTCP: NameServer = 192.168.0.1TCP: Interfaces\{37B453C1-E7A8-4FA8-963A-3B3A8EFD0D3F} : DHCPNameServer = 192.168.0.1TCP: Interfaces\{6F15B934-BE1A-440B-829E-9CE82E3584CB} : DHCPNameServer = 192.168.0.1TCP: Interfaces\{6F15B934-BE1A-440B-829E-9CE82E3584CB}\4516E6B6023547275616D602C4162637 : DHCPNameServer = 8.8.8.8 8.8.4.4 192.231.203.132 192.231.203.3Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLLSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromemASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettingsIFEO: sidebar.exe - C:\Program Files (x86)\Windows Sidebar\8GadgetPack.exe -runx64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dllx64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Password Manager\tvtpwm_ie_com.dllx64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dllx64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dllx64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXEx64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServicesx64-Run: [Daemon for Mouse Suite] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE 60x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exex64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exex64-Run: [TpShocks] TpShocks.exex64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /tx64-Run: [PasswordManager] C:\Program Files\Lenovo\Password Manager\password_manager.exex64-Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"x64-Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"x64-Run: [LnvMobHotspotClient] C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exex64-Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exex64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exex64-mPolicies-System: DisableCAD = dword:1x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exex64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Password Manager\tvtpwm_ie_com.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dllx64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-IFEO: sidebar.exe - C:\Program Files (x86)\Windows Sidebar\8GadgetPack.exe -run.============= SERVICES / DRIVERS ===============.R0 DzHDD64;DzHDD64;C:\WINDOWS\System32\Drivers\DZHDD64.SYS [2012-1-27 29512]R0 iaStorA;iaStorA;C:\WINDOWS\System32\Drivers\iaStorA.sys [2013-1-16 645952]R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\System32\Drivers\ApsHM64.sys [2011-1-14 23664]R1 ccSet_NST;Norton Safe Web Lite Settings Manager;C:\WINDOWS\System32\Drivers\NSTx64\0200000.010\ccSetx64.sys [2012-3-10 167048]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\System32\Drivers\dtsoftbus01.sys [2012-12-23 283200]R1 lenovo.smi;Lenovo System Interface Driver;C:\WINDOWS\System32\Drivers\smiifx64.sys [2011-8-17 15472]R1 pelmoubt;Mouse Suite Bluetooth Driver;C:\WINDOWS\System32\Drivers\PELMoubt.SYS [2012-2-9 22016]R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\WINDOWS\System32\BtwRSupportService.exe [2011-12-15 2246184]R2 CxAudMsg;Conexant Audio Message Service;C:\WINDOWS\System32\CxAudMsg64.exe [2012-1-27 201376]R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]R2 LENOVO.CAMMUTE;Lenovo AVFramework Camera Privacy Controller;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2013-1-16 501312]R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2013-3-17 101736]R2 LENOVO.TPKNRSVC;Lenovo AVFramework Microphone Volume Controller and Dolby Interface;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2013-1-16 496192]R2 LENOVO.TVTVCAM;Lenovo AVFramework Control Center and ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2013-1-16 661056]R2 LocationTaskManager;Location Task Manager;C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [2012-10-26 458304]R2 MsgPlusService;Messenger Plus! Service;C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-6-9 125952]R2 NSL;Norton Safe Web Lite;C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2012-3-10 138760]R2 PelService;Session Launcher Service;C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe [2012-2-9 177152]R2 SAService;Conexant SmartAudio service;C:\WINDOWS\System32\SAsrv.exe --> C:\WINDOWS\System32\SAsrv.exe [?]R2 smihlp2;SMI Helper Driver (smihlp2);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-5-30 13128]R2 SROSVC;Screen Reading Optimizer Service Program;C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2012-1-27 446800]R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2013-3-17 145256]R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-8-17 142696]R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-19 84080]R3 IntcDAud;Intel® Display Audio;C:\WINDOWS\System32\Drivers\IntcDAud.sys [2012-1-27 317440]R3 risdxc;risdxc;C:\WINDOWS\System32\Drivers\risdxc64.sys [2012-1-27 105472]R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\WINDOWS\System32\Drivers\rtwlane.sys [2012-6-30 1119232]R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\Drivers\Smb_driver_Intel.sys [2013-1-16 44344]R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]RUnknown SASKUTIL;SASKUTIL; [x]S2 LnvHotSpotSvc;LnvMHService;C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [2013-1-16 460864]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]S3 5U877;USB Video Device;C:\WINDOWS\System32\Drivers\5U877.sys [2012-1-27 166016]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\Drivers\ssudbus.sys [2013-8-6 103448]S3 dgderdrv;dgderdrv;C:\WINDOWS\System32\Drivers\dgderdrv.sys [2010-10-25 20552]S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-1-27 320576]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-8 138360]S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-8-6 37344]S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440]S3 pelbtm;Bluetooth Mouse Filter Driver;C:\WINDOWS\System32\Drivers\pelbtm.sys [2012-2-9 16384]S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-1-27 1667216]S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-1-27 1665680]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\Drivers\ssudmdm.sys [2013-8-6 203672]S3 TFsExDisk;TFsExDisk;C:\WINDOWS\System32\Drivers\TFsExDisk.sys [2012-11-27 16392]S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-26 117248]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184].=============== Created Last 30 ================.2013-09-03 05:38:06 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E355B94A-DE54-4C6D-A1C3-56C0EFAF6E67}\mpengine.dll2013-09-02 10:01:57 -------- d-----w- C:\Users\Jason Ng\AppData\Roaming\SUPERAntiSpyware.com2013-09-02 08:39:11 9515512 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2013-09-01 10:03:54 -------- d-----w- C:\WINDOWS\pss2013-08-31 15:12:05 -------- d-----w- C:\WINDOWS\ERUNT2013-08-15 09:47:40 -------- d-----w- C:\WINDOWS\System32\MRT2013-08-14 06:40:18 694272 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll2013-08-14 06:39:55 148992 ----a-w- C:\Program Files\Internet Explorer\jsdebuggeride.dll2013-08-14 06:39:20 3958784 ----a-w- C:\WINDOWS\System32\jscript9.dll2013-08-14 06:39:04 2877440 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll2013-08-14 06:39:03 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll2013-08-14 06:38:53 1889280 ----a-w- C:\WINDOWS\System32\crypt32.dll2013-08-14 06:38:52 337408 ----a-w- C:\WINDOWS\System32\wintrust.dll2013-08-14 06:38:52 261120 ----a-w- C:\WINDOWS\SysWow64\wintrust.dll2013-08-14 06:38:52 1568256 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll2013-08-14 06:38:51 98304 ----a-w- C:\WINDOWS\System32\apprepsync.dll2013-08-14 06:38:51 87040 ----a-w- C:\WINDOWS\SysWow64\apprepapi.dll2013-08-14 06:38:51 68096 ----a-w- C:\WINDOWS\System32\cryptsvc.dll2013-08-14 06:38:51 124416 ----a-w- C:\WINDOWS\System32\apprepapi.dll2013-08-14 06:38:50 74240 ----a-w- C:\WINDOWS\SysWow64\apprepsync.dll2013-08-06 10:59:43 203672 ----a-w- C:\WINDOWS\System32\drivers\ssudmdm.sys2013-08-06 10:59:43 103448 ----a-w- C:\WINDOWS\System32\drivers\ssudbus.sys2013-08-06 10:55:48 37344 ----a-w- C:\WINDOWS\SysWow64\FsUsbExDisk.Sys2013-08-06 10:55:48 233472 ----a-w- C:\WINDOWS\SysWow64\FsUsbExService.Exe2013-08-06 10:55:48 110592 ----a-w- C:\WINDOWS\SysWow64\FsUsbExDevice.Dll.==================== Find3M ====================.2013-07-26 05:13:37 2241024 ----a-w- C:\WINDOWS\System32\wininet.dll2013-07-26 05:13:28 915968 ----a-w- C:\WINDOWS\System32\uxtheme.dll2013-07-26 05:13:28 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll2013-07-26 05:12:04 136704 ----a-w- C:\WINDOWS\System32\iesysprep.dll2013-07-26 05:12:03 67072 ----a-w- C:\WINDOWS\System32\iesetup.dll2013-07-26 03:35:08 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb2013-07-26 03:13:24 1767936 ----a-w- C:\WINDOWS\SysWow64\wininet.dll2013-07-26 03:13:15 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll2013-07-26 03:12:00 61440 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll2013-07-26 03:12:00 109056 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll2013-07-26 02:49:14 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb2013-07-26 00:54:34 534528 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll2013-07-09 06:07:17 2233168 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys2013-07-02 00:44:14 36288 ----a-w- C:\WINDOWS\System32\drivers\WdBoot.sys2013-07-01 22:08:49 247216 ----a-w- C:\WINDOWS\System32\drivers\WdFilter.sys2013-07-01 11:44:32 96168 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll2013-07-01 11:44:25 867240 ----a-w- C:\WINDOWS\SysWow64\npdeployJava1.dll2013-07-01 11:44:25 789416 ----a-w- C:\WINDOWS\SysWow64\deployJava1.dll2013-06-27 22:04:51 78200 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl2013-06-27 22:04:51 693112 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe2013-06-16 22:41:31 997632 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys.============= FINISH: 21:35:39.99 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.