1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

explorer.exe and malware

Discussion in 'Virus & Other Malware Removal' started by rondev, Mar 21, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. rondev

    rondev Thread Starter

    Joined:
    Aug 14, 2005
    Messages:
    29
    After running malwarebytes, I was able to get rid of some, but not all of the malware on my machine. Malwarebytes found and deleted the following:

    Memory Modules Detected: 1
    C:\Users\sumida\AppData\Local\Omjxics\MAXComponents.DLL (VirTool.Vbcrypt) -> Delete on reboot.

    From running hijackthis.exe, I can see that there is still a lingering registry reference to this dll (which I have yet to delete):

    O4 - HKCU\..\Run: [Omjxics] regsvr32.exe C:\Users\sumida\AppData\Local\Omjxics\MAXComponents.DLL

    I rebooted, ran a full scan with both malwarebytes and a quick scan with Microsoft Antimalware Removal tool, and both came back clean.

    The machine runs well and web browsing is fine with one exception: from running fiddler, I can see that explorer.exe is occasionally making the following request:

    # Result Protocol Host URL Body Caching Content-Type Process Comments Custom
    660 502 HTTP f5f5dc.com /cmd?version=1.5&aid=434&id=ac565116-4d83-4aed-8d86-e23ffe45eab4&os=6.1.7601_1.0_64 512 text/html explorer:1740

    It also makes requests to ffeed5.com as well. The result is that a number of dllhost.exe processes are created, and a ton of http requests to different websites are made (I disconnected from the internet before any popups appeared). Also, when I reboot, the security settings in IE are changed to prevent downloads.

    Here is the Hijackthis.exe log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:49:17 AM, on 3/21/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.16843)
    Boot mode: Normal

    Running processes:
    C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
    C:\Program Files (x86)\Digital Line Detect\DLG.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Users\sumida\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start
    O4 - HKLM\..\Run: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\1172\g2mstart.exe" "/Trigger RunAtLogon"
    O4 - HKCU\..\Run: [Omjxics] regsvr32.exe C:\Users\sumida\AppData\Local\Omjxics\MAXComponents.DLL
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'DefaultAppPool')
    O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'DefaultAppPool')
    O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
    O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
    O23 - Service: AcSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    O23 - Service: AppFabric Event Collection Service (AppFabricEventCollectionService) - Unknown owner - C:\Windows\System32\AppFabric\EventCollectorService.exe (file missing)
    O23 - Service: AppFabric Workflow Management Service (AppFabricWorkflowManagementService) - Unknown owner - C:\Windows\System32\AppFabric\WorkflowManagementService.exe (file missing)
    O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - Unknown owner - C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe (file missing)
    O23 - Service: Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
    O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
    O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
    O23 - Service: AT&T Con App Svc (CAATT) - Unknown owner - C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe (file missing)
    O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
    O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\AMT\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\Windows\system32\mqsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Power Manager Service (Power Manager DBC Service) - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
    O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
    O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: Mobile Broadband Service (WMCoreService) - Ericsson AB - C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file missing)
    O23 - Service: Wyse PocketCloud (WysePocketCloud) - Unknown owner - C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe

    --
    End of file - 16220 bytes


    Here is the dds scan log:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16843
    Run by sumida at 10:43:38 on 2014-03-21
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3992.958 [GMT -7:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\ibmpmsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
    C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
    C:\Program Files\LENOVO\HOTKEY\shtctky.exe
    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Windows\system32\BtwRSupportService.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
    C:\Program Files\DebugDiag\DbgSvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\inetsrv\inetinfo.exe
    C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
    C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
    C:\Windows\system32\mqsvc.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\WUDFHost.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Windows\System32\msdtc.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
    C:\Windows\System32\TpShocks.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Digital Line Detect\DLG.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
    C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
    C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Program Files (x86)\Intel\AMT\LMS.exe
    C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Fiddler2\Fiddler.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\SysWOW64\svchost.exe
    c:\windows\system32\inetsrv\w3wp.exe
    C:\Users\sumida\Desktop\HijackThis.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uSearch Page = hxxp://www.google.com
    uProxyServer = hxxp=127.0.0.1:8888;https=127.0.0.1:8888
    uProxyOverride = <-loopback>;
    uSearchAssistant = hxxp://www.google.com
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\1172\g2mstart.exe" "/Trigger RunAtLogon"
    uRun: [Omjxics] regsvr32.exe C:\Users\sumida\AppData\Local\Omjxics\MAXComponents.DLL
    mRun: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start
    mRun: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
    mRun: [tsnp2uvc] C:\Windows\tsnp2uvc.exe
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\sumida\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
    DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.43.1
    TCP: Interfaces\{79C4BA4A-405A-457D-9C4A-7890CDA55CAE} : DHCPNameServer = 192.168.15.1
    TCP: Interfaces\{9AB9B6F9-8ABB-4DCE-8B05-D0C57A22C691} : DHCPNameServer = 192.168.43.1
    TCP: Interfaces\{9AB9B6F9-8ABB-4DCE-8B05-D0C57A22C691}\44D4C61633 : DHCPNameServer = 10.0.1.1
    TCP: Interfaces\{9AB9B6F9-8ABB-4DCE-8B05-D0C57A22C691}\46D6D236C616373727F6F6D637 : DHCPNameServer = 192.168.15.5 192.168.15.4 4.2.2.2
    TCP: Interfaces\{9AB9B6F9-8ABB-4DCE-8B05-D0C57A22C691}\74C424C4743545 : DHCPNameServer = 146.127.253.18
    TCP: Interfaces\{9AB9B6F9-8ABB-4DCE-8B05-D0C57A22C691}\77962756C656373723630333 : DHCPNameServer = 207.69.188.185 207.69.188.186
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    LSA: Notification Packages = scecli ACGina
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [TpShocks] TpShocks.exe
    x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
    x64-Run: [picon] "C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe"
    x64-Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
    x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    x64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2010-11-21 29512]
    R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2013-8-6 28928]
    R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2010-12-31 15472]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-29 203776]
    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
    R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\Windows\System32\BtwRSupportService.exe [2013-10-28 2255064]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
    R2 DbgSvc;Debug Diagnostic Service;C:\Program Files\DebugDiag\DbgSvc.exe [2011-7-12 451848]
    R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
    R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2013-11-2 44024]
    R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2013-11-2 62456]
    R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-11-12 133992]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-19 1153368]
    R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2013-11-2 126456]
    R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2013-2-16 125504]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2010-11-21 2058776]
    R2 WMCoreService;Mobile Broadband Service;C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode --> C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [?]
    R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-10-19 195072]
    R3 bcbtums;Bluetooth USB LD Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-10-28 170712]
    R3 btwampfl;btwampfl;C:\Windows\System32\drivers\btwampfl.sys [2013-8-9 166104]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-7-5 35104]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2011-3-31 299648]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2011-10-20 302296]
    R3 ecnssndis; Mobile Broadband Driver;C:\Windows\System32\drivers\wwuss64.sys [2011-3-25 26664]
    R3 ecnssndisfltr; Mobile Broadband Driver Filter;C:\Windows\System32\drivers\wwussf64.sys [2011-3-25 30248]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-21 56344]
    R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-3-4 10629184]
    R3 l36wgps; Mobile Broadband GPS Port;C:\Windows\System32\drivers\l36wgps64.sys [2011-8-10 101416]
    R3 Mbm3CBus;F3507g Mobile Broadband Device (WDM);C:\Windows\System32\drivers\Mbm3CBus.sys [2011-8-10 419400]
    R3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);C:\Windows\System32\drivers\Mbm3DevMt.sys [2011-8-10 430664]
    R3 Mbm3mdfl; Mobile Broadband Modem Port Filter;C:\Windows\System32\drivers\Mbm3mdfl.sys [2011-8-10 19528]
    R3 Mbm3Mdm; Mobile Broadband Modem Port Driver;C:\Windows\System32\drivers\Mbm3Mdm.sys [2011-8-10 483400]
    R3 Power Manager DBC Service;Power Manager Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-11-21 1669928]
    R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-11-2 45296]
    R3 WwanUsbServ;Mobile Broadband Driver;C:\Windows\System32\drivers\WwanUsbMp64.sys [2011-8-10 286248]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2013-12-1 127072]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
    S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-10-19 195072]
    S3 AppFabricEventCollectionService;AppFabric Event Collection Service;C:\Windows\System32\AppFabric\EventCollectorService.exe [2011-5-25 19312]
    S3 AppFabricWorkflowManagementService;AppFabric Workflow Management Service;C:\Windows\System32\AppFabric\WorkflowManagementService.exe [2011-5-25 110456]
    S3 ATTRcAppSvc;AT&T RcAppSvc;"C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe" /n "ATTRcAppSvc" --> C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [?]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
    S3 c2wts;Claims to Windows Token Service;C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2011-5-28 15768]
    S3 CAATT;AT&T Con App Svc;"C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe" /n "CAATT" --> C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [?]
    S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-8-10 320576]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2011-3-31 25584]
    S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-5-21 1664808]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-27 19456]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832]
    S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-21 1255736]
    S3 WMSVC;Web Management Service;C:\Windows\System32\inetsrv\WMSvc.exe [2009-7-13 10752]
    S3 WysePocketCloud;Wyse PocketCloud;C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2012-5-11 177056]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
    S4 RsFx0151;RsFx0151 Driver;C:\Windows\System32\drivers\RsFx0151.sys [2011-6-17 313696]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 431456]
    .
    =============== Created Last 30 ================
    .
    2014-03-21 08:33:42 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ED85331B-8D4D-483D-9DF3-466CC5C59E68}\mpengine.dll
    2014-03-20 23:49:14 345600 ----a-w- C:\Users\sumida\AppData\Roaming\ooinsvr.dll
    2014-03-20 20:53:42 -------- d-----w- C:\Users\sumida\AppData\Local\Omjxics
    2014-03-16 23:51:22 3156480 ----a-w- C:\Windows\System32\win32k.sys
    2014-03-16 23:51:17 484864 ----a-w- C:\Windows\System32\wer.dll
    2014-03-16 23:51:17 381440 ----a-w- C:\Windows\SysWow64\wer.dll
    2014-03-16 23:51:17 228864 ----a-w- C:\Windows\System32\wwansvc.dll
    2014-03-16 23:51:12 624128 ----a-w- C:\Windows\System32\qedit.dll
    2014-03-16 23:51:12 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2014-03-16 23:51:12 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2014-03-16 23:51:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2014-03-12 00:59:34 -------- d-----w- C:\demosMarch12
    2014-03-11 01:00:56 -------- d-----w- C:\demosMarch11
    2014-03-10 00:59:02 -------- d-----w- C:\demosMarch10
    2014-02-27 09:52:14 40280 ----a-w- C:\Windows\System32\tpinspm.dll
    2014-02-27 09:52:12 68440 ----a-w- C:\Windows\System32\ibmpmsvc.exe
    2014-02-27 09:52:12 60760 ----a-w- C:\Windows\System32\ibmpmctl.exe
    2014-02-27 09:52:12 57144 ----a-w- C:\Windows\System32\drivers\ibmpmdrv.sys
    2014-02-27 04:54:05 6574592 ----a-w- C:\Windows\System32\mstscax.dll
    2014-02-27 04:54:05 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2014-02-26 15:01:30 -------- d-----w- C:\demos022614
    2014-02-26 14:12:22 -------- d-----w- C:\demosxxx
    2014-02-24 14:31:50 -------- d-----w- C:\demos022414
    .
    ==================== Find3M ====================
    .
    2014-03-12 09:00:21 212 ----a-w- C:\Windows\ildasmfnt.bin
    2014-03-11 17:53:35 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-11 17:53:35 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-02-23 08:13:41 2241536 ----a-w- C:\Windows\System32\wininet.dll
    2014-02-23 08:11:59 3960320 ----a-w- C:\Windows\System32\jscript9.dll
    2014-02-23 08:11:52 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2014-02-23 08:11:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2014-02-23 06:54:46 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-02-23 06:53:22 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-02-23 06:53:18 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-02-23 06:53:18 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2014-02-23 06:35:36 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-02-23 06:31:25 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-02-23 05:39:39 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2014-02-23 05:35:24 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-07-15 03:03:30 4188160 ----a-w- C:\Program Files (x86)\GUT41E7.tmp
    .
    ============= FINISH: 10:46:03.96 ===============


    Here is the attach.txt log:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/21/2010 5:38:43 PM
    System Uptime: 3/21/2014 9:13:22 AM (1 hours ago)
    .
    Motherboard: LENOVO | | 2764CTO
    Processor: Intel(R) Core(TM)2 Duo CPU P9500 @ 2.53GHz | None | 2534/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 298 GiB total, 100.489 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Bytemobile Kernel Network Provider
    Device ID: ROOT\LEGACY_TCPIPBM\0000
    Manufacturer:
    Name: Bytemobile Kernel Network Provider
    PNP Device ID: ROOT\LEGACY_TCPIPBM\0000
    Service: tcpipBM
    .
    ==== System Restore Points ===================
    .
    RP401: 2/24/2014 6:24:01 PM - Windows Update
    RP402: 2/26/2014 8:54:07 PM - Windows Update
    RP403: 3/9/2014 5:19:17 AM - Scheduled Checkpoint
    RP404: 3/16/2014 5:09:59 PM - Windows Update
    RP405: 3/16/2014 6:03:59 PM - Installed TurboTax 2013 wrapper
    RP406: 3/16/2014 6:17:43 PM - Installed TurboTax 2013 wcaiper
    RP407: 3/20/2014 10:12:57 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Access Help
    Adobe AIR
    Adobe Flash Player 12 ActiveX
    Adobe Reader X (10.1.4)
    Application Verifier (x64)
    ATI Catalyst Install Manager
    ATI Uninstaller
    Aventail Access Manager
    Aventail Web Proxy Agent
    Aventail Webifiers
    Camera Support Core Library
    Canon Camera Support Core Library
    Canon MOV Decoder
    Canon MOV Encoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
    Canon Utilities PhotoStitch 3.1
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Dutch
    CCC Help English
    CCC Help French
    CCC Help German
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Portuguese
    CCC Help Spanish
    CCC Help Swedish
    Conexant 20561 SmartAudio HD
    Crystal Reports for Visual Studio
    D3DX10
    davehope.co.uk Product Key Finder
    Debug Diagnostics 1.2
    Debugging Tools for Windows (x64)
    Debugging Tools for Windows (x86)
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DevelopMentor Campfire Viewer v2
    Dotfuscator Software Services - Community Edition
    Fiddler2
    Gobi API SDK Installer
    Google Apps Migration For Microsoft® Exchange 2.3.1010.507
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 6.0.0.1259
    H3Viewer by http://www.Helpware.net
    Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2736182)
    Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2890573)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2529927)
    Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2548139)
    Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2549864)
    Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2565057)
    Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2581019)
    Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2591016)
    Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2615527)
    Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2635973)
    Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2736182)
    Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2890573)
    IIS URL Rewrite Module 2
    Integrated Camera
    Intel PROSet Wireless
    Intel(R) Management Engine Interface
    Intel(R) Network Connections Drivers
    Intel(R) PROSet/Wireless WiFi Software
    Intel® Active Management Technology
    Java Auto Updater
    Java(TM) 6 Update 37
    JetBrains dotTrace 3.1
    Lenovo Auto Scroll Utility
    Lenovo Patch Utility
    Lenovo Patch Utility 64 bit
    Lenovo Power Management Driver
    Lenovo System Interface Driver
    Lenovo System Update
    Lenovo ThinkVantage Toolbox
    Malwarebytes Anti-Malware version 1.75.0.1300
    Message Center Plus
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft ADO.NET Entity Framework 4.1
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft ASP.NET MVC 3
    Microsoft ASP.NET MVC 3 - Visual Studio 2010 Tools Update
    Microsoft ASP.NET MVC 4
    Microsoft ASP.NET MVC 4 - Visual Studio 2010 Tools
    Microsoft ASP.NET MVC 4 Runtime
    Microsoft ASP.NET Visual Studio 2010 Finalizer
    Microsoft ASP.NET Visual Studio 2010 Uninstall Finalizer
    Microsoft ASP.NET Web Pages
    Microsoft ASP.NET Web Pages - Visual Studio 2010 Tools
    Microsoft ASP.NET Web Pages 2
    Microsoft ASP.NET Web Pages 2 - Visual Studio 2010 Tools
    Microsoft ASP.NET Web Pages 2 Runtime
    Microsoft Code Contracts (devlabs_TS) 1.5.60911.10 for .NET
    Microsoft Expression Blend 3 SDK
    Microsoft Expression Blend 4
    Microsoft Expression Blend SDK for .NET 4
    Microsoft Expression Blend SDK for Silverlight 4
    Microsoft Expression Design 4
    Microsoft Expression Encoder 4
    Microsoft Expression Encoder 4 Screen Capture Codec
    Microsoft Expression Studio 4
    Microsoft F# Runtime for Silverlight 4
    Microsoft Help Viewer 1.1
    Microsoft Lync Web App Plug-in
    Microsoft NuGet for Visual Studio 2010
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Live Meeting 2007
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Reactive Extensions SDK v1.0.10621 SP1
    Microsoft Reactive Extensions SDK v2.0
    Microsoft Report Viewer Redistributable 2008 (KB971119)
    Microsoft Report Viewer Redistributable 2008 SP1
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft Silverlight 4 Toolkit April 2010
    Microsoft Silverlight 5 SDK
    Microsoft Silverlight Tools for Visual Studio 2010
    Microsoft SQL Server 2000 Sample Database Scripts
    Microsoft SQL Server 2008 R2 (64-bit)
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Management Objects (x64)
    Microsoft SQL Server 2008 R2 Native Client
    Microsoft SQL Server 2008 R2 Policies
    Microsoft SQL Server 2008 R2 RsFx Driver
    Microsoft SQL Server 2008 R2 Setup (English)
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Browser
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server System CLR Types (x64)
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Sync Framework Services v1.0 SP1 (x64)
    Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    Microsoft Team Foundation Server 2010 Object Model - ENU
    Microsoft Unity Application Block 2.0
    Microsoft Visual C++ 11 x64 Additional Runtime - 11.0.40825
    Microsoft Visual C++ 11 x64 Debug Runtime - 11.0.40825
    Microsoft Visual C++ 11 x64 Minimum Runtime - 11.0.40825
    Microsoft Visual C++ 11 x86 Additional Runtime - 11.0.40825
    Microsoft Visual C++ 11 x86 Debug Runtime - 11.0.40825
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual C++ Compilers 2010 SP1 Standard - x64
    Microsoft Visual C++ Compilers 2010 SP1 Standard - x86
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 11 Developer Preview
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
    Microsoft Visual Studio 2010 Office Developer Tools (x64)
    Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
    Microsoft Visual Studio 2010 Premium - ENU
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Microsoft Visual Studio Macro Tools
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Web Platform Installer 4.0
    Microsoft Windows Debugging Symbols
    Microsoft Windows Performance Toolkit
    Microsoft Windows SDK .NET Framework Tools (30514)
    Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
    Microsoft Windows SDK for Windows 7 (7.1)
    Microsoft Windows SDK for Windows 7 Common Utilities (30514)
    Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
    Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514)
    Microsoft Windows SDK for Windows 7 Samples (30514)
    Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
    Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
    Microsoft Windows SDK MSHelp (30514)
    Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
    Mobile Broadband drivers
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    On Screen Display
    PhotoStitch
    PocketCloud Windows Companion
    Power Manager
    PX Profile Update
    RAW Image Task 1.0
    RemoteCapture Task 1.0.2
    RICOH R5U8xx Media Driver ver.3.64.02
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
    Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
    Security Update for Microsoft Expression Design 4 (KB2667730)
    Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
    Security Update for Microsoft Visual Studio 2010 Premium - ENU (KB2645410)
    Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
    Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
    Skype™ 6.9
    Snoop
    Spybot - Search & Destroy
    SpywareBlaster 4.6
    SQL Server 2008 R2 SP1 Client Tools
    SQL Server 2008 R2 SP1 Common Files
    SQL Server 2008 R2 SP1 Database Engine Services
    SQL Server 2008 R2 SP1 Database Engine Shared
    SQL Server 2008 R2 SP1 Management Studio
    Sql Server Customer Experience Improvement Program
    System Migration Assistant
    ThinkPad Bluetooth with Enhanced Data Rate Software
    ThinkPad FullScreen Magnifier
    ThinkPad Modem Adapter
    ThinkPad UltraNav Driver
    ThinkPad UltraNav Utility
    ThinkVantage Access Connections
    ThinkVantage Active Protection System
    ThinkVantage Communications Utility
    ThinkVantage GPS
    TurboTax 2010
    TurboTax 2010 wcaiper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    TurboTax 2011
    TurboTax 2011 wcaiper
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wrapper
    TurboTax 2012
    TurboTax 2012 wcaiper
    TurboTax 2012 WinPerFedFormset
    TurboTax 2012 WinPerReleaseEngine
    TurboTax 2012 WinPerTaxSupport
    TurboTax 2012 wrapper
    TurboTax 2013
    TurboTax 2013 wcaiper
    TurboTax 2013 WinPerFedFormset
    TurboTax 2013 WinPerReleaseEngine
    TurboTax 2013 WinPerTaxSupport
    TurboTax 2013 wrapper
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2836939)
    Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
    Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
    Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
    Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition
    Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
    Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
    Visual Studio 2010 Prerequisites - English
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    WCF RIA Services V1.0 SP2
    Web Deployment Tool
    Windows Azure SDK
    Windows Azure Tools for Microsoft Visual Studio 2010 1.3
    Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
    Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
    Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    Windows Identity Foundation SDK 4.0
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows SDK IntellisenseNFX
    WinSCP 4.3.5
    WPF Toolkit February 2010 (Version 3.5.50211.1)
    XBAPDemo
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/21/2014 9:16:14 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: tcpipBM
    3/21/2014 9:14:34 AM, Error: Service Control Manager [7000] - The rimsptsk service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    3/21/2014 9:14:34 AM, Error: Service Control Manager [7000] - The Ricoh xD-Picture Card Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    3/21/2014 9:14:33 AM, Error: Service Control Manager [7000] - The rimmptsk service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    3/21/2014 9:13:41 AM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The WMI request could not be completed and should be retried.
    3/21/2014 9:11:46 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    3/21/2014 2:04:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/21/2014 2:04:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/21/2014 2:04:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    3/21/2014 2:04:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    3/21/2014 2:04:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/21/2014 2:02:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/21/2014 2:02:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    3/21/2014 2:02:37 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache lenovo.smi NetBIOS NetBT nsiproxy Psched rdbss spldr tcpipBM tdx TPPWRIF vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf
    3/21/2014 2:02:36 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/21/2014 2:02:36 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/21/2014 2:02:36 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/21/2014 2:02:36 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/21/2014 2:02:36 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/21/2014 2:02:35 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/21/2014 2:02:35 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    3/21/2014 2:02:35 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/21/2014 2:02:35 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/21/2014 2:02:35 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/20/2014 8:21:25 PM, Error: Schannel [36887] - The following fatal alert was received: 40.
    3/19/2014 10:24:19 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
    .
    ==== End Of File ===========================

    GMER does not bring up a dialog indicating a rootkit, but here is the ark.txt log:

    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-03-21 11:37:19
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.PC3Z 298.09GB
    Running: t4sjh55l.exe; Driver: C:\Users\sumida\AppData\Local\Temp\pwdiqpod.sys


    ---- Threads - GMER 2.1 ----

    Thread C:\Windows\system32\svchost.exe [816:936] 000000000067ae78
    Thread C:\Windows\system32\svchost.exe [816:456] 0000000000671a44
    Thread C:\Windows\system32\svchost.exe [816:500] 00000000011acb18
    Thread C:\Windows\system32\svchost.exe [816:484] 00000000011ac394
    Thread C:\Windows\system32\svchost.exe [816:412] 00000000006719b4
    Thread C:\Windows\system32\svchost.exe [816:4404] 00000000011ab8ac
    Thread C:\Windows\Explorer.EXE [1824:5504] 000000000a8a2ae8
    Thread C:\Windows\Explorer.EXE [1824:5508] 000000000a8a2be8
    Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2928:956] 000007fef51bb528
    Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2928:1076] 000007fef507b334
    Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2928:3368] 000007fef507b334
    Thread C:\Windows\system32\mqsvc.exe [3256:3372] 000007fef9d7c2e8
    Thread C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [3460:3516] 000007fef0a8cbb0
    Thread C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [3460:3520] 000007fef0a6406c
    Thread C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [3460:2380] 000007fef09c7060
    Thread C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [3460:3592] 000007fef7c22e60
    Thread C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [3460:2360] 000007fef0a6406c
    Thread C:\Windows\system32\rundll32.exe [4536:5960] 00000000024855c0
    Thread C:\Windows\system32\rundll32.exe [4536:5964] 00000000024855c0
    Thread C:\Windows\system32\rundll32.exe [4536:5968] 00000000024855c0
    Thread C:\Windows\System32\svchost.exe [2396:5552] 000007fedfed9688
    Thread C:\Windows\SysWOW64\svchost.exe [2068:6184] 0000000000126b96
    Thread C:\Windows\SysWOW64\svchost.exe [2068:5584] 000000000012654a

    ---- EOF - GMER 2.1 ----


    Thanks in advance for your help.

    Ron
     
  2. Sponsor

  3. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,502
    Hi rondev,
    Since I can see what you work on, I am giving you a lot to do here in one post.
    Just take one task at a time, in order. If you have any problems with any of them, let me know.
    Please don't Install, Uninstall, or Scan with anything else unless I ask, until we are finished cleaning.

    One of contributing reasons to becoming infected with malware is the lack of an Antivirus.
    Windows Defender is a complete antivirus in Windows 8, but is not in Windows 7.
    -----------------------------------------------------------
    Download the Microsoft Security Essentials Installer
    The download is here: http://www.microsoft.com/security_essentials/
    Choose "Save As" and Save it to your desktop. Make sure you can find it.
    Install Microsoft Security Essentials
    Double Click the icon for the Microsoft Security Essentials installer.
    Let it install, update itself, run a scan, and delete anything it finds.
    Be patient. The first updates and first scan can take a while.
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    Adobe Reader X (10.1.4)
    Java(TM) 6 Update 37
    SpywareBlaster 4.6

    If Spywareblaster asks whether you want to remove all its settings, answer YES.
    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    --------------------------------------------------------
    Download and Install the newest version of Adobe Reader for reading pdf files
    There are security vulnerabilities in earlier versions of both Reader and Acrobat Pro. All versions numbered lower than 11.0.06 are vulnerable.
    Go HERE to download the Installer AdbeRdr11006_en_US.exe .
    Save the file to your desktop and run it to install the latest version of Adobe Reader.
    Always be careful to UNCHECK any offer for toolbars, helpers or other "partner" Free programs
    After the new Reader is installed, Open Adobe Reader XI, as it is called, and OK the license.
    Click on Edit and select Preferences.
    On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
    Click on the Security (Enhanced) category
    Uncheck Automatically trust sites from my Win OS security zones, and under Protected View, click on Files from potentially unsafe locations.
    Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
    Click the OK button
    When it asks if you are sure you want to make changes to Advanced Security Preferences, answer Yes.
    When it finishes, you can remove the Installer from your desktop.
    ------------------------------------------------------------
    You may want to read here before you decide whather to keep Java on your system:
    http://www.zdnet.com/a-close-look-a...eptive-software-with-java-updates-7000010038/

    If You Decide to Keep it, Download and Install the latest version of Java Runtime Environment from here :
    http://www.oracle.com/technetwork/java/javase/downloads/index.html, and install it to your computer.
    Under Java Platform, Standard Edition, labeled Java SE 7 Update 51, click on the button labeled JRE Download.
    Do NOT choose the buttons labeled "JDK Download" or "JRE Server".
    If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
    Check the button to agree to the license.
    Select the links for your Platform, both jre-7u51-windows-i586.exe and jre-7u51-windows-x64.exe
    Click them one at a time, download each and save them to your desktop.
    Then doubleclick each on your desktop, and they will install the newest versions of Java for you to use.

    During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.
    When it finishes, you can remove the Installer(s) from your desktop.
    ---------------------------------------------
    Now we need a scanner that can remove something
    Download the OTL Scanner
    Please download OTL.exe by OldTimer and save it to your desktop.
    ---------------------------------------------
    Run a Scan with OTL
    • Right click the OTL icon and choose "Run as administrator" to run it.
    • Check the box at the top, labeled Include 64 bit scans
    • Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList
    • Make sure all other windows are closed to let it run uninterrupted.
    • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
    OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
    The Extras.txt file will only appear the very first time you run OTL.
    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

    askey127
     
  4. rondev

    rondev Thread Starter

    Joined:
    Aug 14, 2005
    Messages:
    29
    Hi Askey127,

    Thanks for your prompt reply. I followed your instructions, first installing Microsoft Security Essentials, performing the update, and running the scan (I just took the default of a quick scan, rather than running the full scan, which would have taken a complete day). The update took a really long to complete, and the malware periodically tried to make an http request to the ffeed5.com and f5f5dc.com websites, which in turn made a ton of http requests to other sites, as I indicated in my first post. This made me really nervous that more malware would get installed on my machine. So I manually updated the windows\system32\drivers\etc\hosts file to block those two websites (hope that's OK).

    MSE didn't find any threats from the initial scan.

    I successfully installed the new version of Acrobat reader as per your instructions, and decided not to install Java. After the reboot step, MSE dynamically indicated that it had detected the following:

    http://www.microsoft.com/security/p...e=Trojan:Win32/Alureon.GQ&threatid=2147681394

    which it quarantined and I then removed.

    I noticed that after the reboot and the removal of the item found by MSE, my security settings in the browser were not being changed to prohibit downloads as they were before. I also have not seen any requests being made to the ffeed5.com and f5f5dc,com websites from explorer.exe, although it's possible that it still might happen and I just haven't seen it yet.

    During the OTL scan, my wireless light was flashing very frequently, so I disabled the wireless, since I'm not sure if all the malware is gone. If you want me to rerun it with wireless turned on the whole time, let me know and I can redo it.

    In any case, here is the OTL.txt scan result that you requested, followed by the extras.txt results in my next post:

    OTL logfile created on: 3/22/2014 8:27:41 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sumida\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16844)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.90 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 42.26% Memory free
    7.80 Gb Paging File | 4.85 Gb Available in Paging File | 62.26% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 297.99 Gb Total Space | 101.41 Gb Free Space | 34.03% Space Free | Partition Type: NTFS

    Computer Name: SUMIDA-PC | User Name: sumida | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/03/22 20:25:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sumida\Desktop\OTL.exe
    PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/10/29 13:11:08 | 000,330,744 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    PRC - [2013/10/22 17:19:14 | 000,272,680 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
    PRC - [2013/10/22 17:19:04 | 000,133,416 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
    PRC - [2013/10/22 17:18:40 | 000,846,120 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
    PRC - [2013/10/22 17:00:30 | 000,610,304 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
    PRC - [2013/09/03 06:03:00 | 001,669,928 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
    PRC - [2013/09/03 06:03:00 | 000,127,784 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
    PRC - [2013/08/23 08:59:13 | 000,040,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\1172\g2mstart.exe
    PRC - [2013/08/23 08:59:13 | 000,040,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\1172\g2mlauncher.exe
    PRC - [2013/08/23 08:59:13 | 000,040,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\1172\g2mcomm.exe
    PRC - [2013/06/28 17:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    PRC - [2013/05/29 18:24:10 | 000,062,456 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    PRC - [2013/05/29 18:24:04 | 000,060,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
    PRC - [2013/05/29 18:23:10 | 000,044,024 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
    PRC - [2012/12/04 15:04:40 | 000,125,504 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
    PRC - [2011/07/12 19:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    PRC - [2011/07/12 18:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
    PRC - [2011/04/07 13:29:44 | 000,594,984 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
    PRC - [2011/01/24 13:28:10 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
    PRC - [2010/02/04 13:14:20 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    PRC - [2010/02/04 13:14:06 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\AMT\LMS.exe
    PRC - [2009/05/27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


    ========== Modules (No Company Name) ==========

    MOD - [2009/05/27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe


    ========== Services (SafeList) ==========

    SRV:64bit: - [2014/02/27 02:52:12 | 000,068,440 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
    SRV:64bit: - [2013/10/28 19:02:18 | 002,255,064 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
    SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2013/08/06 10:43:00 | 000,047,400 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
    SRV:64bit: - [2013/05/29 18:24:10 | 000,062,456 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
    SRV:64bit: - [2013/05/29 18:23:10 | 000,044,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
    SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2013/05/23 14:00:40 | 000,126,456 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
    SRV:64bit: - [2013/05/22 17:17:54 | 000,127,072 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
    SRV:64bit: - [2012/12/04 15:04:40 | 000,125,504 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
    SRV:64bit: - [2012/05/04 23:10:38 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/11/01 13:37:56 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2011/11/01 13:22:28 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2011/10/20 18:33:22 | 000,135,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
    SRV:64bit: - [2011/10/19 14:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
    SRV:64bit: - [2011/07/12 19:01:38 | 000,451,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\DebugDiag\DbgSvc.exe -- (DbgSvc)
    SRV:64bit: - [2011/07/12 17:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
    SRV:64bit: - [2011/01/24 13:28:10 | 000,915,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2010/11/20 06:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
    SRV:64bit: - [2010/05/24 19:35:27 | 000,110,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppFabric\WorkflowManagementService.exe -- (AppFabricWorkflowManagementService)
    SRV:64bit: - [2010/05/24 19:35:26 | 000,019,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppFabric\EventCollectorService.exe -- (AppFabricEventCollectionService)
    SRV:64bit: - [2010/02/02 16:03:05 | 000,015,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe -- (c2wts)
    SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/07/13 18:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
    SRV:64bit: - [2009/07/13 18:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
    SRV - [2014/03/11 10:53:37 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/02/21 13:39:52 | 000,024,120 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
    SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/10/22 17:19:14 | 000,272,680 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
    SRV - [2013/10/22 17:19:04 | 000,133,416 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
    SRV - [2013/09/05 11:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/09/03 06:03:00 | 001,669,928 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
    SRV - [2013/09/03 06:03:00 | 001,664,808 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
    SRV - [2013/09/03 06:03:00 | 000,320,576 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
    SRV - [2013/06/28 17:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
    SRV - [2012/05/11 15:09:52 | 000,177,056 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe -- (WysePocketCloud)
    SRV - [2011/04/07 13:29:44 | 000,594,984 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe -- (WMCoreService)
    SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2010/11/20 05:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/04 13:14:20 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
    SRV - [2010/02/04 13:14:06 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\AMT\LMS.exe -- (LMS)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/04/29 12:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2014/02/27 02:52:12 | 000,057,144 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
    DRV:64bit: - [2013/10/28 19:02:16 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
    DRV:64bit: - [2013/10/01 19:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2013/09/26 19:04:18 | 000,461,040 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2013/09/26 19:04:16 | 000,045,296 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
    DRV:64bit: - [2013/09/03 06:03:00 | 000,029,512 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
    DRV:64bit: - [2013/09/03 06:03:00 | 000,020,736 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
    DRV:64bit: - [2013/08/09 20:02:14 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
    DRV:64bit: - [2013/08/06 10:43:00 | 000,152,832 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
    DRV:64bit: - [2013/08/06 10:43:00 | 000,028,928 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
    DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/05/05 01:58:46 | 008,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2012/05/05 01:58:46 | 008,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/05/04 22:28:14 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/12/26 18:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
    DRV:64bit: - [2011/10/31 15:57:50 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2011/10/20 18:24:18 | 000,302,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
    DRV:64bit: - [2011/10/19 14:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
    DRV:64bit: - [2011/10/19 14:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
    DRV:64bit: - [2011/10/14 01:05:48 | 010,629,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
    DRV:64bit: - [2011/10/14 01:05:48 | 010,629,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/06/27 08:06:54 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020200}_0)
    DRV:64bit: - [2011/06/17 20:54:22 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0151.sys -- (RsFx0151)
    DRV:64bit: - [2011/04/13 14:08:54 | 000,483,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
    DRV:64bit: - [2011/04/13 14:08:54 | 000,430,664 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
    DRV:64bit: - [2011/04/13 14:08:54 | 000,419,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus)
    DRV:64bit: - [2011/04/13 14:08:54 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
    DRV:64bit: - [2011/04/06 09:18:56 | 000,286,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/28 15:24:12 | 000,101,416 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l36wgps64.sys -- (l36wgps)
    DRV:64bit: - [2010/12/17 16:51:46 | 000,299,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
    DRV:64bit: - [2010/12/17 16:51:44 | 001,493,632 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
    DRV:64bit: - [2010/12/17 16:51:42 | 000,748,160 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2010/11/20 06:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
    DRV:64bit: - [2010/11/20 06:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
    DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 04:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
    DRV:64bit: - [2010/11/20 04:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/09/07 15:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
    DRV:64bit: - [2010/08/30 17:47:16 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV:64bit: - [2010/05/10 14:47:58 | 000,016,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
    DRV:64bit: - [2010/05/10 14:43:24 | 000,023,736 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
    DRV:64bit: - [2010/04/14 02:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
    DRV:64bit: - [2010/03/03 10:30:30 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
    DRV:64bit: - [2010/03/03 10:30:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
    DRV:64bit: - [2010/01/15 13:23:20 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2010/01/15 13:23:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2010/01/15 13:23:10 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2009/10/05 18:58:18 | 000,649,216 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2009/09/03 21:14:30 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
    DRV:64bit: - [2009/09/03 20:59:28 | 000,054,784 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
    DRV:64bit: - [2009/09/03 20:37:02 | 000,067,072 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2009/08/07 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
    DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/07/13 16:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/23 13:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/06/11 18:04:54 | 003,531,136 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
    DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/04/07 14:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3138307283-1882095833-4123552314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-3138307283-1882095833-4123552314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-3138307283-1882095833-4123552314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKU\S-1-5-21-3138307283-1882095833-4123552314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-3138307283-1882095833-4123552314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 B6 03 F3 67 44 CF 01 [binary data]
    IE - HKU\S-1-5-21-3138307283-1882095833-4123552314-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
    IE - HKU\S-1-5-21-3138307283-1882095833-4123552314-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
    IE - HKU\S-1-5-21-3138307283-1882095833-4123552314-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3138307283-1882095833-4123552314-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKU\S-1-5-21-3138307283-1882095833-4123552314-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3138307283-1882095833-4123552314-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-3138307283-1882095833-4123552314-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-3138307283-1882095833-4123552314-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 74 7A ED D9 AF CC 01 [binary data]
    IE - HKU\S-1-5-21-3138307283-1882095833-4123552314-1010\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3138307283-1882095833-4123552314-1010\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3138307283-1882095833-4123552314-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\sumida\AppData\Local\Citrix\Plugins\79\npappdetector.dll (Citrix Online)
    FF - HKCU\Software\MozillaPlugins\LWAPlugin15.8: C:\Users\sumida\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Fiddler2\FiddlerHook [2011/03/22 10:23:02 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Citrix Online Web Deployment Plugin 1.0.0.79 (Enabled) = C:\Users\sumida\AppData\Local\Citrix\Plugins\79\npappdetector.dll
    CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
    CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: Collection of BDA Tuning Model Component Types(Broadcast Substream Types) = C:\Users\sumida\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.0\
    CHR - Extension: YouTube = C:\Users\sumida\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\sumida\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\sumida\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
    CHR - Extension: Gmail = C:\Users\sumida\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2014/03/22 00:07:37 | 000,444,507 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 www.123fporn.info
    O1 - Hosts: 15266 more lines...
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\Windows\SysNative\mqrt.dll (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe ()
    O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
    O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
    O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
    O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
    O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe File not found
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3138307283-1882095833-4123552314-1000..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\1172\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
    O4 - HKU\S-1-5-21-3138307283-1882095833-4123552314-1000..\Run: [Omjxics] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
    O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
    O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-3138307283-1882095833-4123552314-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control)
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79C4BA4A-405A-457D-9C4A-7890CDA55CAE}: DhcpNameServer = 192.168.15.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AB9B6F9-8ABB-4DCE-8B05-D0C57A22C691}: DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{bd2cae48-f5d7-11df-8bc5-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{bd2cae48-f5d7-11df-8bc5-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ThinInstaller\ThinInstaller.exe
    O33 - MountPoints2\{cb9fc46a-26ca-11e1-af50-028037ec0200}\Shell - "" = AutoRun
    O33 - MountPoints2\{cb9fc46a-26ca-11e1-af50-028037ec0200}\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
    O33 - MountPoints2\{eed763b6-1511-11e2-a7b6-002556ce7a4f}\Shell - "" = AutoRun
    O33 - MountPoints2\{eed763b6-1511-11e2-a7b6-002556ce7a4f}\Shell\AutoRun\command - "" = E:\ScholasticReader.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/03/22 20:25:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\sumida\Desktop\OTL.exe
    [2014/03/21 21:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2014/03/21 21:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2014/03/21 01:18:14 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\sumida\Desktop\HijackThis.exe
    [2014/03/20 13:53:42 | 000,000,000 | ---D | C] -- C:\Users\sumida\AppData\Local\Omjxics
    [2014/03/16 18:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2013
    [2014/03/16 17:16:09 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2014/03/16 17:16:09 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2014/03/16 17:16:08 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2014/03/16 17:16:08 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2014/03/16 17:16:07 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2014/03/16 17:16:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2014/03/16 17:16:07 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2014/03/16 17:16:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2014/03/16 17:16:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2014/03/16 17:16:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2014/03/16 17:16:07 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2014/03/16 17:16:07 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2014/03/16 17:16:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2014/03/16 17:16:05 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2014/03/16 17:16:05 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2014/03/16 17:16:05 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2014/03/16 17:16:04 | 003,960,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2014/03/16 16:51:17 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
    [2014/03/16 16:51:17 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
    [2014/03/16 16:51:12 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
    [2014/03/16 16:51:12 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
    [2014/03/16 16:51:11 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
    [2014/03/11 17:59:34 | 000,000,000 | ---D | C] -- C:\demosMarch12
    [2014/03/10 18:00:56 | 000,000,000 | ---D | C] -- C:\demosMarch11
    [2014/03/09 17:59:02 | 000,000,000 | ---D | C] -- C:\demosMarch10
    [2014/02/27 02:52:14 | 000,040,280 | ---- | C] (Lenovo.) -- C:\Windows\SysNative\tpinspm.dll
    [2014/02/27 02:52:12 | 000,068,440 | ---- | C] (Lenovo.) -- C:\Windows\SysNative\ibmpmsvc.exe
    [2014/02/27 02:52:12 | 000,060,760 | ---- | C] (Lenovo.) -- C:\Windows\SysNative\ibmpmctl.exe
    [2014/02/27 02:52:12 | 000,057,144 | ---- | C] (Lenovo.) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys
    [2014/02/26 21:54:05 | 006,574,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
    [2014/02/26 21:54:05 | 005,694,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
    [2014/02/26 08:01:30 | 000,000,000 | ---D | C] -- C:\demos022614
    [2014/02/26 07:12:22 | 000,000,000 | ---D | C] -- C:\demosxxx
    [2014/02/24 07:31:50 | 000,000,000 | ---D | C] -- C:\demos022414
    [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/03/22 20:25:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sumida\Desktop\OTL.exe
    [2014/03/22 20:17:57 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
    [2014/03/22 20:12:39 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/03/22 20:12:37 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/03/22 20:12:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/03/22 20:12:12 | 000,000,072 | ---- | M] () -- C:\Windows\SysNative\yuvnvy.lhx
    [2014/03/22 19:39:08 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/03/22 19:39:08 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/03/22 19:34:28 | 001,061,770 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/03/22 19:34:28 | 000,862,922 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/03/22 19:34:28 | 000,196,186 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/03/22 19:29:44 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/03/22 19:28:38 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2014/03/22 19:27:55 | 3139,457,024 | -HS- | M] () -- C:\hiberfil.sys
    [2014/03/22 00:07:37 | 000,444,507 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2014/03/21 21:18:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2014/03/21 10:42:44 | 000,380,416 | ---- | M] () -- C:\Users\sumida\Desktop\t4sjh55l.exe
    [2014/03/21 01:18:14 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\sumida\Desktop\HijackThis.exe
    [2014/03/20 16:49:23 | 000,345,600 | ---- | M] () -- C:\Users\sumida\AppData\Roaming\ooinsvr.dll
    [2014/03/20 16:35:43 | 000,000,000 | --S- | M] () -- C:\Windows\SysNative\qeyj.msa
    [2014/03/20 14:27:26 | 000,000,028 | ---- | M] () -- C:\Windows\SysWow64\u
    [2014/03/20 14:25:15 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\iibk.nfr
    [2014/03/20 14:25:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\kisjl.eol
    [2014/03/20 14:08:51 | 000,230,894 | --S- | M] () -- C:\Windows\SysNative\wfmje.yqf
    [2014/03/16 18:07:19 | 000,001,225 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2014/03/16 18:05:22 | 000,002,513 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2013.lnk
    [2014/03/16 17:53:03 | 000,420,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/03/16 17:52:41 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2014/03/16 16:42:17 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2014/03/12 12:45:32 | 000,000,483 | ---- | M] () -- C:\Users\sumida\Documents\ChatLog Custom _NET training for Barclays Singapore 2014_03_12 12_45.rtf
    [2014/03/12 02:00:21 | 000,000,212 | ---- | M] () -- C:\Windows\ildasmfnt.bin
    [2014/03/11 10:53:35 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2014/03/11 10:53:35 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2014/03/11 10:29:41 | 000,000,675 | ---- | M] () -- C:\Users\sumida\Documents\ChatLog Custom _NET training for Barclays Singapore 2014_03_11 10_29.rtf
    [2014/03/10 01:47:40 | 000,000,479 | ---- | M] () -- C:\Users\sumida\Documents\ChatLog Custom _NET training for Barclays Singapore 2014_03_10 01_47.rtf
    [2014/03/09 17:54:31 | 000,002,306 | ---- | M] () -- C:\Users\sumida\Desktop\GoToTraining.lnk
    [2014/03/09 17:54:31 | 000,001,376 | ---- | M] () -- C:\Users\sumida\Desktop\GoToMeeting.lnk
    [2014/02/28 15:27:13 | 001,445,864 | ---- | M] () -- C:\Users\sumida\Desktop\demos WPF GS.zip
    [2014/02/27 02:52:14 | 000,040,280 | ---- | M] (Lenovo.) -- C:\Windows\SysNative\tpinspm.dll
    [2014/02/27 02:52:12 | 000,068,440 | ---- | M] (Lenovo.) -- C:\Windows\SysNative\ibmpmsvc.exe
    [2014/02/27 02:52:12 | 000,060,760 | ---- | M] (Lenovo.) -- C:\Windows\SysNative\ibmpmctl.exe
    [2014/02/27 02:52:12 | 000,057,144 | ---- | M] (Lenovo.) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys
    [2014/02/24 16:30:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
    [2014/02/23 01:13:59 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2014/02/23 01:12:32 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2014/02/23 01:12:24 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2014/02/23 01:11:59 | 003,960,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2014/02/23 01:11:59 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2014/02/23 01:11:52 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2014/02/23 01:11:52 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2014/02/23 01:11:52 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2014/02/23 01:11:51 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2014/02/22 23:53:40 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2014/02/22 23:53:21 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2014/02/22 23:53:18 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2014/02/22 23:53:18 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2014/02/22 23:53:18 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2014/02/22 23:53:18 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2014/02/22 22:39:39 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2014/02/22 22:35:24 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/03/22 20:17:57 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    [2014/03/22 20:17:57 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
    [2014/03/21 21:18:56 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2014/03/21 21:18:47 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2014/03/21 10:42:44 | 000,380,416 | ---- | C] () -- C:\Users\sumida\Desktop\t4sjh55l.exe
    [2014/03/20 16:49:14 | 000,345,600 | ---- | C] () -- C:\Users\sumida\AppData\Roaming\ooinsvr.dll
    [2014/03/20 16:35:43 | 000,000,000 | --S- | C] () -- C:\Windows\SysNative\qeyj.msa
    [2014/03/20 14:35:48 | 000,000,072 | ---- | C] () -- C:\Windows\SysNative\yuvnvy.lhx
    [2014/03/20 14:27:26 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\u
    [2014/03/20 14:25:15 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\iibk.nfr
    [2014/03/20 14:25:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\kisjl.eol
    [2014/03/20 14:08:50 | 000,230,894 | --S- | C] () -- C:\Windows\SysNative\wfmje.yqf
    [2014/03/16 18:05:22 | 000,002,513 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2013.lnk
    [2014/03/12 12:45:31 | 000,000,483 | ---- | C] () -- C:\Users\sumida\Documents\ChatLog Custom _NET training for Barclays Singapore 2014_03_12 12_45.rtf
    [2014/03/11 10:29:41 | 000,000,675 | ---- | C] () -- C:\Users\sumida\Documents\ChatLog Custom _NET training for Barclays Singapore 2014_03_11 10_29.rtf
    [2014/03/10 01:47:40 | 000,000,479 | ---- | C] () -- C:\Users\sumida\Documents\ChatLog Custom _NET training for Barclays Singapore 2014_03_10 01_47.rtf
    [2014/02/28 15:27:04 | 001,445,864 | ---- | C] () -- C:\Users\sumida\Desktop\demos WPF GS.zip
    [2014/02/24 16:00:11 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
    [2012/08/13 08:45:27 | 000,060,864 | ---- | C] () -- C:\Users\sumida\g2mdlhlpx.exe
    [2012/03/25 16:26:09 | 000,001,225 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2011/12/15 22:13:37 | 000,000,600 | ---- | C] () -- C:\Users\sumida\AppData\Roaming\winscp.rnd
    [2011/05/29 17:26:27 | 000,646,533 | ---- | C] () -- C:\Users\sumida\AppData\Local\debuggee.mdmp
    [2011/02/17 16:02:12 | 000,001,654 | ---- | C] () -- C:\Users\sumida\AppData\Roaming\SvcTraceViewer.exe.settings
    [2011/01/19 09:45:44 | 000,007,602 | ---- | C] () -- C:\Users\sumida\AppData\Local\resmon.resmoncfg
    [2010/12/09 17:11:40 | 000,004,608 | ---- | C] () -- C:\Users\sumida\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/24 10:54:46 | 000,000,600 | ---- | C] () -- C:\Users\sumida\AppData\Local\PUTTY.RND

    ========== ZeroAccess Check ==========

    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
    "ThreadingModel" = Both
    "" = \\?\globalroot\Device\HarddiskVolume2\Users\sumida\AppData\Local\Temp\scqnxwp\smyemqn\wow.dll

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/05/29 16:38:33 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\PwrMgr
    [2011/03/13 16:35:29 | 000,000,000 | ---D | M] -- C:\Users\sqluser\AppData\Roaming\AT&T
    [2011/09/04 15:42:37 | 000,000,000 | ---D | M] -- C:\Users\sqluser\AppData\Roaming\PCDr
    [2011/03/07 23:52:54 | 000,000,000 | ---D | M] -- C:\Users\sqluser\AppData\Roaming\PwrMgr
    [2014/03/20 17:39:31 | 000,000,000 | ---D | M] -- C:\Users\sumida\AppData\Roaming\Ad-Aware Antivirus
    [2010/11/22 02:12:17 | 000,000,000 | ---D | M] -- C:\Users\sumida\AppData\Roaming\AT&T
    [2011/03/22 15:28:50 | 000,000,000 | ---D | M] -- C:\Users\sumida\AppData\Roaming\Aventail
    [2010/11/21 19:13:40 | 000,000,000 | ---D | M] -- C:\Users\sumida\AppData\Roaming\Downloaded Installations
    [2011/04/14 11:54:20 | 000,000,000 | ---D | M] -- C:\Users\sumida\AppData\Roaming\ICSharpCode
    [2010/11/25 20:16:29 | 000,000,000 | ---D | M] -- C:\Users\sumida\AppData\Roaming\JetBrains
    [2011/06/27 15:20:42 | 000,000,000 | ---D | M] -- C:\Users\sumida\AppData\Roaming\LINQPad
    [2013/02/02 13:21:07 | 000,000,000 | ---D | M] -- C:\Users\sumida\AppData\Roaming\NuGet
    [2011/05/04 14:00:54 | 000,000,000 | ---D | M] -- C:\Users\sumida\AppData\Roaming\PCDr
    [2011/02/21 13:04:11 | 000,000,000 | ---D | M] -- C:\Users\sumida\AppData\Roaming\PwrMgr
    [2010/11/22 01:16:50 | 000,000,000 | ---D | M] -- C:\Users\sumida\AppData\Roaming\Sierra Wireless
    [2010/12/21 10:03:59 | 000,000,000 | ---D | M] -- C:\Users\sumida\AppData\Roaming\Update

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:5C321E34

    < End of report >
     
  5. rondev

    rondev Thread Starter

    Joined:
    Aug 14, 2005
    Messages:
    29
    Here is the extras.txt file results:

    OTL Extras logfile created on: 3/22/2014 8:27:41 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sumida\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16844)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.90 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 42.26% Memory free
    7.80 Gb Paging File | 4.85 Gb Available in Paging File | 62.26% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 297.99 Gb Total Space | 101.41 Gb Free Space | 34.03% Space Free | Partition Type: NTFS

    Computer Name: SUMIDA-PC | User Name: sumida | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-3138307283-1882095833-4123552314-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{12F6DBAE-43E7-494A-826E-1092D59B310C}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{1B856938-CB8E-4937-8355-B1C0393489DF}" = lport=138 | protocol=17 | dir=in | app=system |
    "{2C817039-3DB2-4C3E-BF46-2996D1A905D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{371AD01A-BE99-4A90-B822-782DEBD252A6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{379CC27A-9528-45DD-9552-CA5D54C6F777}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{37EC0D17-D168-4AD5-8C6A-9550261F8858}" = rport=137 | protocol=17 | dir=out | app=system |
    "{389EDBF2-A5C6-424F-8E00-B6BA0991A47E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{3DBB8675-71C7-46C1-9191-006A769D45AD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3F657E36-683E-407D-A201-F4E366435F28}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
    "{44A8766F-FD37-4E70-82F3-C63C331BD36C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5033641B-90D9-45BE-87ED-7EF5FF38E792}" = lport=3389 | protocol=6 | dir=in | app=system |
    "{650778CD-5702-4558-B8DF-3960A5B7D570}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{7CC3AAB1-095E-4A96-BA9A-1609330F725B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{84C21C0B-526F-49E8-B570-B6624EAAD674}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{98934974-3A22-4580-B9B4-13DF68069DDE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{9939FBC3-08EF-4472-B473-7ACE269ECB91}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{994AB03B-6084-4471-9C55-D67A4B638DBE}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
    "{9EB9938B-2FFC-4090-9E68-F1A1F0BB026A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A9DF7928-0347-4AF7-A74A-18B50C8D67F4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{AA9F8749-2F76-40B9-BBC9-4D8F63BAA873}" = lport=139 | protocol=6 | dir=in | app=system |
    "{AEAFF838-7225-474F-9F1A-15EF4F7E3180}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{B62FAE90-CD5A-4EA1-B999-7BB6C4A40A28}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{BB063D08-4776-4B06-A66D-7C3395485F1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BE130275-1129-44FE-8E84-6C22F7238810}" = lport=137 | protocol=17 | dir=in | app=system |
    "{BE94D35F-E093-4712-967C-9EA267F2AFE1}" = rport=138 | protocol=17 | dir=out | app=system |
    "{C15B8B15-B1B2-47E2-A991-C948B2BD60F7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{C2044358-D091-4432-A737-9516DA342653}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C2FABDDE-DF5F-4C53-B756-652D8B0053DD}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
    "{C45BEE0D-45D3-46C9-A991-4CE8181061BC}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
    "{C5170A1F-3488-4CA7-8F65-3754B9B3107B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{CF8039BC-EF43-489E-8DA0-2BC95E115F7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D08657DD-1C28-4037-8DB2-5763714C0CF8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D300E88C-678B-42E2-9C2C-D47AD7D9606A}" = lport=445 | protocol=6 | dir=in | app=system |
    "{D75AE8C4-5E54-4635-8DD2-8FE8CE8FA5A5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E4BF2618-AD42-4E0E-8B3C-800B1E2365EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{E60E626C-E725-453D-9E91-D66BCD753C8A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{E6701788-4BD1-428B-ABE8-312978DFCC47}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F341CAB6-2F4B-40BE-AA95-67FCC6571E00}" = rport=139 | protocol=6 | dir=out | app=system |
    "{F4809155-B75B-4B8D-89E6-65DD40F34766}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{F8859F94-1C71-411C-A18D-C200C7CC0A51}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{FDB302CE-1D34-4C87-9CCB-EC62A8AC7337}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02333CAA-FCD8-4D1F-BDD4-4E46F71E5DC5}" = protocol=58 | dir=out | [email protected],-503 |
    "{02981FE2-BB12-4C7E-AD11-D6348E3B164D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{0E409915-B667-4508-BFE1-8B56A13CE918}" = protocol=6 | dir=out | app=system |
    "{11360014-8F1D-419B-B92C-D4569A76AB1D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{18BC80F3-A8FE-499D-8AC9-86ED6B69D664}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1E856713-129E-487F-B73B-C6A920D8865E}" = protocol=58 | dir=in | [email protected],-28545 |
    "{20F00540-4D4F-42AF-84C9-228245202583}" = protocol=58 | dir=out | [email protected],-28546 |
    "{25E31A26-241F-4427-B5F2-0FB49F2FBCF5}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{386E3BEB-1E59-44B6-A0B6-2145571CC785}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{38B6C63D-217B-4E49-8E66-FE2B6F356B30}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{39050151-F8EC-4ABC-AB62-BD27464DE908}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{42848174-7570-49F3-9EDA-D7C6022E3B71}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
    "{42ED6E82-3FAD-4B95-8898-7EBD94D81309}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{4D063970-B130-477D-A113-FCDC3F619B3B}" = protocol=1 | dir=out | [email protected],-28544 |
    "{5543A8C5-E31B-49F4-8F40-277011941384}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{55CCBD42-E48A-4E0E-B164-3E89D0B5267A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{5C781CDB-AC51-47F3-B03E-4C9CA295F6CD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{5E820039-DDA7-48D4-83D6-2421B077F3F3}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{61E70072-9038-4D44-A05B-63E92481410E}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{62481D58-E02B-4696-83E2-CE4D36E00A1E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{693EE598-EF0E-47F6-8B74-11D29C2801B3}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud windows companion\pocketcloudservice.exe |
    "{6A650C45-5CA9-45AF-8647-4BE82498FA19}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{73FC4ABD-8D03-440F-A6E6-AB38496FA85E}" = protocol=58 | dir=in | app=system |
    "{74947540-FFE1-4430-B206-50131AC7A83D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{9196DBA6-34BE-4027-9D68-BBBD3DE388E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9E17C196-92B3-4CE7-BD9C-0A18AE1F0D9B}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{A52B391E-A50F-414B-910C-FE34284547C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{AADDBB3F-898B-4D96-A963-1FF7C7C1A63A}" = protocol=1 | dir=in | [email protected],-28543 |
    "{AC5E16DA-0B6D-4F39-B736-65ABBBFB731B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{BDE2CBC8-3768-48F2-98C2-600800981B17}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
    "{C324CF2C-CBD5-4965-869B-D07811BFF733}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{C3C15126-308E-4233-A75B-DBB5D4A3D9C5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
    "{C512590D-B315-4155-B431-A9088448957F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{C69FFBDE-FF55-4045-A53D-BD408940CB7D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{C869A706-904D-4352-8D0F-E234D78C4EFB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
    "{C9B13ECD-5E27-400F-B500-941EAED1828A}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud windows companion\wysebrowser.exe |
    "{CCD834EF-36A5-4BA8-89B1-3028A838BDFE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{DE860EB5-4271-4ED1-A863-F3F4C7AB15A8}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud windows companion\pocketcloudinstallwizard.exe |
    "{E657B164-6F4B-422D-AD27-38D9A644565E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{EA287C7F-596E-43DB-B742-3C49931EFEDD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F002DC18-D3CE-4BD0-8724-B99BC54CC173}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{FBB58E29-B87F-4B1E-88D6-7A6F4AB9F07F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "TCP Query User{008A2B18-20DF-4F3D-8951-9506BF07707D}C:\developmentor\courses\wcf\4.0\labs_wcf4\labs\06 async\lab\before\asyncpetshop\accountingservice\bin\debug\accountingservice.vshost.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\wcf\4.0\labs_wcf4\labs\06 async\lab\before\asyncpetshop\accountingservice\bin\debug\accountingservice.vshost.exe |
    "TCP Query User{0138E23A-4AD0-439A-B0A5-2840FAED81D5}C:\demos\host\client\bin\debug\client.exe" = protocol=6 | dir=in | app=c:\demos\host\client\bin\debug\client.exe |
    "TCP Query User{0C1DEF84-2B8F-43EF-946D-505D6C0B82D5}C:\demos\host\discoverydemo\bin\debug\discoverydemo.exe" = protocol=6 | dir=in | app=c:\demos\host\discoverydemo\bin\debug\discoverydemo.exe |
    "TCP Query User{113A9577-E711-4E63-A3E9-DEB1AD5647EB}C:\developmentor\courses\wcf\msdn samples\wf_wcf_samples\wcf\basic\routingservices\advancedfilters\cs\roundingcalcservice\bin\service.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\wcf\msdn samples\wf_wcf_samples\wcf\basic\routingservices\advancedfilters\cs\roundingcalcservice\bin\service.exe |
    "TCP Query User{178FD5CE-50F9-4471-8C96-93375C53EDC3}C:\demos\architecturedemo\host\bin\debug\host.vshost.exe" = protocol=6 | dir=in | app=c:\demos\architecturedemo\host\bin\debug\host.vshost.exe |
    "TCP Query User{1E9029A6-D91B-41BC-B353-57F025F13E6B}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe |
    "TCP Query User{1F63D738-9521-4D01-8B04-47BF1D6B66F2}C:\users\sumida\appdata\local\temp\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\sumida\appdata\local\temp\lmir0001.tmp\lmi_rescue.exe |
    "TCP Query User{2ECEEB42-6AB2-433D-AAED-794B349FD123}C:\developmentor\courses\wcf\4.0\demos\securitydemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\wcf\4.0\demos\securitydemo\host\bin\debug\host.exe |
    "TCP Query User{41F6E58E-B13A-4F94-A811-2DB94F0EE44B}C:\demos\discoverydemo\client\bin\debug\client.exe" = protocol=6 | dir=in | app=c:\demos\discoverydemo\client\bin\debug\client.exe |
    "TCP Query User{43D36D4D-4076-44A4-B919-B22CE2D544D5}C:\developmentor\courses\saxo\demos\discoverydemo\client\bin\debug\client.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\saxo\demos\discoverydemo\client\bin\debug\client.exe |
    "TCP Query User{51D4A61D-E485-492B-96A0-5FBDF666C318}C:\developmentor\courses\morgan stanley\wpf\performance\consoleapplication1\consoleapplication1\bin\debug\consoleapplication1.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\morgan stanley\wpf\performance\consoleapplication1\consoleapplication1\bin\debug\consoleapplication1.exe |
    "TCP Query User{5F55D65B-31C1-46D7-A0AE-4FE2A088C536}C:\demos\wcf4demo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\wcf4demo\host\bin\debug\host.exe |
    "TCP Query User{68051F01-BB4B-4E25-9C29-928C51FA1D72}C:\developmentor\courses\wcf\4.0\demos\securityintranetdemo\host\bin\debug\host.vshost.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\wcf\4.0\demos\securityintranetdemo\host\bin\debug\host.vshost.exe |
    "TCP Query User{73DF2ABB-53BA-4B14-8F6F-46CF8AF90F17}C:\demos\wcfmanualdemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\wcfmanualdemo\host\bin\debug\host.exe |
    "TCP Query User{7F13D4AE-BDEB-4EC1-BBEC-DC08518A4EBC}C:\demos\wcfmutualauthcertificatedemo\wcfmutualauthcertificatedemo\bin\debug\wcfmutualauthcertificatedemo.exe" = protocol=6 | dir=in | app=c:\demos\wcfmutualauthcertificatedemo\wcfmutualauthcertificatedemo\bin\debug\wcfmutualauthcertificatedemo.exe |
    "TCP Query User{8B968E60-78EA-4853-BAC0-541F7BE85764}C:\users\sumida\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe" = protocol=6 | dir=in | app=c:\users\sumida\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe |
    "TCP Query User{8BAC6107-21F4-44AB-85E0-7E92DEF9F0F0}C:\developmentor\courses\wcf\4.0\demos\securityintranetdemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\wcf\4.0\demos\securityintranetdemo\host\bin\debug\host.exe |
    "TCP Query User{8E22E4A5-0950-4265-A681-29EDE539ED6A}C:\demos\wcfarchitectureautodemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\wcfarchitectureautodemo\host\bin\debug\host.exe |
    "TCP Query User{944F79F3-05C9-4B47-AF9C-BFFFE7C1CFA0}C:\demos\wcfautoarchitecturedemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\wcfautoarchitecturedemo\host\bin\debug\host.exe |
    "TCP Query User{956FECE7-AC45-497F-AAC1-4C33717B134E}C:\developmentor\courses\wcf\4.0\demos\architecturesemimanualdemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\wcf\4.0\demos\architecturesemimanualdemo\host\bin\debug\host.exe |
    "TCP Query User{964CF698-376A-40EB-9952-7B5D06FC26D6}C:\demos\discoverydemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\discoverydemo\host\bin\debug\host.exe |
    "TCP Query User{97DDBD2B-172F-4569-AB6F-A45737CE2F06}C:\developmentor\courses\wcf\4.0\demos\securityrolesdemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\wcf\4.0\demos\securityrolesdemo\host\bin\debug\host.exe |
    "TCP Query User{B2168FD9-A581-4CF0-B7DA-DAAD4C83FEFA}C:\demos\wcfautomateddemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\wcfautomateddemo\host\bin\debug\host.exe |
    "TCP Query User{B3ABF02C-FFF0-427F-9676-3284DC403B31}C:\demos\architecturedemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\architecturedemo\host\bin\debug\host.exe |
    "TCP Query User{B4A7D483-3ED3-4289-9DD0-B92488FC5D83}C:\demos\wcfmultiendpointdemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\wcfmultiendpointdemo\host\bin\debug\host.exe |
    "TCP Query User{BD62775A-6D15-4BE8-9E4A-6B7EF5F5A9D3}C:\developmentor\courses\saxo\demos\discoverydemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\saxo\demos\discoverydemo\host\bin\debug\host.exe |
    "TCP Query User{BE1BE4C9-E197-457A-B26D-7C6147A68E28}C:\developmentor\courses\wcf\4.0\labs_wcf4\labs\06 async\lab\before\asyncpetshop\inventoryservice\bin\debug\inventoryservice.vshost.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\wcf\4.0\labs_wcf4\labs\06 async\lab\before\asyncpetshop\inventoryservice\bin\debug\inventoryservice.vshost.exe |
    "TCP Query User{BE366912-EE4F-4026-978E-CAC7D571FBB0}C:\demos\wcfsimplifieddemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\wcfsimplifieddemo\host\bin\debug\host.exe |
    "TCP Query User{C69972E2-5E7E-4D4C-A42B-FCC7AC41DAF7}C:\demos\wcfautointrodemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\wcfautointrodemo\host\bin\debug\host.exe |
    "TCP Query User{CE731FAC-D817-4624-A27B-C88EE83C124B}C:\demos\securitybasicdemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\securitybasicdemo\host\bin\debug\host.exe |
    "TCP Query User{D318AE10-D5A9-49E2-B27F-72AAAE3D49E4}C:\demos\architecturecompletelymanualdemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\architecturecompletelymanualdemo\host\bin\debug\host.exe |
    "TCP Query User{D365EA5B-BBA8-46FB-BA99-3AA9920272D7}C:\developmentor\courses\morgan stanley\aspnet\labs\cs\work\tools\tcptrace.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\morgan stanley\aspnet\labs\cs\work\tools\tcptrace.exe |
    "TCP Query User{D6E6AD58-FA1D-4750-88FD-64077AC3E245}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
    "TCP Query User{DA6A8F62-A085-4F57-B073-921FF26B57E0}C:\developmentor\courses\wcf\msdn samples\wf_wcf_samples\wcf\basic\routingservices\advancedfilters\cs\calculatorservice\bin\service.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\wcf\msdn samples\wf_wcf_samples\wcf\basic\routingservices\advancedfilters\cs\calculatorservice\bin\service.exe |
    "TCP Query User{E5D5EC66-6B95-4C34-9E19-EB3C98980CF8}C:\demos\securitytest\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\securitytest\host\bin\debug\host.exe |
    "TCP Query User{F264DFB8-B2EC-45E4-8022-C4C3DCA18598}C:\demos\securityusernameauthenticationdemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\securityusernameauthenticationdemo\host\bin\debug\host.exe |
    "UDP Query User{03C4F51A-D7A7-4036-A599-1FEB7D0329AE}C:\demos\host\client\bin\debug\client.exe" = protocol=17 | dir=in | app=c:\demos\host\client\bin\debug\client.exe |
    "UDP Query User{196EEEC4-86B9-4BC5-8E0B-BAA63F7B0B04}C:\demos\wcfautomateddemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\wcfautomateddemo\host\bin\debug\host.exe |
    "UDP Query User{1B868F1B-8BC8-453A-B449-B99804BDD367}C:\demos\wcfsimplifieddemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\wcfsimplifieddemo\host\bin\debug\host.exe |
    "UDP Query User{1FF8B840-BDC9-4D48-9F11-9E4EC087E218}C:\demos\securitytest\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\securitytest\host\bin\debug\host.exe |
    "UDP Query User{295F5CDE-E07A-442D-9057-B748ACCC4844}C:\demos\architecturedemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\architecturedemo\host\bin\debug\host.exe |
    "UDP Query User{33D58887-D220-45CF-8C15-440131A2999B}C:\demos\discoverydemo\client\bin\debug\client.exe" = protocol=17 | dir=in | app=c:\demos\discoverydemo\client\bin\debug\client.exe |
    "UDP Query User{34427C29-29C3-41AB-B35E-99B29E64FAEA}C:\users\sumida\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe" = protocol=17 | dir=in | app=c:\users\sumida\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe |
    "UDP Query User{3550CF91-BB61-4F2D-B15A-F5E33B7EA867}C:\developmentor\courses\morgan stanley\aspnet\labs\cs\work\tools\tcptrace.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\morgan stanley\aspnet\labs\cs\work\tools\tcptrace.exe |
    "UDP Query User{38555970-DE52-4BD4-9184-53BCF4E1B278}C:\demos\wcfarchitectureautodemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\wcfarchitectureautodemo\host\bin\debug\host.exe |
    "UDP Query User{3A43C06F-F3E2-40CD-90F3-B2CCA7402A5D}C:\developmentor\courses\wcf\4.0\demos\securityrolesdemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\wcf\4.0\demos\securityrolesdemo\host\bin\debug\host.exe |
    "UDP Query User{4655AEB1-DA91-4848-987B-FA2F45928C1B}C:\developmentor\courses\saxo\demos\discoverydemo\client\bin\debug\client.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\saxo\demos\discoverydemo\client\bin\debug\client.exe |
    "UDP Query User{4C939964-7B20-4A98-AC23-B55F25B7F7BB}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe |
    "UDP Query User{4EE4C2A1-8DD9-404B-9435-197BA1F5D2F4}C:\demos\wcfautoarchitecturedemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\wcfautoarchitecturedemo\host\bin\debug\host.exe |
    "UDP Query User{56BB2550-FD0C-4894-9B3B-D01232C71C14}C:\users\sumida\appdata\local\temp\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\sumida\appdata\local\temp\lmir0001.tmp\lmi_rescue.exe |
    "UDP Query User{56FC0893-B133-44EF-97A7-E9E8830381EA}C:\developmentor\courses\wcf\4.0\demos\securityintranetdemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\wcf\4.0\demos\securityintranetdemo\host\bin\debug\host.exe |
    "UDP Query User{5B7507E7-BDDA-42B1-99C9-11471CEA7173}C:\developmentor\courses\wcf\4.0\demos\securitydemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\wcf\4.0\demos\securitydemo\host\bin\debug\host.exe |
    "UDP Query User{652606ED-7F9B-445A-B35E-E7FA179C6538}C:\demos\host\discoverydemo\bin\debug\discoverydemo.exe" = protocol=17 | dir=in | app=c:\demos\host\discoverydemo\bin\debug\discoverydemo.exe |
    "UDP Query User{73067CCB-AC78-4CCF-B9DE-4E8FA9A07D1E}C:\demos\discoverydemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\discoverydemo\host\bin\debug\host.exe |
    "UDP Query User{772D5FFA-4E0E-4810-B6D1-7D150A41A560}C:\demos\wcf4demo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\wcf4demo\host\bin\debug\host.exe |
    "UDP Query User{802D545D-3F19-45B5-A7A3-4789BA651A64}C:\demos\wcfmutualauthcertificatedemo\wcfmutualauthcertificatedemo\bin\debug\wcfmutualauthcertificatedemo.exe" = protocol=17 | dir=in | app=c:\demos\wcfmutualauthcertificatedemo\wcfmutualauthcertificatedemo\bin\debug\wcfmutualauthcertificatedemo.exe |
    "UDP Query User{87053003-0022-4CC2-AE17-31152FB921DE}C:\demos\architecturedemo\host\bin\debug\host.vshost.exe" = protocol=17 | dir=in | app=c:\demos\architecturedemo\host\bin\debug\host.vshost.exe |
    "UDP Query User{878EFC0B-316C-4857-9DB8-F4ADB2AB74C9}C:\demos\wcfmanualdemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\wcfmanualdemo\host\bin\debug\host.exe |
    "UDP Query User{8DA5C382-0ED0-41B8-A62B-865BF9B54930}C:\developmentor\courses\wcf\msdn samples\wf_wcf_samples\wcf\basic\routingservices\advancedfilters\cs\calculatorservice\bin\service.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\wcf\msdn samples\wf_wcf_samples\wcf\basic\routingservices\advancedfilters\cs\calculatorservice\bin\service.exe |
    "UDP Query User{99600F7A-61D7-4592-880B-C14718E945B6}C:\developmentor\courses\wcf\msdn samples\wf_wcf_samples\wcf\basic\routingservices\advancedfilters\cs\roundingcalcservice\bin\service.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\wcf\msdn samples\wf_wcf_samples\wcf\basic\routingservices\advancedfilters\cs\roundingcalcservice\bin\service.exe |
    "UDP Query User{A45D6870-AC68-4F62-BCF6-DC1648E0D0FA}C:\demos\securityusernameauthenticationdemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\securityusernameauthenticationdemo\host\bin\debug\host.exe |
    "UDP Query User{C05F778E-CBEC-4522-B3CC-38C2D40B0B79}C:\developmentor\courses\wcf\4.0\labs_wcf4\labs\06 async\lab\before\asyncpetshop\accountingservice\bin\debug\accountingservice.vshost.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\wcf\4.0\labs_wcf4\labs\06 async\lab\before\asyncpetshop\accountingservice\bin\debug\accountingservice.vshost.exe |
    "UDP Query User{D11251B2-5ACF-406F-A36F-2088A9D98E1F}C:\developmentor\courses\wcf\4.0\demos\architecturesemimanualdemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\wcf\4.0\demos\architecturesemimanualdemo\host\bin\debug\host.exe |
    "UDP Query User{D17C593A-6007-4DA9-9E03-6664A44D8E3B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
    "UDP Query User{D416176D-6B79-4B27-8813-BD2E7ABC0CA3}C:\demos\wcfautointrodemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\wcfautointrodemo\host\bin\debug\host.exe |
    "UDP Query User{DE659BF4-46E5-4AD1-B689-2C229CF314BF}C:\developmentor\courses\wcf\4.0\labs_wcf4\labs\06 async\lab\before\asyncpetshop\inventoryservice\bin\debug\inventoryservice.vshost.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\wcf\4.0\labs_wcf4\labs\06 async\lab\before\asyncpetshop\inventoryservice\bin\debug\inventoryservice.vshost.exe |
    "UDP Query User{E8568EB6-E5B7-4D38-97E7-EDC85BAFAC97}C:\demos\securitybasicdemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\securitybasicdemo\host\bin\debug\host.exe |
    "UDP Query User{E8C82CED-74CC-425E-8829-B896EF794336}C:\demos\architecturecompletelymanualdemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\architecturecompletelymanualdemo\host\bin\debug\host.exe |
    "UDP Query User{E99F443C-4368-4F0B-9A82-8EC53D518973}C:\developmentor\courses\saxo\demos\discoverydemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\saxo\demos\discoverydemo\host\bin\debug\host.exe |
    "UDP Query User{ED7FCDB9-ABF5-472D-B9B5-1C2CA7529259}C:\demos\wcfmultiendpointdemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\wcfmultiendpointdemo\host\bin\debug\host.exe |
    "UDP Query User{EE0EA7A5-CA16-47C3-A501-250D0C31A8CA}C:\developmentor\courses\morgan stanley\wpf\performance\consoleapplication1\consoleapplication1\bin\debug\consoleapplication1.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\morgan stanley\wpf\performance\consoleapplication1\consoleapplication1\bin\debug\consoleapplication1.exe |
    "UDP Query User{F2D88E8B-4C9F-4295-9CA3-D8EA58D53254}C:\developmentor\courses\wcf\4.0\demos\securityintranetdemo\host\bin\debug\host.vshost.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\wcf\4.0\demos\securityintranetdemo\host\bin\debug\host.vshost.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0028A6EE-4945-4233-8024-80A546F56A5C}" = JetBrains dotTrace 3.1
    "{01078B88-2981-4F75-96B0-8B22E2D2DE03}" = Microsoft SQL Server 2008 R2 Setup (English)
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
    "{053ACA98-6B07-4DD0-9DB3-F51E3EB1780C}" = Lenovo Patch Utility 64 bit
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{183C740A-0406-380F-A235-2EC2F8A28D13}" = Microsoft Windows SDK MSHelp (30514)
    "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
    "{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 SP1 Common Files
    "{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
    "{2D2601B6-157F-4F88-B66B-B52DB21EAB2D}" = SQL Server 2008 R2 SP1 Client Tools
    "{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
    "{32F9B623-BDF7-18AC-80F1-32E9B0E25F3A}" = ccc-utility64
    "{33B61F14-BE7E-306E-85E9-D0B8CA7162D0}" = Microsoft Visual C++ 11 x64 Additional Runtime - 11.0.40825
    "{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 SP1 Common Files
    "{39960E10-3FF7-46BB-A92D-8076C67ABF60}" = Microsoft Web Platform Installer 4.0
    "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
    "{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 SP1 Management Studio
    "{5318020E-E32C-4A33-BC8D-EEF5CC2F6CA1}" = SQL Server 2008 R2 SP1 Database Engine Services
    "{5D1ED7AA-DF83-40E4-B6D1-2455A4A97E9E}" = Microsoft Lync Web App Plug-in
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
    "{68570626-1BF6-310B-AF69-6CD686C04AEA}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
    "{6C8D7973-31F9-32E1-A820-8DD857910323}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
    "{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 SP1 Management Studio
    "{8125F749-B244-4F7B-811E-532165C5F2D5}" = Microsoft SQL Server 2008 RsFx Driver
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{83970716-909C-4FBC-9CF5-AD842758BBA0}" = Mobile Broadband drivers
    "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    "{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
    "{84E30D73-E30F-3A02-BAA0-5353C04DD18A}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
    "{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
    "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
    "{89026002-A893-42D9-9E20-6829B844735E}" = Application Verifier (x64)
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{951E6223-AC28-345E-BCF4-B55C1267E321}" = Microsoft Windows SDK for Windows 7 Samples (30514)
    "{9B0EAC89-4331-A96E-C7D3-754192589BEE}" = ATI Catalyst Install Manager
    "{9C5CABF2-B1F7-41ED-A86C-CE2F35B2C330}" = Debug Diagnostics 1.2
    "{9C9F93A3-7E30-439C-8BD8-78FF9D4BCAE9}" = Windows Azure SDK
    "{9D44E05A-1163-3CA9-B1C8-BE383D844FFA}" = Microsoft Visual C++ 11 x64 Debug Runtime - 11.0.40825
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
    "{9FFAE13C-6160-4DD0-A67A-DAC5994F81BD}" = SQL Server 2008 R2 SP1 Database Engine Services
    "{A0B0F02C-410B-3DE3-9740-EC4C3D902532}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
    "{A2057AF3-1C3B-3DC5-8C6B-56013B5299B4}" = Microsoft Visual C++ 11 x64 Minimum Runtime - 11.0.40825
    "{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 SP1 Database Engine Shared
    "{A2C55034-8DAF-3755-BA85-CC321707FE99}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{B5FE23CC-0151-4595-84C3-F1DE6F44FE9B}" = SQL Server 2008 R2 SP1 Client Tools
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B7D0C3BC-CB39-3CA1-9295-A23A93994893}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514)
    "{C0C690C8-F335-4BA4-A2AD-675EAD1DFA90}" = Microsoft SQL Server 2008 Setup Support Files
    "{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 SP1 Database Engine Shared
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel(R) PROSet/Wireless WiFi Software
    "{D8C23BDE-4748-44D9-A9DD-8AB64EB18BE3}" = Microsoft SQL Server 2008 R2 RsFx Driver
    "{DAA29C01-25EF-34A8-9ABC-2E69B6C97948}" = Microsoft Visual C++ Compilers 2010 SP1 Standard - x64
    "{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
    "{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
    "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
    "{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
    "{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{EB675D0A-2C95-405B-BEE8-B42A65D23E11}" = IIS URL Rewrite Module 2
    "{F1C4B89A-8BF0-3D7C-8095-BAE412FBEA3F}" = Microsoft Windows SDK .NET Framework Tools (30514)
    "{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
    "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 SP1 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 SP1 Database Engine Services
    "3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
    "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    "6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
    "ATI Uninstaller" = ATI Uninstaller
    "CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
    "CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
    "DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
    "HECI" = Intel(R) Management Engine Interface
    "LENOVO.SMIIF" = Lenovo System Interface Driver
    "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
    "MESOL" = Intel® Active Management Technology
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
    "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "OnScreenDisplay" = On Screen Display
    "PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
    "Power Management Driver" = Lenovo Power Management Driver
    "ProInst" = Intel PROSet Wireless
    "PROSet" = Intel(R) Network Connections Drivers
    "SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
    "SynTPDeinstKey" = ThinkPad UltraNav Driver
    "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
    "Windows Azure SDK" = Windows Azure SDK

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01B7254A-7A79-4E78-AFFD-9BE18000AB0E}" = Microsoft Reactive Extensions SDK v2.0
    "{037a3c70-cc6a-4ae2-aa0e-70eb68ea81d5}" = Microsoft ASP.NET MVC 4
    "{04ECD674-1A5E-4318-9FD4-DE872C07DAAF}" = Microsoft ASP.NET Visual Studio 2010 Uninstall Finalizer
    "{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{06A8F063-C727-95AA-F10B-CD8E6B23ED16}" = CCC Help Italian
    "{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4
    "{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4
    "{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{0A7DD94B-B746-4FB0-8688-8598C22793A0}" = TurboTax 2013 WinPerFedFormset
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BD0F49E-C5B3-4FE0-A792-DCD61AEE93CF}" = Windows Identity Foundation SDK 4.0
    "{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
    "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1A7C2340-D1AC-4742-BCFF-1EA6CADFDC8B}" = Microsoft Windows Debugging Symbols
    "{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
    "{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
    "{1E59C4B4-91D5-3BBE-9FF5-69E28EB3D50B}" = Microsoft Visual C++ 11 x86 Additional Runtime - 11.0.40825
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{22B4F250-F40C-4E59-9800-E4AE88C35CFC}" = Microsoft NuGet for Visual Studio 2010
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{236E341D-275F-30BC-8F80-63C7FC854727}" = Microsoft Visual C++ Compilers 2010 SP1 Standard - x86
    "{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
    "{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
    "{2647DF9D-801D-4186-9F14-C6FBC527F185}" = Microsoft Code Contracts (devlabs_TS) 1.5.60911.10 for .NET
    "{27B6D024-FD7E-4A88-BC17-5AFBE33EC072}" = Microsoft F# Runtime for Silverlight 4
    "{2898B91C-B75B-2EC5-4D4C-DD6C286F9485}" = Catalyst Control Center InstallProxy
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2A4EEB5C-3BA6-4299-A87F-783861B567D9}" = TurboTax 2013 WinPerReleaseEngine
    "{2C164906-E68F-462A-9010-70DD022223EF}" = RemoteCapture Task 1.0.2
    "{2C4FD7D3-6F3A-45C2-AAAD-929B40346E3F}" = Catalyst Control Center - Branding
    "{2DDCCEA5-2AA4-4ABB-BCAD-41BB115A4333}" = Microsoft Silverlight 4 Toolkit April 2010
    "{358C44FD-6943-4CDD-B947-7F7C4ADC8A8F}" = TurboTax 2013 WinPerTaxSupport
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype&#8482; 6.9
    "{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{54D44AD1-A083-48B9-BD6F-AFD517B7C775}" = Aventail Webifiers
    "{5506986E-3173-E510-82BB-033C18299878}" = Catalyst Control Center Graphics Previews Vista
    "{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight Tools for Visual Studio 2010
    "{5626FEDC-04D2-E67D-8261-3C6E7637A923}" = CCC Help German
    "{563BBE0C-35F3-B1FF-1AD9-A5426CDEB388}" = CCC Help Korean
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.64.02
    "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    "{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
    "{606EB5EB-AADF-4E21-B715-1CAD291181D6}" = TurboTax 2013 wrapper
    "{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
    "{66F6BD4B-4C2C-B10C-B3D4-7A311EC4FC1C}" = Catalyst Control Center Localization All
    "{6742BE3D-1A59-3BFD-BA20-2FDA866099B8}" = Microsoft Visual Studio 2010 Premium - ENU
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A1F4E2C-D10A-411B-A95C-EC6D38066DA7}" = WCF RIA Services V1.0 SP2
    "{6B85D446-9E14-4309-BC3E-8E0940827BD3}" = TurboTax 2013 wcaiper
    "{6BEB24FD-FF53-3132-B9A8-ED19455FEE29}" = Microsoft Visual C++ 11 x86 Debug Runtime - 11.0.40825
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{6D46B934-2ACE-DC9A-800B-C1831ED0FF85}" = CCC Help English
    "{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}" = ThinkVantage GPS
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
    "{73ED3EA3-F96F-D098-7EE4-146FBD30113E}" = PX Profile Update
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
    "{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{7DA16880-5718-E907-9A9F-EA8F5CBC51DA}" = CCC Help French
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
    "{8644B2F3-2A95-4CD9-B116-BD5872239161}" = Microsoft ASP.NET Visual Studio 2010 Finalizer
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
    "{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
    "{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
    "{8A4DB1CA-8206-4ADC-805C-66ACF1611DA3}" = System Migration Assistant
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
    "{8EF41729-FF5A-4D34-B650-1926026B1E43}" = Google Apps Migration For Microsoft® Exchange 2.3.1010.507
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91F4AE26-4989-D770-A6BB-B50EB5BC938D}" = CCC Help Chinese Traditional
    "{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9518F764-C54D-47B2-9E73-154B21E79FD2}" = RAW Image Task 1.0
    "{96FEADCE-241A-4CD6-ABF0-68610E4065AC}" = Microsoft ADO.NET Entity Framework 4.1
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B0B46B3-10DF-4ADA-9501-0129D784563D}" = Aventail Web Proxy Agent
    "{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4
    "{a3c0442e-f8f7-4089-ac77-1e0c50901f63}" = Microsoft Visual Studio 11 Developer Preview
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A6085E33-3DC7-1B94-C717-6B9D6686F183}" = CCC Help Chinese Standard
    "{A879B90E-B62C-4DA4-9C3F-79A1A6CFAAF9}" = Microsoft ASP.NET Web Pages - Visual Studio 2010 Tools
    "{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{ABB6AC00-F1D8-4EBF-8128-830D090B76C0}" = Microsoft SQL Server 2000 Sample Database Scripts
    "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{ACE984AB-A42F-409B-A295-4190F0079101}" = Windows Azure Tools for Microsoft Visual Studio 2010 1.3
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B48A80EE-FC2B-4FB4-A2FB-EAA55CAFD12B}" = Microsoft Unity Application Block 2.0
    "{B76F96EF-ECD0-46FB-B018-3A129E34EE9B}" = Gobi API SDK Installer
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{B984DAB1-E43D-4D42-AC5F-990E83685FE3}" = Microsoft Reactive Extensions SDK v1.0.10621 SP1
    "{B9B9863A-32FD-4133-ADB7-46244ED77694}" = Camera Support Core Library
    "{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    "{BD8F867A-0ACB-427D-A4F2-9AEE29FBF98B}" = PocketCloud Windows Companion
    "{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
    "{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec
    "{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
    "{C5E123DB-01CE-480E-8D0E-6A39F4FF5AE3}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2010 Tools
    "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
    "{C6FB6B4A-1378-4CD3-9CD3-42BA69FCBD43}" = Lenovo Patch Utility
    "{C85DF163-6DB3-2A03-5E8E-2B059AAA4882}" = CCC Help Dutch
    "{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
    "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
    "{cb29be6c-39c4-493e-9da7-d585d5353714}" = Microsoft ASP.NET Web Pages 2
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF36D287-4610-69E4-A69A-9EF2BFEDB258}" = CCC Help Portuguese
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D06ED80F-D5CC-4095-A426-FE272A2ED6D7}" = Microsoft ASP.NET MVC 4 - Visual Studio 2010 Tools
    "{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
    "{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D734A52D-624E-428E-8DE6-B2665E3621CC}" = Microsoft Windows Debugging Symbols
    "{D82A4DB6-D773-4BE7-8D98-5BF6F588DF7E}" = Snoop
    "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Power Manager
    "{DB042BA1-BD6A-9E4A-C5ED-2CC523D92C7D}" = CCC Help Swedish
    "{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
    "{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    "{DF3FBAA8-A959-72A0-8530-D715855137E1}" = CCC Help Japanese
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK
    "{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
    "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
    "{EA63C5C1-EBBC-477C-9CC7-41454DDFAFF2}" = Microsoft ASP.NET Web Pages 2 Runtime
    "{EA710A0A-BF5D-433C-8EB5-D17DC54CC298}" = Microsoft Office Live Meeting 2007
    "{EA9640BE-414E-4195-B53B-7905BF1A5A09}" = Mobile Broadband Drivers
    "{EB325412-D54D-B320-7D77-D4B4A6B9F276}" = ccc-core-static
    "{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
    "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
    "{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
    "{EFB4E818-8A4D-B230-6D41-213D48A2C7B3}" = CCC Help Spanish
    "{EFD2807A-C66B-4C13-8FB8-42FCA6DEF171}" = TurboTax 2012 wcaiper
    "{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
    "{FC909837-27D0-4FB4-8653-00F63EB70D74}" = Microsoft ASP.NET MVC 3 - Visual Studio 2010 Tools Update
    "{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
    "Blend_4.0.20525.0" = Microsoft Expression Blend 4
    "Canon MOV Decoder" = Canon MOV Decoder
    "Canon MOV Encoder" = Canon MOV Encoder
    "Design_7.0.20516.0" = Microsoft Expression Design 4
    "Encoder_4.0.1639.0" = Microsoft Expression Encoder 4
    "EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
    "ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4
    "Fiddler2" = Fiddler2
    "Google Chrome" = Google Chrome
    "h3viewerXX_is1" = H3Viewer by http://www.Helpware.net
    "InstallShield_{2C164906-E68F-462A-9010-70DD022223EF}" = Canon RemoteCapture Task for ZoomBrowser EX
    "InstallShield_{9518F764-C54D-47B2-9E73-154B21E79FD2}" = Canon RAW Image Task for ZoomBrowser EX
    "InstallShield_{B9B9863A-32FD-4133-ADB7-46244ED77694}" = Canon Camera Support Core Library
    "InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
    "Microsoft Visual Studio 2010 Premium - ENU" = Microsoft Visual Studio 2010 Premium - ENU
    "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "Product Key Finder_is1" = davehope.co.uk Product Key Finder
    "ProInst" = Intel PROSet Wireless
    "TurboTax 2010" = TurboTax 2010
    "TurboTax 2011" = TurboTax 2011
    "TurboTax 2012" = TurboTax 2012
    "TurboTax 2013" = TurboTax 2013
    "WinLiveSuite" = Windows Live Essentials
    "winscp3_is1" = WinSCP 4.3.5
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3138307283-1882095833-4123552314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
    "66e39a473d3db7d3" = DevelopMentor Campfire Viewer v2
    "d64d2e6a8796ff9c" = XBAPDemo
    "GoToMeeting" = GoToMeeting 6.0.0.1259

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 3/19/2014 12:53:37 AM | Computer Name = sumida-PC | Source = PC-Doctor | ID = 1
    Description = (5016) Asapi: (21:53:37:9640)(5016) libTonopahClient.DownloadManager
    - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
    failed with error: 317

    Error - 3/19/2014 12:53:39 AM | Computer Name = sumida-PC | Source = PC-Doctor | ID = 1
    Description = (5016) Asapi: (21:53:39:4410)(5016) libTonopahClient.DownloadManager
    - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
    failed with error: 317

    Error - 3/19/2014 2:00:08 PM | Computer Name = sumida-PC | Source = PC-Doctor | ID = 1
    Description = (1096) Asapi: (11:00:08:4460)(1096) libTonopahClient.DownloadManager
    - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
    failed with error: 317

    Error - 3/19/2014 2:00:08 PM | Computer Name = sumida-PC | Source = PC-Doctor | ID = 1
    Description = (1096) Asapi: (11:00:08:7730)(1096) libTonopahClient.DownloadManager
    - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
    failed with error: 317

    Error - 3/20/2014 4:23:57 PM | Computer Name = sumida-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 10.0.9200.16843 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1a18 Start
    Time: 01cf447a34d9b673 Termination Time: 5 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id: 8b7f5a09-b06d-11e3-b052-002556ce7a4f

    Error - 3/21/2014 4:18:48 AM | Computer Name = sumida-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Users\sumida\Downloads\SoftonicDownloader_for_hjsplit.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error - 3/21/2014 1:32:05 PM | Computer Name = sumida-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Users\sumida\Downloads\SoftonicDownloader_for_hjsplit.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error - 3/21/2014 2:00:11 PM | Computer Name = sumida-PC | Source = PC-Doctor | ID = 1
    Description = (3892) Asapi: (11:00:11:8990)(3892) libTonopahClient.DownloadManager
    - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
    failed with error: 317

    Error - 3/21/2014 2:00:13 PM | Computer Name = sumida-PC | Source = PC-Doctor | ID = 1
    Description = (3892) Asapi: (11:00:13:3440)(3892) libTonopahClient.DownloadManager
    - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
    failed with error: 317

    Error - 3/21/2014 2:01:02 PM | Computer Name = sumida-PC | Source = PC-Doctor | ID = 1
    Description = (3892) Asapi: (11:01:02:7820)(3892) S3LogPusherPlugin.Helper - Error
    -- 340 Unable to storage the test log to medium

    Error - 3/22/2014 3:01:24 AM | Computer Name = sumida-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Users\sumida\Downloads\SoftonicDownloader_for_hjsplit.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    [ Lenovo-Message Center Plus/Admin Events ]
    Error - 10/5/2012 7:14:25 PM | Computer Name = sumida-PC | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = The remote server returned an error: (503) Server Unavailable. ->
    Exception message: The remote server returned an error: (503) Server Unavailable.

    Error - 10/6/2012 2:12:04 AM | Computer Name = sumida-PC | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = The remote server returned an error: (503) Server Unavailable. ->
    Exception message: The remote server returned an error: (503) Server Unavailable.

    Error - 10/14/2012 11:58:15 PM | Computer Name = sumida-PC | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
    does not have a Lenovo Digital Signature. The file will be deleted

    Error - 11/2/2012 10:40:15 PM | Computer Name = sumida-PC | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
    does not have a Lenovo Digital Signature. The file will be deleted

    Error - 1/17/2013 11:52:43 PM | Computer Name = sumida-PC | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
    does not have a Lenovo Digital Signature. The file will be deleted

    Error - 4/10/2013 6:40:15 PM | Computer Name = sumida-PC | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = The remote server returned an error: (503) Server Unavailable. ->
    Exception message: The remote server returned an error: (503) Server Unavailable.

    Error - 5/6/2013 12:17:14 AM | Computer Name = sumida-PC | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
    does not have a Lenovo Digital Signature. The file will be deleted

    Error - 12/15/2013 11:50:55 PM | Computer Name = sumida-PC | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
    does not have a Lenovo Digital Signature. The file will be deleted

    Error - 2/26/2014 12:50:17 AM | Computer Name = sumida-PC | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
    does not have a Lenovo Digital Signature. The file will be deleted

    Error - 3/11/2014 1:27:36 PM | Computer Name = sumida-PC | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
    does not have a Lenovo Digital Signature. The file will be deleted

    [ Media Center Events ]
    Error - 12/30/2013 2:50:29 PM | Computer Name = sumida-PC | Source = MCUpdate | ID = 0
    Description = 10:50:28 AM - Error connecting to the internet. 10:50:28 AM - Unable
    to contact server..

    Error - 12/30/2013 3:51:10 PM | Computer Name = sumida-PC | Source = MCUpdate | ID = 0
    Description = 11:51:10 AM - Error connecting to the internet. 11:51:10 AM - Unable
    to contact server..

    Error - 12/30/2013 3:51:22 PM | Computer Name = sumida-PC | Source = MCUpdate | ID = 0
    Description = 11:51:21 AM - Error connecting to the internet. 11:51:21 AM - Unable
    to contact server..

    Error - 12/31/2013 5:31:49 AM | Computer Name = sumida-PC | Source = MCUpdate | ID = 0
    Description = 1:31:48 AM - Error connecting to the internet. 1:31:49 AM - Unable
    to contact server..

    Error - 12/31/2013 5:32:15 AM | Computer Name = sumida-PC | Source = MCUpdate | ID = 0
    Description = 1:31:55 AM - Error connecting to the internet. 1:31:55 AM - Unable
    to contact server..

    Error - 1/2/2014 1:50:39 PM | Computer Name = sumida-PC | Source = MCUpdate | ID = 0
    Description = 9:50:39 AM - Error connecting to the internet. 9:50:39 AM - Unable
    to contact server..

    Error - 1/2/2014 1:50:55 PM | Computer Name = sumida-PC | Source = MCUpdate | ID = 0
    Description = 9:50:45 AM - Error connecting to the internet. 9:50:45 AM - Unable
    to contact server..

    Error - 3/1/2014 1:53:56 AM | Computer Name = sumida-PC | Source = MCUpdate | ID = 0
    Description = 9:53:39 PM - Failed to retrieve SportsSchedule (Error: Unable to connect
    to the remote server)

    Error - 3/6/2014 1:02:52 PM | Computer Name = sumida-PC | Source = MCUpdate | ID = 0
    Description = 9:02:52 AM - Error connecting to the internet. 9:02:52 AM - Unable
    to contact server..

    Error - 3/6/2014 1:03:10 PM | Computer Name = sumida-PC | Source = MCUpdate | ID = 0
    Description = 9:02:59 AM - Error connecting to the internet. 9:02:59 AM - Unable
    to contact server..

    [ Setup Events ]
    Error - 11/22/2010 2:08:19 AM | Computer Name = sumida-PC | Source = Microsoft-Windows-WUSA | ID = 3
    Description =

    Error - 5/28/2011 11:26:22 AM | Computer Name = sumida-PC | Source = Microsoft-Windows-WUSA | ID = 3
    Description =

    Error - 8/23/2011 4:52:13 AM | Computer Name = sumida-PC | Source = Microsoft-Windows-WUSA | ID = 3
    Description =

    Error - 8/23/2011 5:07:45 AM | Computer Name = sumida-PC | Source = Microsoft-Windows-WUSA | ID = 3
    Description =

    Error - 8/23/2011 6:23:22 PM | Computer Name = sumida-PC | Source = Microsoft-Windows-WUSA | ID = 3
    Description =

    Error - 8/23/2011 6:23:29 PM | Computer Name = sumida-PC | Source = Microsoft-Windows-WUSA | ID = 3
    Description =

    Error - 8/23/2011 6:30:34 PM | Computer Name = sumida-PC | Source = Microsoft-Windows-WUSA | ID = 3
    Description =

    Error - 8/23/2011 6:33:35 PM | Computer Name = sumida-PC | Source = Microsoft-Windows-WUSA | ID = 3
    Description =

    Error - 11/10/2011 8:34:03 PM | Computer Name = sumida-PC | Source = Microsoft-Windows-WUSA | ID = 3
    Description =

    Error - 3/25/2012 8:15:57 PM | Computer Name = sumida-PC | Source = Microsoft-Windows-WUSA | ID = 3
    Description =

    [ System Events ]
    Error - 3/22/2014 1:45:37 AM | Computer Name = sumida-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

    Source
    Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature
    Type: %%800 Update Type: %%803 User: sumida-PC\sumida Current Engine Version: Previous
    Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name
    or address could not be resolved

    Error - 3/22/2014 1:45:37 AM | Computer Name = sumida-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

    Source
    Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature
    Type: %%801 Update Type: %%803 User: sumida-PC\sumida Current Engine Version: Previous
    Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name
    or address could not be resolved

    Error - 3/22/2014 1:45:37 AM | Computer Name = sumida-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

    Source
    Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature
    Type: %%886 Update Type: %%803 User: sumida-PC\sumida Current Engine Version: Previous
    Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name
    or address could not be resolved

    Error - 3/22/2014 1:45:40 AM | Computer Name = sumida-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%852

    Source
    Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

    Current
    Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description:
    An unexpected problem occurred while checking for updates. For information on installing
    or troubleshooting updates, see Help and Support.

    Error - 3/22/2014 3:08:57 AM | Computer Name = sumida-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 3/22/2014 10:28:55 PM | Computer Name = sumida-PC | Source = Service Control Manager | ID = 7023
    Description = The Power service terminated with the following error: %%4203

    Error - 3/22/2014 10:29:55 PM | Computer Name = sumida-PC | Source = Service Control Manager | ID = 7000
    Description = The rimmptsk service failed to start due to the following error: %%1058

    Error - 3/22/2014 10:29:55 PM | Computer Name = sumida-PC | Source = Service Control Manager | ID = 7000
    Description = The rimsptsk service failed to start due to the following error: %%1058

    Error - 3/22/2014 10:29:55 PM | Computer Name = sumida-PC | Source = Service Control Manager | ID = 7000
    Description = The Ricoh xD-Picture Card Driver service failed to start due to the
    following error: %%1058

    Error - 3/22/2014 10:31:45 PM | Computer Name = sumida-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    tcpipBM


    < End of report >
     
  6. rondev

    rondev Thread Starter

    Joined:
    Aug 14, 2005
    Messages:
    29
    Here is the extras.txt file results:

    OTL Extras logfile created on: 3/22/2014 8:27:41 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sumida\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16844)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.90 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 42.26% Memory free
    7.80 Gb Paging File | 4.85 Gb Available in Paging File | 62.26% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 297.99 Gb Total Space | 101.41 Gb Free Space | 34.03% Space Free | Partition Type: NTFS

    Computer Name: SUMIDA-PC | User Name: sumida | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-3138307283-1882095833-4123552314-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{12F6DBAE-43E7-494A-826E-1092D59B310C}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{1B856938-CB8E-4937-8355-B1C0393489DF}" = lport=138 | protocol=17 | dir=in | app=system |
    "{2C817039-3DB2-4C3E-BF46-2996D1A905D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{371AD01A-BE99-4A90-B822-782DEBD252A6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{379CC27A-9528-45DD-9552-CA5D54C6F777}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{37EC0D17-D168-4AD5-8C6A-9550261F8858}" = rport=137 | protocol=17 | dir=out | app=system |
    "{389EDBF2-A5C6-424F-8E00-B6BA0991A47E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{3DBB8675-71C7-46C1-9191-006A769D45AD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3F657E36-683E-407D-A201-F4E366435F28}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
    "{44A8766F-FD37-4E70-82F3-C63C331BD36C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5033641B-90D9-45BE-87ED-7EF5FF38E792}" = lport=3389 | protocol=6 | dir=in | app=system |
    "{650778CD-5702-4558-B8DF-3960A5B7D570}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{7CC3AAB1-095E-4A96-BA9A-1609330F725B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{84C21C0B-526F-49E8-B570-B6624EAAD674}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{98934974-3A22-4580-B9B4-13DF68069DDE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{9939FBC3-08EF-4472-B473-7ACE269ECB91}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{994AB03B-6084-4471-9C55-D67A4B638DBE}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
    "{9EB9938B-2FFC-4090-9E68-F1A1F0BB026A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A9DF7928-0347-4AF7-A74A-18B50C8D67F4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{AA9F8749-2F76-40B9-BBC9-4D8F63BAA873}" = lport=139 | protocol=6 | dir=in | app=system |
    "{AEAFF838-7225-474F-9F1A-15EF4F7E3180}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{B62FAE90-CD5A-4EA1-B999-7BB6C4A40A28}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{BB063D08-4776-4B06-A66D-7C3395485F1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BE130275-1129-44FE-8E84-6C22F7238810}" = lport=137 | protocol=17 | dir=in | app=system |
    "{BE94D35F-E093-4712-967C-9EA267F2AFE1}" = rport=138 | protocol=17 | dir=out | app=system |
    "{C15B8B15-B1B2-47E2-A991-C948B2BD60F7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{C2044358-D091-4432-A737-9516DA342653}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C2FABDDE-DF5F-4C53-B756-652D8B0053DD}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
    "{C45BEE0D-45D3-46C9-A991-4CE8181061BC}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
    "{C5170A1F-3488-4CA7-8F65-3754B9B3107B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{CF8039BC-EF43-489E-8DA0-2BC95E115F7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D08657DD-1C28-4037-8DB2-5763714C0CF8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D300E88C-678B-42E2-9C2C-D47AD7D9606A}" = lport=445 | protocol=6 | dir=in | app=system |
    "{D75AE8C4-5E54-4635-8DD2-8FE8CE8FA5A5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E4BF2618-AD42-4E0E-8B3C-800B1E2365EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{E60E626C-E725-453D-9E91-D66BCD753C8A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{E6701788-4BD1-428B-ABE8-312978DFCC47}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F341CAB6-2F4B-40BE-AA95-67FCC6571E00}" = rport=139 | protocol=6 | dir=out | app=system |
    "{F4809155-B75B-4B8D-89E6-65DD40F34766}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{F8859F94-1C71-411C-A18D-C200C7CC0A51}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{FDB302CE-1D34-4C87-9CCB-EC62A8AC7337}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02333CAA-FCD8-4D1F-BDD4-4E46F71E5DC5}" = protocol=58 | dir=out | [email protected],-503 |
    "{02981FE2-BB12-4C7E-AD11-D6348E3B164D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{0E409915-B667-4508-BFE1-8B56A13CE918}" = protocol=6 | dir=out | app=system |
    "{11360014-8F1D-419B-B92C-D4569A76AB1D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{18BC80F3-A8FE-499D-8AC9-86ED6B69D664}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1E856713-129E-487F-B73B-C6A920D8865E}" = protocol=58 | dir=in | [email protected],-28545 |
    "{20F00540-4D4F-42AF-84C9-228245202583}" = protocol=58 | dir=out | [email protected],-28546 |
    "{25E31A26-241F-4427-B5F2-0FB49F2FBCF5}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{386E3BEB-1E59-44B6-A0B6-2145571CC785}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{38B6C63D-217B-4E49-8E66-FE2B6F356B30}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{39050151-F8EC-4ABC-AB62-BD27464DE908}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{42848174-7570-49F3-9EDA-D7C6022E3B71}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
    "{42ED6E82-3FAD-4B95-8898-7EBD94D81309}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{4D063970-B130-477D-A113-FCDC3F619B3B}" = protocol=1 | dir=out | [email protected],-28544 |
    "{5543A8C5-E31B-49F4-8F40-277011941384}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{55CCBD42-E48A-4E0E-B164-3E89D0B5267A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{5C781CDB-AC51-47F3-B03E-4C9CA295F6CD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{5E820039-DDA7-48D4-83D6-2421B077F3F3}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{61E70072-9038-4D44-A05B-63E92481410E}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{62481D58-E02B-4696-83E2-CE4D36E00A1E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{693EE598-EF0E-47F6-8B74-11D29C2801B3}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud windows companion\pocketcloudservice.exe |
    "{6A650C45-5CA9-45AF-8647-4BE82498FA19}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{73FC4ABD-8D03-440F-A6E6-AB38496FA85E}" = protocol=58 | dir=in | app=system |
    "{74947540-FFE1-4430-B206-50131AC7A83D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{9196DBA6-34BE-4027-9D68-BBBD3DE388E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9E17C196-92B3-4CE7-BD9C-0A18AE1F0D9B}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{A52B391E-A50F-414B-910C-FE34284547C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{AADDBB3F-898B-4D96-A963-1FF7C7C1A63A}" = protocol=1 | dir=in | [email protected],-28543 |
    "{AC5E16DA-0B6D-4F39-B736-65ABBBFB731B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{BDE2CBC8-3768-48F2-98C2-600800981B17}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
    "{C324CF2C-CBD5-4965-869B-D07811BFF733}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{C3C15126-308E-4233-A75B-DBB5D4A3D9C5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
    "{C512590D-B315-4155-B431-A9088448957F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{C69FFBDE-FF55-4045-A53D-BD408940CB7D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{C869A706-904D-4352-8D0F-E234D78C4EFB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
    "{C9B13ECD-5E27-400F-B500-941EAED1828A}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud windows companion\wysebrowser.exe |
    "{CCD834EF-36A5-4BA8-89B1-3028A838BDFE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{DE860EB5-4271-4ED1-A863-F3F4C7AB15A8}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud windows companion\pocketcloudinstallwizard.exe |
    "{E657B164-6F4B-422D-AD27-38D9A644565E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{EA287C7F-596E-43DB-B742-3C49931EFEDD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F002DC18-D3CE-4BD0-8724-B99BC54CC173}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{FBB58E29-B87F-4B1E-88D6-7A6F4AB9F07F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "TCP Query User{008A2B18-20DF-4F3D-8951-9506BF07707D}C:\developmentor\courses\wcf\4.0\labs_wcf4\labs\06 async\lab\before\asyncpetshop\accountingservice\bin\debug\accountingservice.vshost.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\wcf\4.0\labs_wcf4\labs\06 async\lab\before\asyncpetshop\accountingservice\bin\debug\accountingservice.vshost.exe |
    "TCP Query User{0138E23A-4AD0-439A-B0A5-2840FAED81D5}C:\demos\host\client\bin\debug\client.exe" = protocol=6 | dir=in | app=c:\demos\host\client\bin\debug\client.exe |
    "TCP Query User{0C1DEF84-2B8F-43EF-946D-505D6C0B82D5}C:\demos\host\discoverydemo\bin\debug\discoverydemo.exe" = protocol=6 | dir=in | app=c:\demos\host\discoverydemo\bin\debug\discoverydemo.exe |
    "TCP Query User{113A9577-E711-4E63-A3E9-DEB1AD5647EB}C:\developmentor\courses\wcf\msdn samples\wf_wcf_samples\wcf\basic\routingservices\advancedfilters\cs\roundingcalcservice\bin\service.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\wcf\msdn samples\wf_wcf_samples\wcf\basic\routingservices\advancedfilters\cs\roundingcalcservice\bin\service.exe |
    "TCP Query User{178FD5CE-50F9-4471-8C96-93375C53EDC3}C:\demos\architecturedemo\host\bin\debug\host.vshost.exe" = protocol=6 | dir=in | app=c:\demos\architecturedemo\host\bin\debug\host.vshost.exe |
    "TCP Query User{1E9029A6-D91B-41BC-B353-57F025F13E6B}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe |
    "TCP Query User{1F63D738-9521-4D01-8B04-47BF1D6B66F2}C:\users\sumida\appdata\local\temp\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\sumida\appdata\local\temp\lmir0001.tmp\lmi_rescue.exe |
    "TCP Query User{2ECEEB42-6AB2-433D-AAED-794B349FD123}C:\developmentor\courses\wcf\4.0\demos\securitydemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\wcf\4.0\demos\securitydemo\host\bin\debug\host.exe |
    "TCP Query User{41F6E58E-B13A-4F94-A811-2DB94F0EE44B}C:\demos\discoverydemo\client\bin\debug\client.exe" = protocol=6 | dir=in | app=c:\demos\discoverydemo\client\bin\debug\client.exe |
    "TCP Query User{43D36D4D-4076-44A4-B919-B22CE2D544D5}C:\developmentor\courses\saxo\demos\discoverydemo\client\bin\debug\client.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\saxo\demos\discoverydemo\client\bin\debug\client.exe |
    "TCP Query User{51D4A61D-E485-492B-96A0-5FBDF666C318}C:\developmentor\courses\morgan stanley\wpf\performance\consoleapplication1\consoleapplication1\bin\debug\consoleapplication1.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\morgan stanley\wpf\performance\consoleapplication1\consoleapplication1\bin\debug\consoleapplication1.exe |
    "TCP Query User{5F55D65B-31C1-46D7-A0AE-4FE2A088C536}C:\demos\wcf4demo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\wcf4demo\host\bin\debug\host.exe |
    "TCP Query User{68051F01-BB4B-4E25-9C29-928C51FA1D72}C:\developmentor\courses\wcf\4.0\demos\securityintranetdemo\host\bin\debug\host.vshost.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\wcf\4.0\demos\securityintranetdemo\host\bin\debug\host.vshost.exe |
    "TCP Query User{73DF2ABB-53BA-4B14-8F6F-46CF8AF90F17}C:\demos\wcfmanualdemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\wcfmanualdemo\host\bin\debug\host.exe |
    "TCP Query User{7F13D4AE-BDEB-4EC1-BBEC-DC08518A4EBC}C:\demos\wcfmutualauthcertificatedemo\wcfmutualauthcertificatedemo\bin\debug\wcfmutualauthcertificatedemo.exe" = protocol=6 | dir=in | app=c:\demos\wcfmutualauthcertificatedemo\wcfmutualauthcertificatedemo\bin\debug\wcfmutualauthcertificatedemo.exe |
    "TCP Query User{8B968E60-78EA-4853-BAC0-541F7BE85764}C:\users\sumida\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe" = protocol=6 | dir=in | app=c:\users\sumida\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe |
    "TCP Query User{8BAC6107-21F4-44AB-85E0-7E92DEF9F0F0}C:\developmentor\courses\wcf\4.0\demos\securityintranetdemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\wcf\4.0\demos\securityintranetdemo\host\bin\debug\host.exe |
    "TCP Query User{8E22E4A5-0950-4265-A681-29EDE539ED6A}C:\demos\wcfarchitectureautodemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\wcfarchitectureautodemo\host\bin\debug\host.exe |
    "TCP Query User{944F79F3-05C9-4B47-AF9C-BFFFE7C1CFA0}C:\demos\wcfautoarchitecturedemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\wcfautoarchitecturedemo\host\bin\debug\host.exe |
    "TCP Query User{956FECE7-AC45-497F-AAC1-4C33717B134E}C:\developmentor\courses\wcf\4.0\demos\architecturesemimanualdemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\wcf\4.0\demos\architecturesemimanualdemo\host\bin\debug\host.exe |
    "TCP Query User{964CF698-376A-40EB-9952-7B5D06FC26D6}C:\demos\discoverydemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\discoverydemo\host\bin\debug\host.exe |
    "TCP Query User{97DDBD2B-172F-4569-AB6F-A45737CE2F06}C:\developmentor\courses\wcf\4.0\demos\securityrolesdemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\wcf\4.0\demos\securityrolesdemo\host\bin\debug\host.exe |
    "TCP Query User{B2168FD9-A581-4CF0-B7DA-DAAD4C83FEFA}C:\demos\wcfautomateddemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\wcfautomateddemo\host\bin\debug\host.exe |
    "TCP Query User{B3ABF02C-FFF0-427F-9676-3284DC403B31}C:\demos\architecturedemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\architecturedemo\host\bin\debug\host.exe |
    "TCP Query User{B4A7D483-3ED3-4289-9DD0-B92488FC5D83}C:\demos\wcfmultiendpointdemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\wcfmultiendpointdemo\host\bin\debug\host.exe |
    "TCP Query User{BD62775A-6D15-4BE8-9E4A-6B7EF5F5A9D3}C:\developmentor\courses\saxo\demos\discoverydemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\saxo\demos\discoverydemo\host\bin\debug\host.exe |
    "TCP Query User{BE1BE4C9-E197-457A-B26D-7C6147A68E28}C:\developmentor\courses\wcf\4.0\labs_wcf4\labs\06 async\lab\before\asyncpetshop\inventoryservice\bin\debug\inventoryservice.vshost.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\wcf\4.0\labs_wcf4\labs\06 async\lab\before\asyncpetshop\inventoryservice\bin\debug\inventoryservice.vshost.exe |
    "TCP Query User{BE366912-EE4F-4026-978E-CAC7D571FBB0}C:\demos\wcfsimplifieddemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\wcfsimplifieddemo\host\bin\debug\host.exe |
    "TCP Query User{C69972E2-5E7E-4D4C-A42B-FCC7AC41DAF7}C:\demos\wcfautointrodemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\wcfautointrodemo\host\bin\debug\host.exe |
    "TCP Query User{CE731FAC-D817-4624-A27B-C88EE83C124B}C:\demos\securitybasicdemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\securitybasicdemo\host\bin\debug\host.exe |
    "TCP Query User{D318AE10-D5A9-49E2-B27F-72AAAE3D49E4}C:\demos\architecturecompletelymanualdemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\architecturecompletelymanualdemo\host\bin\debug\host.exe |
    "TCP Query User{D365EA5B-BBA8-46FB-BA99-3AA9920272D7}C:\developmentor\courses\morgan stanley\aspnet\labs\cs\work\tools\tcptrace.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\morgan stanley\aspnet\labs\cs\work\tools\tcptrace.exe |
    "TCP Query User{D6E6AD58-FA1D-4750-88FD-64077AC3E245}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
    "TCP Query User{DA6A8F62-A085-4F57-B073-921FF26B57E0}C:\developmentor\courses\wcf\msdn samples\wf_wcf_samples\wcf\basic\routingservices\advancedfilters\cs\calculatorservice\bin\service.exe" = protocol=6 | dir=in | app=c:\developmentor\courses\wcf\msdn samples\wf_wcf_samples\wcf\basic\routingservices\advancedfilters\cs\calculatorservice\bin\service.exe |
    "TCP Query User{E5D5EC66-6B95-4C34-9E19-EB3C98980CF8}C:\demos\securitytest\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\securitytest\host\bin\debug\host.exe |
    "TCP Query User{F264DFB8-B2EC-45E4-8022-C4C3DCA18598}C:\demos\securityusernameauthenticationdemo\host\bin\debug\host.exe" = protocol=6 | dir=in | app=c:\demos\securityusernameauthenticationdemo\host\bin\debug\host.exe |
    "UDP Query User{03C4F51A-D7A7-4036-A599-1FEB7D0329AE}C:\demos\host\client\bin\debug\client.exe" = protocol=17 | dir=in | app=c:\demos\host\client\bin\debug\client.exe |
    "UDP Query User{196EEEC4-86B9-4BC5-8E0B-BAA63F7B0B04}C:\demos\wcfautomateddemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\wcfautomateddemo\host\bin\debug\host.exe |
    "UDP Query User{1B868F1B-8BC8-453A-B449-B99804BDD367}C:\demos\wcfsimplifieddemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\wcfsimplifieddemo\host\bin\debug\host.exe |
    "UDP Query User{1FF8B840-BDC9-4D48-9F11-9E4EC087E218}C:\demos\securitytest\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\securitytest\host\bin\debug\host.exe |
    "UDP Query User{295F5CDE-E07A-442D-9057-B748ACCC4844}C:\demos\architecturedemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\architecturedemo\host\bin\debug\host.exe |
    "UDP Query User{33D58887-D220-45CF-8C15-440131A2999B}C:\demos\discoverydemo\client\bin\debug\client.exe" = protocol=17 | dir=in | app=c:\demos\discoverydemo\client\bin\debug\client.exe |
    "UDP Query User{34427C29-29C3-41AB-B35E-99B29E64FAEA}C:\users\sumida\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe" = protocol=17 | dir=in | app=c:\users\sumida\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe |
    "UDP Query User{3550CF91-BB61-4F2D-B15A-F5E33B7EA867}C:\developmentor\courses\morgan stanley\aspnet\labs\cs\work\tools\tcptrace.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\morgan stanley\aspnet\labs\cs\work\tools\tcptrace.exe |
    "UDP Query User{38555970-DE52-4BD4-9184-53BCF4E1B278}C:\demos\wcfarchitectureautodemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\wcfarchitectureautodemo\host\bin\debug\host.exe |
    "UDP Query User{3A43C06F-F3E2-40CD-90F3-B2CCA7402A5D}C:\developmentor\courses\wcf\4.0\demos\securityrolesdemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\wcf\4.0\demos\securityrolesdemo\host\bin\debug\host.exe |
    "UDP Query User{4655AEB1-DA91-4848-987B-FA2F45928C1B}C:\developmentor\courses\saxo\demos\discoverydemo\client\bin\debug\client.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\saxo\demos\discoverydemo\client\bin\debug\client.exe |
    "UDP Query User{4C939964-7B20-4A98-AC23-B55F25B7F7BB}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe |
    "UDP Query User{4EE4C2A1-8DD9-404B-9435-197BA1F5D2F4}C:\demos\wcfautoarchitecturedemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\wcfautoarchitecturedemo\host\bin\debug\host.exe |
    "UDP Query User{56BB2550-FD0C-4894-9B3B-D01232C71C14}C:\users\sumida\appdata\local\temp\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\sumida\appdata\local\temp\lmir0001.tmp\lmi_rescue.exe |
    "UDP Query User{56FC0893-B133-44EF-97A7-E9E8830381EA}C:\developmentor\courses\wcf\4.0\demos\securityintranetdemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\wcf\4.0\demos\securityintranetdemo\host\bin\debug\host.exe |
    "UDP Query User{5B7507E7-BDDA-42B1-99C9-11471CEA7173}C:\developmentor\courses\wcf\4.0\demos\securitydemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\wcf\4.0\demos\securitydemo\host\bin\debug\host.exe |
    "UDP Query User{652606ED-7F9B-445A-B35E-E7FA179C6538}C:\demos\host\discoverydemo\bin\debug\discoverydemo.exe" = protocol=17 | dir=in | app=c:\demos\host\discoverydemo\bin\debug\discoverydemo.exe |
    "UDP Query User{73067CCB-AC78-4CCF-B9DE-4E8FA9A07D1E}C:\demos\discoverydemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\discoverydemo\host\bin\debug\host.exe |
    "UDP Query User{772D5FFA-4E0E-4810-B6D1-7D150A41A560}C:\demos\wcf4demo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\wcf4demo\host\bin\debug\host.exe |
    "UDP Query User{802D545D-3F19-45B5-A7A3-4789BA651A64}C:\demos\wcfmutualauthcertificatedemo\wcfmutualauthcertificatedemo\bin\debug\wcfmutualauthcertificatedemo.exe" = protocol=17 | dir=in | app=c:\demos\wcfmutualauthcertificatedemo\wcfmutualauthcertificatedemo\bin\debug\wcfmutualauthcertificatedemo.exe |
    "UDP Query User{87053003-0022-4CC2-AE17-31152FB921DE}C:\demos\architecturedemo\host\bin\debug\host.vshost.exe" = protocol=17 | dir=in | app=c:\demos\architecturedemo\host\bin\debug\host.vshost.exe |
    "UDP Query User{878EFC0B-316C-4857-9DB8-F4ADB2AB74C9}C:\demos\wcfmanualdemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\wcfmanualdemo\host\bin\debug\host.exe |
    "UDP Query User{8DA5C382-0ED0-41B8-A62B-865BF9B54930}C:\developmentor\courses\wcf\msdn samples\wf_wcf_samples\wcf\basic\routingservices\advancedfilters\cs\calculatorservice\bin\service.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\wcf\msdn samples\wf_wcf_samples\wcf\basic\routingservices\advancedfilters\cs\calculatorservice\bin\service.exe |
    "UDP Query User{99600F7A-61D7-4592-880B-C14718E945B6}C:\developmentor\courses\wcf\msdn samples\wf_wcf_samples\wcf\basic\routingservices\advancedfilters\cs\roundingcalcservice\bin\service.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\wcf\msdn samples\wf_wcf_samples\wcf\basic\routingservices\advancedfilters\cs\roundingcalcservice\bin\service.exe |
    "UDP Query User{A45D6870-AC68-4F62-BCF6-DC1648E0D0FA}C:\demos\securityusernameauthenticationdemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\securityusernameauthenticationdemo\host\bin\debug\host.exe |
    "UDP Query User{C05F778E-CBEC-4522-B3CC-38C2D40B0B79}C:\developmentor\courses\wcf\4.0\labs_wcf4\labs\06 async\lab\before\asyncpetshop\accountingservice\bin\debug\accountingservice.vshost.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\wcf\4.0\labs_wcf4\labs\06 async\lab\before\asyncpetshop\accountingservice\bin\debug\accountingservice.vshost.exe |
    "UDP Query User{D11251B2-5ACF-406F-A36F-2088A9D98E1F}C:\developmentor\courses\wcf\4.0\demos\architecturesemimanualdemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\wcf\4.0\demos\architecturesemimanualdemo\host\bin\debug\host.exe |
    "UDP Query User{D17C593A-6007-4DA9-9E03-6664A44D8E3B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
    "UDP Query User{D416176D-6B79-4B27-8813-BD2E7ABC0CA3}C:\demos\wcfautointrodemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\wcfautointrodemo\host\bin\debug\host.exe |
    "UDP Query User{DE659BF4-46E5-4AD1-B689-2C229CF314BF}C:\developmentor\courses\wcf\4.0\labs_wcf4\labs\06 async\lab\before\asyncpetshop\inventoryservice\bin\debug\inventoryservice.vshost.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\wcf\4.0\labs_wcf4\labs\06 async\lab\before\asyncpetshop\inventoryservice\bin\debug\inventoryservice.vshost.exe |
    "UDP Query User{E8568EB6-E5B7-4D38-97E7-EDC85BAFAC97}C:\demos\securitybasicdemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\securitybasicdemo\host\bin\debug\host.exe |
    "UDP Query User{E8C82CED-74CC-425E-8829-B896EF794336}C:\demos\architecturecompletelymanualdemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\architecturecompletelymanualdemo\host\bin\debug\host.exe |
    "UDP Query User{E99F443C-4368-4F0B-9A82-8EC53D518973}C:\developmentor\courses\saxo\demos\discoverydemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\saxo\demos\discoverydemo\host\bin\debug\host.exe |
    "UDP Query User{ED7FCDB9-ABF5-472D-B9B5-1C2CA7529259}C:\demos\wcfmultiendpointdemo\host\bin\debug\host.exe" = protocol=17 | dir=in | app=c:\demos\wcfmultiendpointdemo\host\bin\debug\host.exe |
    "UDP Query User{EE0EA7A5-CA16-47C3-A501-250D0C31A8CA}C:\developmentor\courses\morgan stanley\wpf\performance\consoleapplication1\consoleapplication1\bin\debug\consoleapplication1.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\morgan stanley\wpf\performance\consoleapplication1\consoleapplication1\bin\debug\consoleapplication1.exe |
    "UDP Query User{F2D88E8B-4C9F-4295-9CA3-D8EA58D53254}C:\developmentor\courses\wcf\4.0\demos\securityintranetdemo\host\bin\debug\host.vshost.exe" = protocol=17 | dir=in | app=c:\developmentor\courses\wcf\4.0\demos\securityintranetdemo\host\bin\debug\host.vshost.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0028A6EE-4945-4233-8024-80A546F56A5C}" = JetBrains dotTrace 3.1
    "{01078B88-2981-4F75-96B0-8B22E2D2DE03}" = Microsoft SQL Server 2008 R2 Setup (English)
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
    "{053ACA98-6B07-4DD0-9DB3-F51E3EB1780C}" = Lenovo Patch Utility 64 bit
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{183C740A-0406-380F-A235-2EC2F8A28D13}" = Microsoft Windows SDK MSHelp (30514)
    "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
    "{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 SP1 Common Files
    "{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
    "{2D2601B6-157F-4F88-B66B-B52DB21EAB2D}" = SQL Server 2008 R2 SP1 Client Tools
    "{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
    "{32F9B623-BDF7-18AC-80F1-32E9B0E25F3A}" = ccc-utility64
    "{33B61F14-BE7E-306E-85E9-D0B8CA7162D0}" = Microsoft Visual C++ 11 x64 Additional Runtime - 11.0.40825
    "{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 SP1 Common Files
    "{39960E10-3FF7-46BB-A92D-8076C67ABF60}" = Microsoft Web Platform Installer 4.0
    "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
    "{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 SP1 Management Studio
    "{5318020E-E32C-4A33-BC8D-EEF5CC2F6CA1}" = SQL Server 2008 R2 SP1 Database Engine Services
    "{5D1ED7AA-DF83-40E4-B6D1-2455A4A97E9E}" = Microsoft Lync Web App Plug-in
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
    "{68570626-1BF6-310B-AF69-6CD686C04AEA}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
    "{6C8D7973-31F9-32E1-A820-8DD857910323}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
    "{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 SP1 Management Studio
    "{8125F749-B244-4F7B-811E-532165C5F2D5}" = Microsoft SQL Server 2008 RsFx Driver
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{83970716-909C-4FBC-9CF5-AD842758BBA0}" = Mobile Broadband drivers
    "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    "{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
    "{84E30D73-E30F-3A02-BAA0-5353C04DD18A}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
    "{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
    "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
    "{89026002-A893-42D9-9E20-6829B844735E}" = Application Verifier (x64)
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{951E6223-AC28-345E-BCF4-B55C1267E321}" = Microsoft Windows SDK for Windows 7 Samples (30514)
    "{9B0EAC89-4331-A96E-C7D3-754192589BEE}" = ATI Catalyst Install Manager
    "{9C5CABF2-B1F7-41ED-A86C-CE2F35B2C330}" = Debug Diagnostics 1.2
    "{9C9F93A3-7E30-439C-8BD8-78FF9D4BCAE9}" = Windows Azure SDK
    "{9D44E05A-1163-3CA9-B1C8-BE383D844FFA}" = Microsoft Visual C++ 11 x64 Debug Runtime - 11.0.40825
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
    "{9FFAE13C-6160-4DD0-A67A-DAC5994F81BD}" = SQL Server 2008 R2 SP1 Database Engine Services
    "{A0B0F02C-410B-3DE3-9740-EC4C3D902532}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
    "{A2057AF3-1C3B-3DC5-8C6B-56013B5299B4}" = Microsoft Visual C++ 11 x64 Minimum Runtime - 11.0.40825
    "{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 SP1 Database Engine Shared
    "{A2C55034-8DAF-3755-BA85-CC321707FE99}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{B5FE23CC-0151-4595-84C3-F1DE6F44FE9B}" = SQL Server 2008 R2 SP1 Client Tools
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B7D0C3BC-CB39-3CA1-9295-A23A93994893}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514)
    "{C0C690C8-F335-4BA4-A2AD-675EAD1DFA90}" = Microsoft SQL Server 2008 Setup Support Files
    "{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 SP1 Database Engine Shared
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel(R) PROSet/Wireless WiFi Software
    "{D8C23BDE-4748-44D9-A9DD-8AB64EB18BE3}" = Microsoft SQL Server 2008 R2 RsFx Driver
    "{DAA29C01-25EF-34A8-9ABC-2E69B6C97948}" = Microsoft Visual C++ Compilers 2010 SP1 Standard - x64
    "{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
    "{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
    "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
    "{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
    "{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{EB675D0A-2C95-405B-BEE8-B42A65D23E11}" = IIS URL Rewrite Module 2
    "{F1C4B89A-8BF0-3D7C-8095-BAE412FBEA3F}" = Microsoft Windows SDK .NET Framework Tools (30514)
    "{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
    "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 SP1 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 SP1 Database Engine Services
    "3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
    "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    "6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
    "ATI Uninstaller" = ATI Uninstaller
    "CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
    "CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
    "DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
    "HECI" = Intel(R) Management Engine Interface
    "LENOVO.SMIIF" = Lenovo System Interface Driver
    "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
    "MESOL" = Intel® Active Management Technology
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
    "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "OnScreenDisplay" = On Screen Display
    "PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
    "Power Management Driver" = Lenovo Power Management Driver
    "ProInst" = Intel PROSet Wireless
    "PROSet" = Intel(R) Network Connections Drivers
    "SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
    "SynTPDeinstKey" = ThinkPad UltraNav Driver
    "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
    "Windows Azure SDK" = Windows Azure SDK

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01B7254A-7A79-4E78-AFFD-9BE18000AB0E}" = Microsoft Reactive Extensions SDK v2.0
    "{037a3c70-cc6a-4ae2-aa0e-70eb68ea81d5}" = Microsoft ASP.NET MVC 4
    "{04ECD674-1A5E-4318-9FD4-DE872C07DAAF}" = Microsoft ASP.NET Visual Studio 2010 Uninstall Finalizer
    "{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{06A8F063-C727-95AA-F10B-CD8E6B23ED16}" = CCC Help Italian
    "{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4
    "{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4
    "{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{0A7DD94B-B746-4FB0-8688-8598C22793A0}" = TurboTax 2013 WinPerFedFormset
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BD0F49E-C5B3-4FE0-A792-DCD61AEE93CF}" = Windows Identity Foundation SDK 4.0
    "{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
    "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1A7C2340-D1AC-4742-BCFF-1EA6CADFDC8B}" = Microsoft Windows Debugging Symbols
    "{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
    "{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
    "{1E59C4B4-91D5-3BBE-9FF5-69E28EB3D50B}" = Microsoft Visual C++ 11 x86 Additional Runtime - 11.0.40825
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{22B4F250-F40C-4E59-9800-E4AE88C35CFC}" = Microsoft NuGet for Visual Studio 2010
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{236E341D-275F-30BC-8F80-63C7FC854727}" = Microsoft Visual C++ Compilers 2010 SP1 Standard - x86
    "{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
    "{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
    "{2647DF9D-801D-4186-9F14-C6FBC527F185}" = Microsoft Code Contracts (devlabs_TS) 1.5.60911.10 for .NET
    "{27B6D024-FD7E-4A88-BC17-5AFBE33EC072}" = Microsoft F# Runtime for Silverlight 4
    "{2898B91C-B75B-2EC5-4D4C-DD6C286F9485}" = Catalyst Control Center InstallProxy
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2A4EEB5C-3BA6-4299-A87F-783861B567D9}" = TurboTax 2013 WinPerReleaseEngine
    "{2C164906-E68F-462A-9010-70DD022223EF}" = RemoteCapture Task 1.0.2
    "{2C4FD7D3-6F3A-45C2-AAAD-929B40346E3F}" = Catalyst Control Center - Branding
    "{2DDCCEA5-2AA4-4ABB-BCAD-41BB115A4333}" = Microsoft Silverlight 4 Toolkit April 2010
    "{358C44FD-6943-4CDD-B947-7F7C4ADC8A8F}" = TurboTax 2013 WinPerTaxSupport
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9
    "{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{54D44AD1-A083-48B9-BD6F-AFD517B7C775}" = Aventail Webifiers
    "{5506986E-3173-E510-82BB-033C18299878}" = Catalyst Control Center Graphics Previews Vista
    "{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight Tools for Visual Studio 2010
    "{5626FEDC-04D2-E67D-8261-3C6E7637A923}" = CCC Help German
    "{563BBE0C-35F3-B1FF-1AD9-A5426CDEB388}" = CCC Help Korean
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.64.02
    "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    "{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
    "{606EB5EB-AADF-4E21-B715-1CAD291181D6}" = TurboTax 2013 wrapper
    "{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
    "{66F6BD4B-4C2C-B10C-B3D4-7A311EC4FC1C}" = Catalyst Control Center Localization All
    "{6742BE3D-1A59-3BFD-BA20-2FDA866099B8}" = Microsoft Visual Studio 2010 Premium - ENU
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A1F4E2C-D10A-411B-A95C-EC6D38066DA7}" = WCF RIA Services V1.0 SP2
    "{6B85D446-9E14-4309-BC3E-8E0940827BD3}" = TurboTax 2013 wcaiper
    "{6BEB24FD-FF53-3132-B9A8-ED19455FEE29}" = Microsoft Visual C++ 11 x86 Debug Runtime - 11.0.40825
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{6D46B934-2ACE-DC9A-800B-C1831ED0FF85}" = CCC Help English
    "{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}" = ThinkVantage GPS
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
    "{73ED3EA3-F96F-D098-7EE4-146FBD30113E}" = PX Profile Update
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
    "{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{7DA16880-5718-E907-9A9F-EA8F5CBC51DA}" = CCC Help French
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
    "{8644B2F3-2A95-4CD9-B116-BD5872239161}" = Microsoft ASP.NET Visual Studio 2010 Finalizer
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
    "{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
    "{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
    "{8A4DB1CA-8206-4ADC-805C-66ACF1611DA3}" = System Migration Assistant
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
    "{8EF41729-FF5A-4D34-B650-1926026B1E43}" = Google Apps Migration For Microsoft® Exchange 2.3.1010.507
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91F4AE26-4989-D770-A6BB-B50EB5BC938D}" = CCC Help Chinese Traditional
    "{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9518F764-C54D-47B2-9E73-154B21E79FD2}" = RAW Image Task 1.0
    "{96FEADCE-241A-4CD6-ABF0-68610E4065AC}" = Microsoft ADO.NET Entity Framework 4.1
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B0B46B3-10DF-4ADA-9501-0129D784563D}" = Aventail Web Proxy Agent
    "{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4
    "{a3c0442e-f8f7-4089-ac77-1e0c50901f63}" = Microsoft Visual Studio 11 Developer Preview
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A6085E33-3DC7-1B94-C717-6B9D6686F183}" = CCC Help Chinese Standard
    "{A879B90E-B62C-4DA4-9C3F-79A1A6CFAAF9}" = Microsoft ASP.NET Web Pages - Visual Studio 2010 Tools
    "{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{ABB6AC00-F1D8-4EBF-8128-830D090B76C0}" = Microsoft SQL Server 2000 Sample Database Scripts
    "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{ACE984AB-A42F-409B-A295-4190F0079101}" = Windows Azure Tools for Microsoft Visual Studio 2010 1.3
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B48A80EE-FC2B-4FB4-A2FB-EAA55CAFD12B}" = Microsoft Unity Application Block 2.0
    "{B76F96EF-ECD0-46FB-B018-3A129E34EE9B}" = Gobi API SDK Installer
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{B984DAB1-E43D-4D42-AC5F-990E83685FE3}" = Microsoft Reactive Extensions SDK v1.0.10621 SP1
    "{B9B9863A-32FD-4133-ADB7-46244ED77694}" = Camera Support Core Library
    "{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    "{BD8F867A-0ACB-427D-A4F2-9AEE29FBF98B}" = PocketCloud Windows Companion
    "{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
    "{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec
    "{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
    "{C5E123DB-01CE-480E-8D0E-6A39F4FF5AE3}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2010 Tools
    "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
    "{C6FB6B4A-1378-4CD3-9CD3-42BA69FCBD43}" = Lenovo Patch Utility
    "{C85DF163-6DB3-2A03-5E8E-2B059AAA4882}" = CCC Help Dutch
    "{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
    "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
    "{cb29be6c-39c4-493e-9da7-d585d5353714}" = Microsoft ASP.NET Web Pages 2
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF36D287-4610-69E4-A69A-9EF2BFEDB258}" = CCC Help Portuguese
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D06ED80F-D5CC-4095-A426-FE272A2ED6D7}" = Microsoft ASP.NET MVC 4 - Visual Studio 2010 Tools
    "{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
    "{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D734A52D-624E-428E-8DE6-B2665E3621CC}" = Microsoft Windows Debugging Symbols
    "{D82A4DB6-D773-4BE7-8D98-5BF6F588DF7E}" = Snoop
    "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Power Manager
    "{DB042BA1-BD6A-9E4A-C5ED-2CC523D92C7D}" = CCC Help Swedish
    "{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
    "{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    "{DF3FBAA8-A959-72A0-8530-D715855137E1}" = CCC Help Japanese
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK
    "{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
    "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
    "{EA63C5C1-EBBC-477C-9CC7-41454DDFAFF2}" = Microsoft ASP.NET Web Pages 2 Runtime
    "{EA710A0A-BF5D-433C-8EB5-D17DC54CC298}" = Microsoft Office Live Meeting 2007
    "{EA9640BE-414E-4195-B53B-7905BF1A5A09}" = Mobile Broadband Drivers
    "{EB325412-D54D-B320-7D77-D4B4A6B9F276}" = ccc-core-static
    "{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
    "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
    "{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
    "{EFB4E818-8A4D-B230-6D41-213D48A2C7B3}" = CCC Help Spanish
    "{EFD2807A-C66B-4C13-8FB8-42FCA6DEF171}" = TurboTax 2012 wcaiper
    "{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
    "{FC909837-27D0-4FB4-8653-00F63EB70D74}" = Microsoft ASP.NET MVC 3 - Visual Studio 2010 Tools Update
    "{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
    "Blend_4.0.20525.0" = Microsoft Expression Blend 4
    "Canon MOV Decoder" = Canon MOV Decoder
    "Canon MOV Encoder" = Canon MOV Encoder
    "Design_7.0.20516.0" = Microsoft Expression Design 4
    "Encoder_4.0.1639.0" = Microsoft Expression Encoder 4
    "EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
    "ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4
    "Fiddler2" = Fiddler2
    "Google Chrome" = Google Chrome
    "h3viewerXX_is1" = H3Viewer by http://www.Helpware.net
    "InstallShield_{2C164906-E68F-462A-9010-70DD022223EF}" = Canon RemoteCapture Task for ZoomBrowser EX
    "InstallShield_{9518F764-C54D-47B2-9E73-154B21E79FD2}" = Canon RAW Image Task for ZoomBrowser EX
    "InstallShield_{B9B9863A-32FD-4133-ADB7-46244ED77694}" = Canon Camera Support Core Library
    "InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
    "Microsoft Visual Studio 2010 Premium - ENU" = Microsoft Visual Studio 2010 Premium - ENU
    "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "Product Key Finder_is1" = davehope.co.uk Product Key Finder
    "ProInst" = Intel PROSet Wireless
    "TurboTax 2010" = TurboTax 2010
    "TurboTax 2011" = TurboTax 2011
    "TurboTax 2012" = TurboTax 2012
    "TurboTax 2013" = TurboTax 2013
    "WinLiveSuite" = Windows Live Essentials
    "winscp3_is1" = WinSCP 4.3.5
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3138307283-1882095833-4123552314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
    "66e39a473d3db7d3" = DevelopMentor Campfire Viewer v2
    "d64d2e6a8796ff9c" = XBAPDemo
    "GoToMeeting" = GoToMeeting 6.0.0.1259

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 3/19/2014 12:53:37 AM | Computer Name = sumida-PC | Source = PC-Doctor | ID = 1
    Description = (5016) Asapi: (21:53:37:9640)(5016) libTonopahClient.DownloadManager
    - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
    failed with error: 317

    Error - 3/19/2014 12:53:39 AM | Computer Name = sumida-PC | Source = PC-Doctor | ID = 1
    Description = (5016) Asapi: (21:53:39:4410)(5016) libTonopahClient.DownloadManager
    - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
    failed with error: 317

    Error - 3/19/2014 2:00:08 PM | Computer Name = sumida-PC | Source = PC-Doctor | ID = 1
    Description = (1096) Asapi: (11:00:08:4460)(1096) libTonopahClient.DownloadManager
    - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
    failed with error: 317

    Error - 3/19/2014 2:00:08 PM | Computer Name = sumida-PC | Source = PC-Doctor | ID = 1
    Description = (1096) Asapi: (11:00:08:7730)(1096) libTonopahClient.DownloadManager
    - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
    failed with error: 317

    Error - 3/20/2014 4:23:57 PM | Computer Name = sumida-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 10.0.9200.16843 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1a18 Start
    Time: 01cf447a34d9b673 Termination Time: 5 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id: 8b7f5a09-b06d-11e3-b052-002556ce7a4f

    Error - 3/21/2014 4:18:48 AM | Computer Name = sumida-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Users\sumida\Downloads\SoftonicDownloader_for_hjsplit.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error - 3/21/2014 1:32:05 PM | Computer Name = sumida-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Users\sumida\Downloads\SoftonicDownloader_for_hjsplit.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error - 3/21/2014 2:00:11 PM | Computer Name = sumida-PC | Source = PC-Doctor | ID = 1
    Description = (3892) Asapi: (11:00:11:8990)(3892) libTonopahClient.DownloadManager
    - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
    failed with error: 317

    Error - 3/21/2014 2:00:13 PM | Computer Name = sumida-PC | Source = PC-Doctor | ID = 1
    Description = (3892) Asapi: (11:00:13:3440)(3892) libTonopahClient.DownloadManager
    - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
    failed with error: 317

    Error - 3/21/2014 2:01:02 PM | Computer Name = sumida-PC | Source = PC-Doctor | ID = 1
    Description = (3892) Asapi: (11:01:02:7820)(3892) S3LogPusherPlugin.Helper - Error
    -- 340 Unable to storage the test log to medium

    Error - 3/22/2014 3:01:24 AM | Computer Name = sumida-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Users\sumida\Downloads\SoftonicDownloader_for_hjsplit.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    [ Lenovo-Message Center Plus/Admin Events ]
    Error - 10/5/2012 7:14:25 PM | Computer Name = sumida-PC | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = The remote server returned an error: (503) Server Unavailable. ->
    Exception message: The remote server returned an error: (503) Server Unavailable.

    Error - 10/6/2012 2:12:04 AM | Computer Name = sumida-PC | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = The remote server returned an error: (503) Server Unavailable. ->
    Exception message: The remote server returned an error: (503) Server Unavailable.

    Error - 10/14/2012 11:58:15 PM | Computer Name = sumida-PC | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
    does not have a Lenovo Digital Signature. The file will be deleted

    Error - 11/2/2012 10:40:15 PM | Computer Name = sumida-PC | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
    does not have a Lenovo Digital Signature. The file will be deleted

    Error - 1/17/2013 11:52:43 PM | Computer Name = sumida-PC | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
    does not have a Lenovo Digital Signature. The file will be deleted

    Error - 4/10/2013 6:40:15 PM | Computer Name = sumida-PC | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = The remote server returned an error: (503) Server Unavailable. ->
    Exception message: The remote server returned an error: (503) Server Unavailable.

    Error - 5/6/2013 12:17:14 AM | Computer Name = sumida-PC | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
    does not have a Lenovo Digital Signature. The file will be deleted

    Error - 12/15/2013 11:50:55 PM | Computer Name = sumida-PC | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
    does not have a Lenovo Digital Signature. The file will be deleted

    Error - 2/26/2014 12:50:17 AM | Computer Name = sumida-PC | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
    does not have a Lenovo Digital Signature. The file will be deleted

    Error - 3/11/2014 1:27:36 PM | Computer Name = sumida-PC | Source = Lenovo-Message Center Plus/Admin | ID = 4
    Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
    does not have a Lenovo Digital Signature. The file will be deleted

    [ Media Center Events ]
    Error - 12/30/2013 2:50:29 PM | Computer Name = sumida-PC | Source = MCUpdate | ID = 0
    Description = 10:50:28 AM - Error connecting to the internet. 10:50:28 AM - Unable
    to contact server..

    Error - 12/30/2013 3:51:10 PM | Computer Name = sumida-PC | Source = MCUpdate | ID = 0
    Description = 11:51:10 AM - Error connecting to the internet. 11:51:10 AM - Unable
    to contact server..

    Error - 12/30/2013 3:51:22 PM | Computer Name = sumida-PC | Source = MCUpdate | ID = 0
    Description = 11:51:21 AM - Error connecting to the internet. 11:51:21 AM - Unable
    to contact server..

    Error - 12/31/2013 5:31:49 AM | Computer Name = sumida-PC | Source = MCUpdate | ID = 0
    Description = 1:31:48 AM - Error connecting to the internet. 1:31:49 AM - Unable
    to contact server..

    Error - 12/31/2013 5:32:15 AM | Computer Name = sumida-PC | Source = MCUpdate | ID = 0
    Description = 1:31:55 AM - Error connecting to the internet. 1:31:55 AM - Unable
    to contact server..

    Error - 1/2/2014 1:50:39 PM | Computer Name = sumida-PC | Source = MCUpdate | ID = 0
    Description = 9:50:39 AM - Error connecting to the internet. 9:50:39 AM - Unable
    to contact server..

    Error - 1/2/2014 1:50:55 PM | Computer Name = sumida-PC | Source = MCUpdate | ID = 0
    Description = 9:50:45 AM - Error connecting to the internet. 9:50:45 AM - Unable
    to contact server..

    Error - 3/1/2014 1:53:56 AM | Computer Name = sumida-PC | Source = MCUpdate | ID = 0
    Description = 9:53:39 PM - Failed to retrieve SportsSchedule (Error: Unable to connect
    to the remote server)

    Error - 3/6/2014 1:02:52 PM | Computer Name = sumida-PC | Source = MCUpdate | ID = 0
    Description = 9:02:52 AM - Error connecting to the internet. 9:02:52 AM - Unable
    to contact server..

    Error - 3/6/2014 1:03:10 PM | Computer Name = sumida-PC | Source = MCUpdate | ID = 0
    Description = 9:02:59 AM - Error connecting to the internet. 9:02:59 AM - Unable
    to contact server..

    [ Setup Events ]
    Error - 11/22/2010 2:08:19 AM | Computer Name = sumida-PC | Source = Microsoft-Windows-WUSA | ID = 3
    Description =

    Error - 5/28/2011 11:26:22 AM | Computer Name = sumida-PC | Source = Microsoft-Windows-WUSA | ID = 3
    Description =

    Error - 8/23/2011 4:52:13 AM | Computer Name = sumida-PC | Source = Microsoft-Windows-WUSA | ID = 3
    Description =

    Error - 8/23/2011 5:07:45 AM | Computer Name = sumida-PC | Source = Microsoft-Windows-WUSA | ID = 3
    Description =

    Error - 8/23/2011 6:23:22 PM | Computer Name = sumida-PC | Source = Microsoft-Windows-WUSA | ID = 3
    Description =

    Error - 8/23/2011 6:23:29 PM | Computer Name = sumida-PC | Source = Microsoft-Windows-WUSA | ID = 3
    Description =

    Error - 8/23/2011 6:30:34 PM | Computer Name = sumida-PC | Source = Microsoft-Windows-WUSA | ID = 3
    Description =

    Error - 8/23/2011 6:33:35 PM | Computer Name = sumida-PC | Source = Microsoft-Windows-WUSA | ID = 3
    Description =

    Error - 11/10/2011 8:34:03 PM | Computer Name = sumida-PC | Source = Microsoft-Windows-WUSA | ID = 3
    Description =

    Error - 3/25/2012 8:15:57 PM | Computer Name = sumida-PC | Source = Microsoft-Windows-WUSA | ID = 3
    Description =

    [ System Events ]
    Error - 3/22/2014 1:45:37 AM | Computer Name = sumida-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

    Source
    Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature
    Type: %%800 Update Type: %%803 User: sumida-PC\sumida Current Engine Version: Previous
    Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name
    or address could not be resolved

    Error - 3/22/2014 1:45:37 AM | Computer Name = sumida-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

    Source
    Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature
    Type: %%801 Update Type: %%803 User: sumida-PC\sumida Current Engine Version: Previous
    Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name
    or address could not be resolved

    Error - 3/22/2014 1:45:37 AM | Computer Name = sumida-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

    Source
    Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature
    Type: %%886 Update Type: %%803 User: sumida-PC\sumida Current Engine Version: Previous
    Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name
    or address could not be resolved

    Error - 3/22/2014 1:45:40 AM | Computer Name = sumida-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%852

    Source
    Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

    Current
    Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description:
    An unexpected problem occurred while checking for updates. For information on installing
    or troubleshooting updates, see Help and Support.

    Error - 3/22/2014 3:08:57 AM | Computer Name = sumida-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 3/22/2014 10:28:55 PM | Computer Name = sumida-PC | Source = Service Control Manager | ID = 7023
    Description = The Power service terminated with the following error: %%4203

    Error - 3/22/2014 10:29:55 PM | Computer Name = sumida-PC | Source = Service Control Manager | ID = 7000
    Description = The rimmptsk service failed to start due to the following error: %%1058

    Error - 3/22/2014 10:29:55 PM | Computer Name = sumida-PC | Source = Service Control Manager | ID = 7000
    Description = The rimsptsk service failed to start due to the following error: %%1058

    Error - 3/22/2014 10:29:55 PM | Computer Name = sumida-PC | Source = Service Control Manager | ID = 7000
    Description = The Ricoh xD-Picture Card Driver service failed to start due to the
    following error: %%1058

    Error - 3/22/2014 10:31:45 PM | Computer Name = sumida-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    tcpipBM


    < End of report >
     
  7. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,502
    rondev,
    Alureon is a remote access trojan (RAT).
    Most Experts agree that although the RAT may be removed from the machine, it is not possible to be certain about what system changes have been made.
    In some cases, security holes have been created to allow the RAT to "come back later"
    The only way to be absolutely certain that the machine can be trusted is to Reformat and Re-install Windows from scratch.
    If you wish, I will attempt to remove the RAT and all related items I can find, but there is no guarantee of future security.

    You should assume that any and all data about finances, credit cards, user names and account passwords used on this machine have been stolen.
    I would change all of them, but from a clean machine, NOT FROM THIS ONE. Otherwise the invaders might get the new ones.
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    PC-Doctor for Windows

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    ----------------------------------------------
    Perform a Custom Fix with OTL
    Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :OTL
      O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
      [2014/03/20 17:39:31 | 000,000,000 | ---D | M] -- C:\Users\sumida\AppData\Roaming\Ad-Aware Antivirus
      [2011/09/04 15:42:37 | 000,000,000 | ---D | M] -- C:\Users\sqluser\AppData\Roaming\PCDr
      [2011/09/04 15:42:37 | 000,000,000 | ---D | M] -- C:\Users\sqluser\AppData\Roaming\PCDr
      [2011/05/04 14:00:54 | 000,000,000 | ---D | M] -- C:\Users\sumida\AppData\Roaming\PCDr
      [2014/02/24 16:30:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
      [2014/03/16 17:52:41 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [emptyjava]
      [emptyflash] 
      [EMPTYTEMP]
      
      
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • That is the FIX log file. Copy the contents of that file and post it in your next reply.
      It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
    --------------------------------------------
    TDSSKiller - Rootkit Removal Tool
    Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
    1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      (Vista - W7 users: Right-click and select "Run As Administrator")
      If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
      If you don't see file extensions, please see: How to change the file extension.
      If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
    2. Click the Start Scan button. Do not use the computer during the scan!
    3. If the scan completes with nothing found, click Close to exit.
    4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
      • Ensure Cure (default) is selected...
      • let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be unchecked/ignored) & then choose reboot.
      • If Cure is not offered as an option, choose Skip.
    5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
      (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
    6. Copy and paste the contents of that file in your next reply.
    If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

    So we are looking for the FIX log from OTL, and the report from TDSSKiller.
    askey127
     
  8. rondev

    rondev Thread Starter

    Joined:
    Aug 14, 2005
    Messages:
    29
    Hi Askey127,

    Here are the OTL fix log results:


    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    Error: Unable to interpret < :OTL> in the current context!
    Error: Unable to interpret < O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.> in the current context!
    Error: Unable to interpret < [2014/03/20 17:39:31 | 000,000,000 | ---D | M] -- C:\Users\sumida\AppData\Roaming\Ad-Aware Antivirus> in the current context!
    Error: Unable to interpret < [2011/09/04 15:42:37 | 000,000,000 | ---D | M] -- C:\Users\sqluser\AppData\Roaming\PCDr> in the current context!
    Error: Unable to interpret < [2011/09/04 15:42:37 | 000,000,000 | ---D | M] -- C:\Users\sqluser\AppData\Roaming\PCDr> in the current context!
    Error: Unable to interpret < [2011/05/04 14:00:54 | 000,000,000 | ---D | M] -- C:\Users\sumida\AppData\Roaming\PCDr> in the current context!
    Error: Unable to interpret < [2014/02/24 16:30:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job> in the current context!
    Error: Unable to interpret < [2014/03/16 17:52:41 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job> in the current context!
    Error: Unable to interpret < :Files> in the current context!
    Error: Unable to interpret < ipconfig /flushdns /c> in the current context!
    Error: Unable to interpret < :Commands> in the current context!

    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Classic .NET AppPool

    User: Default

    User: Default User

    User: DefaultAppPool

    User: Guest

    User: Public

    User: sqluser
    ->Java cache emptied: 0 bytes

    User: sumida
    ->Java cache emptied: 2206288 bytes

    Total Java Files Cleaned = 2.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Classic .NET AppPool
    ->Flash cache emptied: 56502 bytes

    User: Default
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: DefaultAppPool
    ->Flash cache emptied: 56502 bytes

    User: Guest
    ->Flash cache emptied: 56502 bytes

    User: Public

    User: sqluser
    ->Flash cache emptied: 57072 bytes

    User: sumida
    ->Flash cache emptied: 15246 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: Administrator
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Classic .NET AppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 1356237 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: DefaultAppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 52236 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: sqluser
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: sumida
    ->Temp folder emptied: 1083130010 bytes
    ->Temporary Internet Files folder emptied: 54110413 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 12814520 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 443448 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 525792 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 686314489 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 4626841 bytes
    RecycleBin emptied: 15948170423 bytes

    Total Files Cleaned = 16,967.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 03232014_064346

    Files\Folders moved on Reboot...
    C:\Users\sumida\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\sumida\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  9. rondev

    rondev Thread Starter

    Joined:
    Aug 14, 2005
    Messages:
    29
    It looks like TDSKiller didn't find anything.
    The log is too big to post, but here is the summary at the end:

    07:23:07.0832 0x09ac ============================================================
    07:23:07.0832 0x09ac Scan finished
    07:23:07.0832 0x09ac ============================================================
    07:23:07.0838 0x1064 Detected object count: 0
    07:23:07.0838 0x1064 Actual detected object count: 0
    07:23:40.0689 0x0318 Deinitialize success
     
  10. rondev

    rondev Thread Starter

    Joined:
    Aug 14, 2005
    Messages:
    29
    I realized that I could post the TDSKiller log in two parts. So here goes. This is the first half, and my next post will have the second half:

    07:22:21.0551 0x1444 TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
    07:22:26.0911 0x1444 ============================================================
    07:22:26.0911 0x1444 Current date / time: 2014/03/23 07:22:26.0911
    07:22:26.0911 0x1444 SystemInfo:
    07:22:26.0911 0x1444
    07:22:26.0911 0x1444 OS Version: 6.1.7601 ServicePack: 1.0
    07:22:26.0911 0x1444 Product type: Workstation
    07:22:26.0911 0x1444 ComputerName: SUMIDA-PC
    07:22:26.0911 0x1444 UserName: sumida
    07:22:26.0911 0x1444 Windows directory: C:\Windows
    07:22:26.0911 0x1444 System windows directory: C:\Windows
    07:22:26.0911 0x1444 Running under WOW64
    07:22:26.0911 0x1444 Processor architecture: Intel x64
    07:22:26.0911 0x1444 Number of processors: 2
    07:22:26.0911 0x1444 Page size: 0x1000
    07:22:26.0911 0x1444 Boot type: Normal boot
    07:22:26.0911 0x1444 ============================================================
    07:22:30.0160 0x1444 KLMD registered as C:\Windows\system32\drivers\98044213.sys
    07:22:30.0857 0x1444 System UUID: {DA34F8B3-144F-0D2F-11A8-A5AFBD436C4C}
    07:22:31.0504 0x1444 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
    07:22:31.0511 0x1444 ============================================================
    07:22:31.0511 0x1444 \Device\Harddisk0\DR0:
    07:22:31.0511 0x1444 MBR partitions:
    07:22:31.0511 0x1444 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    07:22:31.0511 0x1444 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
    07:22:31.0511 0x1444 ============================================================
    07:22:31.0535 0x1444 C: <-> \Device\Harddisk0\DR0\Partition2
    07:22:31.0535 0x1444 ============================================================
    07:22:31.0536 0x1444 Initialize success
    07:22:31.0536 0x1444 ============================================================
    07:22:37.0674 0x09ac ============================================================
    07:22:37.0674 0x09ac Scan started
    07:22:37.0674 0x09ac Mode: Manual;
    07:22:37.0674 0x09ac ============================================================
    07:22:37.0674 0x09ac KSN ping started
    07:22:37.0744 0x09ac KSN ping finished: false
    07:22:37.0888 0x09ac ================ Scan system memory ========================
    07:22:37.0888 0x09ac System memory - ok
    07:22:37.0889 0x09ac ================ Scan services =============================
    07:22:38.0067 0x09ac [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    07:22:38.0072 0x09ac 1394ohci - ok
    07:22:38.0129 0x09ac [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    07:22:38.0136 0x09ac ACPI - ok
    07:22:38.0148 0x09ac [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    07:22:38.0149 0x09ac AcpiPmi - ok
    07:22:38.0261 0x09ac [ 1B396BE97E2FF459224582F69C7DF877, 7D0C14769E7B446314684E0DBF6362607A53FA29AB1EB6DFEB7466580729ECBC ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
    07:22:38.0265 0x09ac AcPrfMgrSvc - ok
    07:22:38.0331 0x09ac [ 54DB0AC6359BE379C8AD2EFE18CA4020, C80C2C759B04BFB3474E5AEA9AC83DBF445E21BB1FA8FFED6A972E0B6AF219F4 ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
    07:22:38.0337 0x09ac AcSvc - ok
    07:22:38.0433 0x09ac [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    07:22:38.0435 0x09ac AdobeARMservice - ok
    07:22:38.0582 0x09ac [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    07:22:38.0691 0x09ac AdobeFlashPlayerUpdateSvc - ok
    07:22:38.0756 0x09ac [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    07:22:38.0767 0x09ac adp94xx - ok
    07:22:38.0818 0x09ac [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    07:22:38.0826 0x09ac adpahci - ok
    07:22:38.0852 0x09ac [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    07:22:38.0857 0x09ac adpu320 - ok
    07:22:38.0888 0x09ac [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    07:22:38.0890 0x09ac AeLookupSvc - ok
    07:22:38.0957 0x09ac [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
    07:22:38.0967 0x09ac AFD - ok
    07:22:39.0025 0x09ac [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
    07:22:39.0027 0x09ac agp440 - ok
    07:22:39.0053 0x09ac [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
    07:22:39.0055 0x09ac ALG - ok
    07:22:39.0108 0x09ac [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
    07:22:39.0110 0x09ac aliide - ok
    07:22:39.0177 0x09ac [ F23C8B2011900E7D0F1940CA75975B90, D9E9907D8C71BE92D36FF1287F81D3C87CA3F2AC07229D2B53284473ED0B688A ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    07:22:39.0182 0x09ac AMD External Events Utility - ok
    07:22:39.0236 0x09ac [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
    07:22:39.0237 0x09ac amdide - ok
    07:22:39.0271 0x09ac [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    07:22:39.0273 0x09ac AmdK8 - ok
    07:22:39.0553 0x09ac [ F9F4A7CC75C3101AD5A66FD035525CC3, 9D13EEA4EB7F3A8E97BC3BF874E6A6FD789CFDE0B6B29B649F86CBE6FAF68EA2 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    07:22:39.0876 0x09ac amdkmdag - ok
    07:22:39.0953 0x09ac [ 7FDAAE73445C2C9F8360AB45E22C03BE, 012825F5EC538CCB8A194BA8914D1DBCB283D5125C04B2B065909717CDCCA5BA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    07:22:39.0958 0x09ac amdkmdap - ok
    07:22:39.0975 0x09ac [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    07:22:39.0977 0x09ac AmdPPM - ok
    07:22:40.0033 0x09ac [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    07:22:40.0036 0x09ac amdsata - ok
    07:22:40.0067 0x09ac [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    07:22:40.0072 0x09ac amdsbs - ok
    07:22:40.0086 0x09ac [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
    07:22:40.0087 0x09ac amdxata - ok
    07:22:40.0115 0x09ac [ 12E7A43A3C6840A063A82B04F7EF47C0, 8D6B8743323C724999102DFE3B85CF2B5165291D615678748A5DD82B19C0D2F9 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
    07:22:40.0119 0x09ac AMPPAL - ok
    07:22:40.0133 0x09ac [ 12E7A43A3C6840A063A82B04F7EF47C0, 8D6B8743323C724999102DFE3B85CF2B5165291D615678748A5DD82B19C0D2F9 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
    07:22:40.0136 0x09ac AMPPALP - ok
    07:22:40.0241 0x09ac [ 2CC0CBF2707BE4D5B6CE6B87D9DA2F97, 28E18DA8762A2D51DDB23A075233C9AF14E15DC21FEBF623F4221CF9692F5607 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    07:22:40.0255 0x09ac AMPPALR3 - ok
    07:22:40.0363 0x09ac [ D699FAA229916863A256A81AB81C159E, E81F3314648E42F7819D514EDF70F309B5FC4F4E8ED3E3BFF83B699CEBEA3156 ] AppFabricEventCollectionService C:\Windows\System32\AppFabric\EventCollectorService.exe
    07:22:40.0365 0x09ac AppFabricEventCollectionService - ok
    07:22:40.0407 0x09ac [ 0A53E5240C36798A28414560B5119518, 090D9CEA20B9AA69D759044A6958E3D4CD3B45D79BC34CE1BEFAE1774A562CAF ] AppFabricWorkflowManagementService C:\Windows\System32\AppFabric\WorkflowManagementService.exe
    07:22:40.0410 0x09ac AppFabricWorkflowManagementService - ok
    07:22:40.0502 0x09ac [ 59D01FA91962C9C1E9B4022B2D3B46DB, 3A111588538B77F010B5C900FB8425DDE55A08DBAC308CA7FB7BD9FCCCDEC69F ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
    07:22:40.0513 0x09ac AppHostSvc - ok
    07:22:40.0573 0x09ac [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
    07:22:40.0575 0x09ac AppID - ok
    07:22:40.0601 0x09ac [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    07:22:40.0603 0x09ac AppIDSvc - ok
    07:22:40.0652 0x09ac [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
    07:22:40.0654 0x09ac Appinfo - ok
    07:22:40.0681 0x09ac [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
    07:22:40.0685 0x09ac AppMgmt - ok
    07:22:40.0720 0x09ac [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
    07:22:40.0722 0x09ac arc - ok
    07:22:40.0735 0x09ac [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    07:22:40.0737 0x09ac arcsas - ok
    07:22:40.0833 0x09ac [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    07:22:40.0869 0x09ac aspnet_state - ok
    07:22:40.0900 0x09ac [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    07:22:40.0901 0x09ac AsyncMac - ok
    07:22:40.0952 0x09ac [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
    07:22:40.0953 0x09ac atapi - ok
    07:22:41.0200 0x09ac [ F9F4A7CC75C3101AD5A66FD035525CC3, 9D13EEA4EB7F3A8E97BC3BF874E6A6FD789CFDE0B6B29B649F86CBE6FAF68EA2 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    07:22:41.0336 0x09ac atikmdag - ok
    07:22:41.0367 0x09ac ATTRcAppSvc - ok
    07:22:41.0432 0x09ac [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    07:22:41.0447 0x09ac AudioEndpointBuilder - ok
    07:22:41.0465 0x09ac [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    07:22:41.0476 0x09ac AudioSrv - ok
    07:22:41.0531 0x09ac [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
    07:22:41.0534 0x09ac AxInstSV - ok
    07:22:41.0574 0x09ac [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    07:22:41.0584 0x09ac b06bdrv - ok
    07:22:41.0622 0x09ac [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    07:22:41.0628 0x09ac b57nd60a - ok
    07:22:41.0706 0x09ac [ F8FE7E12F8151E0A17C23CF840599F9A, 5D1AA3A5DAC08B521A7BE775F32434AFF1F5F19B69CD16D2D94B0D399E61C371 ] bcbtums C:\Windows\system32\drivers\bcbtums.sys
    07:22:41.0711 0x09ac bcbtums - ok
    07:22:41.0790 0x09ac [ ACB44407FF63C3A5A22AB5782F209604, 86BE221F07EB49D2149710CCCE4F0C24677560FEFD41F093C6D2BA0C962CF5C3 ] BcmBtRSupport C:\Windows\system32\BtwRSupportService.exe
    07:22:41.0837 0x09ac BcmBtRSupport - ok
    07:22:41.0859 0x09ac [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
    07:22:41.0862 0x09ac BDESVC - ok
    07:22:41.0882 0x09ac [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
    07:22:41.0883 0x09ac Beep - ok
    07:22:41.0956 0x09ac [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
    07:22:41.0970 0x09ac BFE - ok
    07:22:42.0033 0x09ac [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
    07:22:42.0052 0x09ac BITS - ok
    07:22:42.0074 0x09ac [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    07:22:42.0076 0x09ac blbdrive - ok
    07:22:42.0093 0x09ac BMLoad - ok
    07:22:42.0139 0x09ac [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    07:22:42.0141 0x09ac bowser - ok
    07:22:42.0169 0x09ac [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    07:22:42.0171 0x09ac BrFiltLo - ok
    07:22:42.0184 0x09ac [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    07:22:42.0185 0x09ac BrFiltUp - ok
    07:22:42.0235 0x09ac [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
    07:22:42.0238 0x09ac Browser - ok
    07:22:42.0267 0x09ac [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    07:22:42.0274 0x09ac Brserid - ok
    07:22:42.0292 0x09ac [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    07:22:42.0294 0x09ac BrSerWdm - ok
    07:22:42.0302 0x09ac [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    07:22:42.0303 0x09ac BrUsbMdm - ok
    07:22:42.0317 0x09ac [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    07:22:42.0318 0x09ac BrUsbSer - ok
    07:22:42.0368 0x09ac [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
    07:22:42.0370 0x09ac BthEnum - ok
    07:22:42.0398 0x09ac [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    07:22:42.0400 0x09ac BTHMODEM - ok
    07:22:42.0425 0x09ac [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    07:22:42.0428 0x09ac BthPan - ok
    07:22:42.0485 0x09ac [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
    07:22:42.0497 0x09ac BTHPORT - ok
    07:22:42.0562 0x09ac [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
    07:22:42.0565 0x09ac bthserv - ok
    07:22:42.0615 0x09ac [ D6CEEC2F878149E4DB9FE93FA5D8FE60, 917AE8B4C9A3EE541E6B9A1155B490F2069AA47FB62C55BBAF4A06B149D870F5 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    07:22:42.0618 0x09ac BTHSSecurityMgr - ok
    07:22:42.0640 0x09ac [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
    07:22:42.0643 0x09ac BTHUSB - ok
    07:22:42.0670 0x09ac [ 2641A3FE3D7B0646308F33B67F3B5300, 8D2E37F6524D10197D36AAE41F59028B3DF0692A113EA342BB1AC36DEA13D8F6 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
    07:22:42.0672 0x09ac btusbflt - ok
    07:22:42.0726 0x09ac [ BC279FCEE9FC8CBF991D5DE539771AA9, 5DE007672BFBFA78C44CC08251F495420402AFF4AD01541AA84AD37BD4A58190 ] btwampfl C:\Windows\system32\DRIVERS\btwampfl.sys
    07:22:42.0730 0x09ac btwampfl - ok
    07:22:42.0771 0x09ac [ A72A9101F9730DB7332714E566614E4D, 7C75772EA40EAEDDE2565E5FF901B17EA9B748563B8CE40062D86D4B0F1DBF0C ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
    07:22:42.0774 0x09ac btwaudio - ok
    07:22:42.0805 0x09ac [ 5CEEC634B617525F2B6AD29F871033F7, 0A48E08FB3C3384860783F72C85022F6AD11D8F7023580D007478AA94F6F41C5 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
    07:22:42.0808 0x09ac btwavdt - ok
    07:22:42.0897 0x09ac [ FFE8C1C3ABBF75CE4E74E9A0942DAE7D, 650B2403BB7FBC43CD111A9ABE71D48D685BE4AF84CD91ACA9A9A4C21A45E565 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
    07:22:42.0916 0x09ac btwdins - ok
    07:22:42.0932 0x09ac [ 6149301DC3F81D6F9667A3FBAC410975, 120E201AFB07054C7F6321461D194843C695012431DBD791E36BBF73FDD41E8A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
    07:22:42.0934 0x09ac btwl2cap - ok
    07:22:42.0942 0x09ac [ 2AF5604D28BEF77B7CF4B9D232FE7CD3, 758524012FE284EDFC27DF095A2DD5853A0F084999F14DA66784103176E938E4 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
    07:22:42.0943 0x09ac btwrchid - ok
    07:22:42.0977 0x09ac c2wts - ok
    07:22:43.0000 0x09ac CAATT - ok
    07:22:43.0070 0x09ac [ 9C4E50BEA239E2D45099EC919F779DB0, 4B2C557CE8B416A841A5399128AD5D53F369B18E47AC36951F7846C78F875FC7 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
    07:22:43.0108 0x09ac CAXHWAZL - ok
    07:22:43.0129 0x09ac [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    07:22:43.0132 0x09ac cdfs - ok
    07:22:43.0196 0x09ac [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    07:22:43.0200 0x09ac cdrom - ok
    07:22:43.0251 0x09ac [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
    07:22:43.0253 0x09ac CertPropSvc - ok
    07:22:43.0274 0x09ac [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    07:22:43.0276 0x09ac circlass - ok
    07:22:43.0300 0x09ac [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
    07:22:43.0308 0x09ac CLFS - ok
    07:22:43.0351 0x09ac [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    07:22:43.0354 0x09ac clr_optimization_v2.0.50727_32 - ok
    07:22:43.0392 0x09ac [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    07:22:43.0394 0x09ac clr_optimization_v2.0.50727_64 - ok
    07:22:43.0458 0x09ac [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    07:22:43.0756 0x09ac clr_optimization_v4.0.30319_32 - ok
    07:22:43.0783 0x09ac [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    07:22:43.0853 0x09ac clr_optimization_v4.0.30319_64 - ok
    07:22:43.0884 0x09ac [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    07:22:43.0885 0x09ac CmBatt - ok
    07:22:43.0925 0x09ac [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
    07:22:43.0926 0x09ac cmdide - ok
    07:22:43.0977 0x09ac [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
    07:22:43.0986 0x09ac CNG - ok
    07:22:44.0037 0x09ac [ D3C4F72E8F8DC523B02A0C313CEEEA99, 754A7A75EBD0D8C67C286984BE79120480F3DCCD5271228D5A5006ADE62F82D1 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
    07:22:44.0051 0x09ac CnxtHdAudService - ok
    07:22:44.0085 0x09ac [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    07:22:44.0086 0x09ac Compbatt - ok
    07:22:44.0139 0x09ac [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    07:22:44.0140 0x09ac CompositeBus - ok
    07:22:44.0154 0x09ac COMSysApp - ok
    07:22:44.0167 0x09ac [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    07:22:44.0169 0x09ac crcdisk - ok
    07:22:44.0220 0x09ac [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
    07:22:44.0224 0x09ac CryptSvc - ok
    07:22:44.0283 0x09ac [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
    07:22:44.0294 0x09ac CSC - ok
    07:22:44.0325 0x09ac [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
    07:22:44.0340 0x09ac CscService - ok
    07:22:44.0447 0x09ac [ 0A2D071A14A420F6DB8CBA2EBE8CF79F, 129456F14DE104D7F804137E6F6640221CBE11EDE7F2EF0F2A1FEB11F1291432 ] DbgSvc C:\Program Files\DebugDiag\DbgSvc.exe
    07:22:44.0457 0x09ac DbgSvc - ok
    07:22:44.0552 0x09ac [ 347DE9BE932A92C890C161320EEFA99E, 77000CCC16875EB34FF89786512CC6BBDF1918D3E392A4EABDA324B2729CF1F0 ] DcomLaunch C:\Windows\system32\rpcss.dll
    07:22:44.0564 0x09ac DcomLaunch - ok
    07:22:44.0589 0x09ac [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
    07:22:44.0595 0x09ac defragsvc - ok
    07:22:44.0662 0x09ac [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    07:22:44.0664 0x09ac DfsC - ok
    07:22:44.0725 0x09ac [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
    07:22:44.0732 0x09ac Dhcp - ok
    07:22:44.0750 0x09ac [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
    07:22:44.0752 0x09ac discache - ok
    07:22:44.0785 0x09ac [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
    07:22:44.0787 0x09ac Disk - ok
    07:22:44.0829 0x09ac [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    07:22:44.0833 0x09ac Dnscache - ok
    07:22:44.0876 0x09ac [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
    07:22:44.0882 0x09ac dot3svc - ok
    07:22:44.0941 0x09ac [ 604D8E757DAF0E2BE6FD8F0047711069, B113F107FFCC8362FAAC64CCA01A3C17259196237E2AD63338A19D1151293A82 ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
    07:22:44.0948 0x09ac DozeSvc - ok
    07:22:45.0012 0x09ac [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
    07:22:45.0016 0x09ac DPS - ok
    07:22:45.0063 0x09ac [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    07:22:45.0064 0x09ac drmkaud - ok
    07:22:45.0134 0x09ac [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    07:22:45.0150 0x09ac DXGKrnl - ok
    07:22:45.0179 0x09ac [ 3CE83D7EE95D9C9F03323810A2E747DF, 50E34E2EC26584A1BE06EA5049481D1AE2F3213B2A81BA86411623ADCEE24F53 ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys
    07:22:45.0180 0x09ac DzHDD64 - ok
    07:22:45.0223 0x09ac [ 11D0ECA73AB25135F65656B93ADBCB3D, 65970D64DFB2272C36918D47B440ECDB45D99BAABB78651BF67D1BD0026A45CC ] e1yexpress C:\Windows\system32\DRIVERS\e1y62x64.sys
    07:22:45.0229 0x09ac e1yexpress - ok
    07:22:45.0273 0x09ac [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
    07:22:45.0276 0x09ac EapHost - ok
    07:22:45.0380 0x09ac [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    07:22:45.0449 0x09ac ebdrv - ok
    07:22:45.0500 0x09ac [ F88F2E5806FC405B0FA94B7947A5875E, 292DA82C308C9F9775DF4E2C8FDE726D4BA6B224049C113809422EDE07919248 ] ecnssndis C:\Windows\system32\Drivers\wwuss64.sys
    07:22:45.0531 0x09ac ecnssndis - ok
    07:22:45.0554 0x09ac [ C8CD88218EFC28F7E44A9892B3E97F4D, 3C84997B657808BBE1A9B9AD5EB8E1900ED703D67C3CE66F85BA0BADDA616CD8 ] ecnssndisfltr C:\Windows\system32\Drivers\wwussf64.sys
    07:22:45.0564 0x09ac ecnssndisfltr - ok
    07:22:45.0609 0x09ac [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe
    07:22:45.0611 0x09ac EFS - ok
    07:22:45.0663 0x09ac [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    07:22:45.0738 0x09ac ehRecvr - ok
    07:22:45.0775 0x09ac [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
    07:22:45.0797 0x09ac ehSched - ok
    07:22:45.0847 0x09ac [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    07:22:45.0858 0x09ac elxstor - ok
    07:22:45.0903 0x09ac [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    07:22:45.0904 0x09ac ErrDev - ok
    07:22:45.0961 0x09ac [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
    07:22:45.0970 0x09ac EventSystem - ok
    07:22:46.0044 0x09ac [ 532B8FF8E07F3772B086620377654F95, F9461C630B9C40E3919F91B1AB28BD0E1B3C74D4AE0E972F25713CF350734C2A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    07:22:46.0076 0x09ac EvtEng - ok
    07:22:46.0101 0x09ac [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
    07:22:46.0106 0x09ac exfat - ok
    07:22:46.0123 0x09ac [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    07:22:46.0128 0x09ac fastfat - ok
    07:22:46.0193 0x09ac [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
    07:22:46.0208 0x09ac Fax - ok
    07:22:46.0229 0x09ac [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    07:22:46.0230 0x09ac fdc - ok
    07:22:46.0253 0x09ac [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
    07:22:46.0255 0x09ac fdPHost - ok
    07:22:46.0265 0x09ac [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
    07:22:46.0267 0x09ac FDResPub - ok
    07:22:46.0281 0x09ac [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    07:22:46.0282 0x09ac FileInfo - ok
    07:22:46.0291 0x09ac [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    07:22:46.0293 0x09ac Filetrace - ok
    07:22:46.0308 0x09ac [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    07:22:46.0310 0x09ac flpydisk - ok
    07:22:46.0364 0x09ac [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    07:22:46.0370 0x09ac FltMgr - ok
    07:22:46.0448 0x09ac [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
    07:22:46.0473 0x09ac FontCache - ok
    07:22:46.0531 0x09ac [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    07:22:46.0532 0x09ac FontCache3.0.0.0 - ok
    07:22:46.0547 0x09ac [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    07:22:46.0549 0x09ac FsDepends - ok
    07:22:46.0605 0x09ac [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    07:22:46.0606 0x09ac Fs_Rec - ok
    07:22:46.0656 0x09ac [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    07:22:46.0661 0x09ac fvevol - ok
    07:22:46.0689 0x09ac [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    07:22:46.0692 0x09ac gagp30kx - ok
    07:22:46.0748 0x09ac [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
    07:22:46.0765 0x09ac gpsvc - ok
    07:22:46.0943 0x09ac [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    07:22:46.0946 0x09ac gupdate - ok
    07:22:46.0978 0x09ac [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    07:22:46.0981 0x09ac gupdatem - ok
    07:22:47.0030 0x09ac [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    07:22:47.0035 0x09ac gusvc - ok
    07:22:47.0064 0x09ac [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    07:22:47.0065 0x09ac hcw85cir - ok
    07:22:47.0116 0x09ac [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    07:22:47.0124 0x09ac HdAudAddService - ok
    07:22:47.0159 0x09ac [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    07:22:47.0162 0x09ac HDAudBus - ok
    07:22:47.0188 0x09ac [ 15C9789470B8855AC2F54FDF96802D13, 5375BBA13219456DA87023F206732BF76F934DC04C8E298C7C5E94944CC268D4 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    07:22:47.0189 0x09ac HECIx64 - ok
    07:22:47.0202 0x09ac [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    07:22:47.0204 0x09ac HidBatt - ok
    07:22:47.0217 0x09ac [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    07:22:47.0220 0x09ac HidBth - ok
    07:22:47.0234 0x09ac [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    07:22:47.0236 0x09ac HidIr - ok
    07:22:47.0262 0x09ac [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
    07:22:47.0263 0x09ac hidserv - ok
    07:22:47.0313 0x09ac [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
    07:22:47.0315 0x09ac HidUsb - ok
    07:22:47.0354 0x09ac [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
    07:22:47.0357 0x09ac hkmsvc - ok
    07:22:47.0412 0x09ac [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    07:22:47.0418 0x09ac HomeGroupListener - ok
    07:22:47.0468 0x09ac [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    07:22:47.0473 0x09ac HomeGroupProvider - ok
    07:22:47.0520 0x09ac [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    07:22:47.0523 0x09ac HpSAMD - ok
    07:22:47.0599 0x09ac [ 447256D1C026654C5CD3CC17E7B20631, F89589AC17BC50483E6687963370937E6CD19D6030F30D70577A7DA266116919 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
    07:22:47.0609 0x09ac HsfXAudioService - ok
    07:22:47.0689 0x09ac [ 5A518B63D408B2DBC1778788456E1A66, 177A11C53E9B00A166DB8942F43C0FB6F5699248D2D2D8061C5057CE4E882C3B ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
    07:22:47.0722 0x09ac HSF_DPV - ok
    07:22:47.0784 0x09ac [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    07:22:47.0800 0x09ac HTTP - ok
    07:22:47.0843 0x09ac [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    07:22:47.0843 0x09ac hwpolicy - ok
    07:22:47.0898 0x09ac [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    07:22:47.0901 0x09ac i8042prt - ok
    07:22:47.0934 0x09ac [ BBB3B6DF1ABB0FE35802EDE85CC1C011, 6E1FA8519A7D417969244E807D2863B39656169A925966045036A989A5EB611D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    07:22:47.0941 0x09ac iaStor - ok
    07:22:47.0979 0x09ac [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    07:22:47.0989 0x09ac iaStorV - ok
    07:22:48.0044 0x09ac [ 6C7FE2FD06EF34A7972E34C876FC78DF, B545A10DEEF59B8145D3D20361DA7F1C0FD27B6273B126B500594D6456C3FC06 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
    07:22:48.0052 0x09ac IBMPMDRV - ok
    07:22:48.0094 0x09ac [ 5A1E3B4BA187327DF5FF122F96FA753A, AED93AA268F75D46752FCE5189392EE41225DA45F7D67C73B77629C8227E5084 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
    07:22:48.0109 0x09ac IBMPMSVC - ok
    07:22:48.0229 0x09ac [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    07:22:48.0266 0x09ac IDriverT - ok
    07:22:48.0340 0x09ac [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    07:22:48.0358 0x09ac idsvc - ok
    07:22:48.0721 0x09ac [ 4EAA4261E1AD4B860657CADA790B9B38, BC4D7F207F1A7D67371169545D2C68D696EF69DF4C740F74D6ABFBE4B5CA48A6 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    07:22:49.0064 0x09ac igfx - ok
    07:22:49.0124 0x09ac [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    07:22:49.0126 0x09ac iirsp - ok
    07:22:49.0199 0x09ac [ AB55B8A9B13130F638546881CE4425F8, 8427E67BE02ECABAA3F0C48BD4205BCBD4C978B48AE4E7336DA5821DFC49029E ] IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe
    07:22:49.0210 0x09ac IISADMIN - ok
    07:22:49.0270 0x09ac [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
    07:22:49.0288 0x09ac IKEEXT - ok
    07:22:49.0333 0x09ac [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
    07:22:49.0335 0x09ac intelide - ok
    07:22:49.0676 0x09ac [ 4EAA4261E1AD4B860657CADA790B9B38, BC4D7F207F1A7D67371169545D2C68D696EF69DF4C740F74D6ABFBE4B5CA48A6 ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
    07:22:49.0977 0x09ac intelkmd - ok
    07:22:50.0042 0x09ac [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    07:22:50.0043 0x09ac intelppm - ok
    07:22:50.0194 0x09ac [ 3DC635B66DD7412E1C9C3A77B8D78F25, D3894065DA2D08744863ECC5EE9027A0E39711A6A56AAB599F1CAF4BB996F42A ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    07:22:50.0196 0x09ac IntuitUpdateService - ok
    07:22:50.0318 0x09ac [ 0895CDD7F1542FFCC5BBB560EC78BC16, 383D9FFE7FB313EA201DE877F3D48B5116FFA261EDEF5D0D0FE79F14E9682D25 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    07:22:50.0319 0x09ac IntuitUpdateServiceV4 - ok
    07:22:50.0338 0x09ac [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    07:22:50.0341 0x09ac IPBusEnum - ok
    07:22:50.0385 0x09ac [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    07:22:50.0388 0x09ac IpFilterDriver - ok
    07:22:50.0443 0x09ac [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    07:22:50.0455 0x09ac iphlpsvc - ok
    07:22:50.0496 0x09ac [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    07:22:50.0498 0x09ac IPMIDRV - ok
    07:22:50.0522 0x09ac [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    07:22:50.0525 0x09ac IPNAT - ok
    07:22:50.0548 0x09ac [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
    07:22:50.0549 0x09ac IRENUM - ok
    07:22:50.0593 0x09ac [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    07:22:50.0594 0x09ac isapnp - ok
    07:22:50.0630 0x09ac [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    07:22:50.0636 0x09ac iScsiPrt - ok
    07:22:50.0676 0x09ac [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    07:22:50.0677 0x09ac kbdclass - ok
    07:22:50.0703 0x09ac [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    07:22:50.0705 0x09ac kbdhid - ok
    07:22:50.0717 0x09ac [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
    07:22:50.0719 0x09ac KeyIso - ok
    07:22:50.0767 0x09ac [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    07:22:50.0775 0x09ac KSecDD - ok
    07:22:50.0804 0x09ac [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    07:22:50.0808 0x09ac KSecPkg - ok
    07:22:50.0844 0x09ac [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    07:22:50.0845 0x09ac ksthunk - ok
    07:22:50.0883 0x09ac [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
    07:22:50.0892 0x09ac KtmRm - ok
    07:22:50.0949 0x09ac [ C864875E87E6B790471516856FC1F5C2, 43CAC6ADD5FFEEE55CA03B04CC8DF6CA9A50ACFAC50739A8CA550F210EFF19C6 ] l36wgps C:\Windows\system32\DRIVERS\l36wgps64.sys
    07:22:50.0961 0x09ac l36wgps - ok
    07:22:51.0007 0x09ac [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
    07:22:51.0014 0x09ac LanmanServer - ok
    07:22:51.0055 0x09ac [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    07:22:51.0060 0x09ac LanmanWorkstation - ok
    07:22:51.0142 0x09ac [ 403F6798A847D9F98B650D27D0FA3FD3, D69314309E251C74D77CDEF1DED7A4E83788871FA723D0D74B9FE5BAA89F9998 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
    07:22:51.0143 0x09ac LENOVO.CAMMUTE - ok
    07:22:51.0197 0x09ac [ 7CFE36AF06E9C0984021796EDC8AC207, 5EA4CFA26D7FC39081C02FCE08BDDFD7FED144D16CC08201671543D4B7D8EA10 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    07:22:51.0200 0x09ac LENOVO.MICMUTE - ok
    07:22:51.0228 0x09ac [ 2B9D8555DC004E240082D18E7725CE20, 9DEF9463CB099C0BC8782C1E5FCE62F038B971ABC12966774D1F83569B081A42 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
    07:22:51.0229 0x09ac lenovo.smi - ok
    07:22:51.0271 0x09ac [ 00F2E095C36199D8BF14A8E40CDBC2D0, A7E048E496056E7554F9BB2CA71374820821371F39D5BE22C88285D412E2FCBE ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    07:22:51.0273 0x09ac LENOVO.TPKNRSVC - ok
    07:22:51.0340 0x09ac [ F7DE50781DC4D162C1005EB30D98F931, CDD07CD2E300DCD818CF97AC05CAFD2BA5568CEA10622D69E156CFC936DD4769 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    07:22:51.0343 0x09ac Lenovo.VIRTSCRLSVC - ok
    07:22:51.0384 0x09ac [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    07:22:51.0386 0x09ac lltdio - ok
    07:22:51.0412 0x09ac [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    07:22:51.0420 0x09ac lltdsvc - ok
    07:22:51.0438 0x09ac [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
    07:22:51.0440 0x09ac lmhosts - ok
    07:22:51.0478 0x09ac [ 7F697D6EB3E47FBC7757229DAEE406B4, 9F2C5ED88ACFB16FD5D2B9372A17D322BD816A57C00FB0BD0835A27A25616F94 ] LMS C:\Program Files (x86)\Intel\AMT\LMS.exe
    07:22:51.0482 0x09ac LMS - ok
    07:22:51.0514 0x09ac [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    07:22:51.0517 0x09ac LSI_FC - ok
    07:22:51.0529 0x09ac [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    07:22:51.0533 0x09ac LSI_SAS - ok
    07:22:51.0548 0x09ac [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    07:22:51.0550 0x09ac LSI_SAS2 - ok
    07:22:51.0567 0x09ac [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    07:22:51.0570 0x09ac LSI_SCSI - ok
    07:22:51.0601 0x09ac [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
    07:22:51.0604 0x09ac luafv - ok
    07:22:51.0662 0x09ac [ D8BA1ECBF0B9A4B4E1F3B7EB517D6C20, 9A72B2FAE2E39D1F7E73DD55888D30AAE46BDC5294A5EA558AF00CABF1C20D5B ] Mbm3CBus C:\Windows\system32\DRIVERS\Mbm3CBus.sys
    07:22:51.0671 0x09ac Mbm3CBus - ok
    07:22:51.0727 0x09ac [ 01E60917101B309E15F30DA26ACF64F6, 141BBBCA6A2E20A1AF242483F98E03401A956C691177EBCC1946D87736B42D59 ] Mbm3DevMt C:\Windows\system32\DRIVERS\Mbm3DevMt.sys
    07:22:51.0737 0x09ac Mbm3DevMt - ok
    07:22:51.0797 0x09ac [ 6350A2CA21FB7B14432EFFDC61863AED, C2C051E155455AD57219C1E8689B51D736FB50876BE10F3770B0560BF27C538B ] Mbm3mdfl C:\Windows\system32\DRIVERS\Mbm3mdfl.sys
    07:22:51.0798 0x09ac Mbm3mdfl - ok
    07:22:51.0870 0x09ac [ 9FC3A8713D148E15D0472E1C44DD0FDA, A36FF9787477E7D1F9C202B7D87A701114B76B6A796A89D6D199D351CC040622 ] Mbm3Mdm C:\Windows\system32\DRIVERS\Mbm3Mdm.sys
    07:22:51.0881 0x09ac Mbm3Mdm - ok
    07:22:51.0923 0x09ac [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    07:22:51.0927 0x09ac Mcx2Svc - ok
    07:22:51.0967 0x09ac [ FC631425ED761EA1F24738AA15FF5A7D, CB8CE73E35B8C44B8F61EE2E72826225E60C1F6B40613727409F898A91D39AF0 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
    07:22:51.0968 0x09ac mdmxsdk - ok
    07:22:51.0988 0x09ac [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    07:22:51.0989 0x09ac megasas - ok
    07:22:52.0010 0x09ac [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    07:22:52.0017 0x09ac MegaSR - ok
    07:22:52.0060 0x09ac Microsoft SharePoint Workspace Audit Service - ok
    07:22:52.0085 0x09ac [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
    07:22:52.0088 0x09ac MMCSS - ok
    07:22:52.0096 0x09ac [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
    07:22:52.0097 0x09ac Modem - ok
    07:22:52.0143 0x09ac [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    07:22:52.0143 0x09ac monitor - ok
    07:22:52.0196 0x09ac [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    07:22:52.0197 0x09ac mouclass - ok
    07:22:52.0226 0x09ac [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    07:22:52.0228 0x09ac mouhid - ok
    07:22:52.0272 0x09ac [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    07:22:52.0275 0x09ac mountmgr - ok
    07:22:52.0348 0x09ac [ C6B88D62F20AC646C6BD5C032EC2FAF9, 111A07939F3C5A46F0C51B9D6F5C1D8478099E32EFD88BC260467109ADD975F8 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    07:22:52.0353 0x09ac MpFilter - ok
    07:22:52.0389 0x09ac [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
    07:22:52.0393 0x09ac mpio - ok
    07:22:52.0422 0x09ac [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    07:22:52.0424 0x09ac mpsdrv - ok
    07:22:52.0485 0x09ac [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
    07:22:52.0503 0x09ac MpsSvc - ok
    07:22:52.0551 0x09ac [ CD22D2563039DDA6793F7624719363A7, 82C91467EDCB61B1DD086A1D25925E4D89E43EF6EFAE3C59AFF3D73280119AF6 ] MQAC C:\Windows\system32\drivers\mqac.sys
    07:22:52.0556 0x09ac MQAC - ok
    07:22:52.0600 0x09ac [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    07:22:52.0604 0x09ac MRxDAV - ok
    07:22:52.0646 0x09ac [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    07:22:52.0650 0x09ac mrxsmb - ok
    07:22:52.0700 0x09ac [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    07:22:52.0707 0x09ac mrxsmb10 - ok
    07:22:52.0755 0x09ac [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    07:22:52.0758 0x09ac mrxsmb20 - ok
    07:22:52.0792 0x09ac [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
    07:22:52.0793 0x09ac msahci - ok
    07:22:52.0837 0x09ac [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    07:22:52.0840 0x09ac msdsm - ok
    07:22:52.0852 0x09ac [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
    07:22:52.0856 0x09ac MSDTC - ok
    07:22:52.0884 0x09ac [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    07:22:52.0885 0x09ac Msfs - ok
    07:22:52.0893 0x09ac [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    07:22:52.0894 0x09ac mshidkmdf - ok
    07:22:52.0934 0x09ac [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    07:22:52.0935 0x09ac msisadrv - ok
    07:22:52.0966 0x09ac [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    07:22:52.0970 0x09ac MSiSCSI - ok
    07:22:52.0974 0x09ac msiserver - ok
    07:22:52.0994 0x09ac [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    07:22:52.0995 0x09ac MSKSSRV - ok
    07:22:53.0109 0x09ac [ 7675E15D1B2180745E4DA4D26AAD7385, 729AA6C610F67028CFFFF64B772FFA1CAE7581D37F8909BDA423D52AF85C92C8 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    07:22:53.0109 0x09ac MsMpSvc - ok
    07:22:53.0149 0x09ac [ FAAEAEF99E53561BEEE58F946CA56F0D, 78AC692C4B80616E4C44ED20954B8D2FCE2215056C2ED3522123E5B50A7CE67A ] MSMQ C:\Windows\system32\mqsvc.exe
    07:22:53.0151 0x09ac MSMQ - ok
    07:22:53.0161 0x09ac [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    07:22:53.0162 0x09ac MSPCLOCK - ok
    07:22:53.0183 0x09ac [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    07:22:53.0184 0x09ac MSPQM - ok
    07:22:53.0238 0x09ac [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    07:22:53.0245 0x09ac MsRPC - ok
    07:22:53.0295 0x09ac [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    07:22:53.0296 0x09ac mssmbios - ok
    07:22:53.0393 0x09ac MSSQL$SQLEXPRESS - ok
    07:22:53.0489 0x09ac MSSQLSERVER - ok
    07:22:53.0582 0x09ac [ 04EF36EAF5C4DBCE424D81B76F1E9231, ABA97C3004903852357264291613649D823F5BB24806E6CF9952AB3AA0E97C15 ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
    07:22:53.0585 0x09ac MSSQLServerADHelper100 - ok
    07:22:53.0610 0x09ac [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    07:22:53.0611 0x09ac MSTEE - ok
    07:22:53.0631 0x09ac [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    07:22:53.0633 0x09ac MTConfig - ok
    07:22:53.0640 0x09ac [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
    07:22:53.0641 0x09ac Mup - ok
    07:22:53.0694 0x09ac [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
    07:22:53.0705 0x09ac napagent - ok
    07:22:53.0732 0x09ac [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    07:22:53.0739 0x09ac NativeWifiP - ok
    07:22:53.0814 0x09ac [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
    07:22:53.0833 0x09ac NDIS - ok
    07:22:53.0860 0x09ac [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    07:22:53.0862 0x09ac NdisCap - ok
    07:22:53.0882 0x09ac [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    07:22:53.0883 0x09ac NdisTapi - ok
    07:22:53.0925 0x09ac [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    07:22:53.0927 0x09ac Ndisuio - ok
    07:22:53.0972 0x09ac [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    07:22:53.0976 0x09ac NdisWan - ok
    07:22:54.0019 0x09ac [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    07:22:54.0021 0x09ac NDProxy - ok
    07:22:54.0047 0x09ac [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    07:22:54.0048 0x09ac NetBIOS - ok
    07:22:54.0092 0x09ac [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    07:22:54.0098 0x09ac NetBT - ok
    07:22:54.0109 0x09ac [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe
    07:22:54.0111 0x09ac Netlogon - ok
    07:22:54.0133 0x09ac [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
    07:22:54.0142 0x09ac Netman - ok
    07:22:54.0180 0x09ac [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    07:22:54.0202 0x09ac NetMsmqActivator - ok
    07:22:54.0211 0x09ac [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    07:22:54.0214 0x09ac NetPipeActivator - ok
    07:22:54.0234 0x09ac [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
    07:22:54.0244 0x09ac netprofm - ok
    07:22:54.0250 0x09ac [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    07:22:54.0253 0x09ac NetTcpActivator - ok
    07:22:54.0257 0x09ac [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    07:22:54.0260 0x09ac NetTcpPortSharing - ok
    07:22:54.0437 0x09ac [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
    07:22:54.0550 0x09ac netw5v64 - ok
    07:22:54.0858 0x09ac [ 774C9ECCEF83AB8A3D1466F19809C95F, 23DEE2BC7D1C7F12098E87F1A9721F63DBE605F845E6F48EB117FDF4952B550E ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
    07:22:55.0147 0x09ac NETwNs64 - ok
    07:22:55.0226 0x09ac [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    07:22:55.0228 0x09ac nfrd960 - ok
    07:22:55.0297 0x09ac [ ACE8C64C57E4A711473C8BC10ADF692B, 53D8083CE78DB5527080B4570AC28ABAA262667744A319707AE0C46E46B297F9 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
     
  11. rondev

    rondev Thread Starter

    Joined:
    Aug 14, 2005
    Messages:
    29
    Here is the second half of the TDSKiller log:

    07:22:55.0300 0x09ac NisDrv - ok
    07:22:55.0371 0x09ac [ 6247E8B31ED0A9D6BC5A26276E49BEB3, 230C0C560492C454B9EB14B50EB4A78DC74FAB6B662449A0EA3114B3E671BFF3 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    07:22:55.0379 0x09ac NisSrv - ok
    07:22:55.0428 0x09ac [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
    07:22:55.0435 0x09ac NlaSvc - ok
    07:22:55.0449 0x09ac [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
    07:22:55.0451 0x09ac Npfs - ok
    07:22:55.0468 0x09ac [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
    07:22:55.0469 0x09ac nsi - ok
    07:22:55.0482 0x09ac [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    07:22:55.0483 0x09ac nsiproxy - ok
    07:22:55.0565 0x09ac [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    07:22:55.0600 0x09ac Ntfs - ok
    07:22:55.0626 0x09ac [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
    07:22:55.0627 0x09ac Null - ok
    07:22:55.0639 0x09ac [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    07:22:55.0643 0x09ac nvraid - ok
    07:22:55.0695 0x09ac [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    07:22:55.0700 0x09ac nvstor - ok
    07:22:55.0738 0x09ac [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    07:22:55.0741 0x09ac nv_agp - ok
    07:22:55.0758 0x09ac [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    07:22:55.0761 0x09ac ohci1394 - ok
    07:22:55.0795 0x09ac [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    07:22:55.0799 0x09ac ose - ok
    07:22:55.0968 0x09ac [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    07:22:56.0071 0x09ac osppsvc - ok
    07:22:56.0116 0x09ac [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    07:22:56.0124 0x09ac p2pimsvc - ok
    07:22:56.0143 0x09ac [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
    07:22:56.0153 0x09ac p2psvc - ok
    07:22:56.0173 0x09ac [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    07:22:56.0176 0x09ac Parport - ok
    07:22:56.0214 0x09ac [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    07:22:56.0216 0x09ac partmgr - ok
    07:22:56.0231 0x09ac [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
    07:22:56.0236 0x09ac PcaSvc - ok
    07:22:56.0286 0x09ac PcdrNdisuio - ok
    07:22:56.0304 0x09ac [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
    07:22:56.0308 0x09ac pci - ok
    07:22:56.0353 0x09ac [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
    07:22:56.0354 0x09ac pciide - ok
    07:22:56.0370 0x09ac [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    07:22:56.0375 0x09ac pcmcia - ok
    07:22:56.0380 0x09ac PCTINDIS5X64 - ok
    07:22:56.0396 0x09ac [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
    07:22:56.0397 0x09ac pcw - ok
    07:22:56.0426 0x09ac [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    07:22:56.0440 0x09ac PEAUTH - ok
    07:22:56.0497 0x09ac [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    07:22:56.0527 0x09ac PeerDistSvc - ok
    07:22:56.0558 0x09ac [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
    07:22:56.0567 0x09ac PerfHost - ok
    07:22:56.0649 0x09ac [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
    07:22:56.0680 0x09ac pla - ok
    07:22:56.0740 0x09ac [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    07:22:56.0750 0x09ac PlugPlay - ok
    07:22:56.0774 0x09ac [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    07:22:56.0776 0x09ac PNRPAutoReg - ok
    07:22:56.0791 0x09ac [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    07:22:56.0797 0x09ac PNRPsvc - ok
    07:22:56.0849 0x09ac [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    07:22:56.0861 0x09ac PolicyAgent - ok
    07:22:56.0885 0x09ac [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\Windows\system32\umpo.dll
    07:22:56.0890 0x09ac Power - ok
    07:22:56.0970 0x09ac [ 91162123C2918035B81687C050C32349, D377C433213A5B07B5E88723E778DDA2CE49EF8EED264B6691A1F29937E28003 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
    07:22:57.0006 0x09ac Power Manager DBC Service - ok
    07:22:57.0059 0x09ac [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    07:22:57.0062 0x09ac PptpMiniport - ok
    07:22:57.0086 0x09ac [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
    07:22:57.0088 0x09ac Processor - ok
    07:22:57.0163 0x09ac [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
    07:22:57.0169 0x09ac ProfSvc - ok
    07:22:57.0176 0x09ac [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
    07:22:57.0177 0x09ac ProtectedStorage - ok
    07:22:57.0208 0x09ac [ 05A4779E4994B21473EDBE85AABE8030, AFD597461B036FDE42013648A4D542B02AE1D7E128BF0B193BA4B478432F0C72 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
    07:22:57.0210 0x09ac psadd - ok
    07:22:57.0266 0x09ac [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    07:22:57.0269 0x09ac Psched - ok
    07:22:57.0387 0x09ac [ A5603194DA539F6E0C836A72EE8F47F3, 3B8FFC63D6A3CB210C0891B2E849639414C81B22EFC6C99758EE1509D2DBAC2E ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
    07:22:57.0422 0x09ac PwmEWSvc - ok
    07:22:57.0488 0x09ac [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    07:22:57.0520 0x09ac ql2300 - ok
    07:22:57.0539 0x09ac [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    07:22:57.0543 0x09ac ql40xx - ok
    07:22:57.0569 0x09ac [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
    07:22:57.0575 0x09ac QWAVE - ok
    07:22:57.0588 0x09ac [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    07:22:57.0590 0x09ac QWAVEdrv - ok
    07:22:57.0597 0x09ac [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    07:22:57.0598 0x09ac RasAcd - ok
    07:22:57.0631 0x09ac [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    07:22:57.0633 0x09ac RasAgileVpn - ok
    07:22:57.0646 0x09ac [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
    07:22:57.0649 0x09ac RasAuto - ok
    07:22:57.0686 0x09ac [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    07:22:57.0689 0x09ac Rasl2tp - ok
    07:22:57.0743 0x09ac [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
    07:22:57.0752 0x09ac RasMan - ok
    07:22:57.0765 0x09ac [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    07:22:57.0768 0x09ac RasPppoe - ok
    07:22:57.0777 0x09ac [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    07:22:57.0779 0x09ac RasSstp - ok
    07:22:57.0823 0x09ac [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    07:22:57.0829 0x09ac rdbss - ok
    07:22:57.0851 0x09ac [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    07:22:57.0852 0x09ac rdpbus - ok
    07:22:57.0864 0x09ac [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    07:22:57.0865 0x09ac RDPCDD - ok
    07:22:57.0912 0x09ac [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    07:22:57.0916 0x09ac RDPDR - ok
    07:22:57.0935 0x09ac [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    07:22:57.0936 0x09ac RDPENCDD - ok
    07:22:57.0947 0x09ac [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    07:22:57.0948 0x09ac RDPREFMP - ok
    07:22:58.0017 0x09ac [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    07:22:58.0019 0x09ac RdpVideoMiniport - ok
    07:22:58.0071 0x09ac [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    07:22:58.0076 0x09ac RDPWD - ok
    07:22:58.0130 0x09ac [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    07:22:58.0134 0x09ac rdyboost - ok
    07:22:58.0193 0x09ac [ 7196BE857E29007470FF9B689C7F29A7, 3355BB31A934BF0C8357C01F4234527C0A17E0CAC314AE3D6D087D070702C655 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    07:22:58.0210 0x09ac RegSrvc - ok
    07:22:58.0235 0x09ac [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
    07:22:58.0238 0x09ac RemoteAccess - ok
    07:22:58.0258 0x09ac [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    07:22:58.0263 0x09ac RemoteRegistry - ok
    07:22:58.0298 0x09ac [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    07:22:58.0302 0x09ac RFCOMM - ok
    07:22:58.0326 0x09ac [ F45D6E12EB99A668F52201637C67C8F5, B89F8F80A46C30C22FE5593E67FC42D5166F84429A3393ADB4B0BE71CA5513B1 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
    07:22:58.0328 0x09ac rimmptsk - ok
    07:22:58.0349 0x09ac [ EAC02ED935A9C1F2DDD8D985C465B854, 27CD869E30B2646A31A6A451D4800020505F64AEC3A9ACF59534955DE0C59033 ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
    07:22:58.0350 0x09ac rimsptsk - ok
    07:22:58.0385 0x09ac [ C903D49655B4AAE46673F0AAA6BE0F58, 0F861775323CC1792A4A4B43D6375532D982FBC9FCC03184B55101A2A579A832 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
    07:22:58.0386 0x09ac RimVSerPort - ok
    07:22:58.0399 0x09ac [ 931A8F843B4120DF527C3684DAF77FD9, 19EC186DFA31742A243414D1E31F7529FF69DD3E6DA545AB5FAD01269A3DB37E ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
    07:22:58.0401 0x09ac rismxdp - ok
    07:22:58.0421 0x09ac [ 388D3DD1A6457280F3BADBA9F3ACD6B1, 5C534EA15195B1301C917904627AF09FE2ABA3FEE1641B5C87E8F3191BC49058 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
    07:22:58.0422 0x09ac ROOTMODEM - ok
    07:22:58.0450 0x09ac [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    07:22:58.0453 0x09ac RpcEptMapper - ok
    07:22:58.0474 0x09ac [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
    07:22:58.0476 0x09ac RpcLocator - ok
    07:22:58.0529 0x09ac [ 347DE9BE932A92C890C161320EEFA99E, 77000CCC16875EB34FF89786512CC6BBDF1918D3E392A4EABDA324B2729CF1F0 ] RpcSs C:\Windows\system32\rpcss.dll
    07:22:58.0539 0x09ac RpcSs - ok
    07:22:58.0615 0x09ac [ C606C5F712A3761896CEFFA4AF6B1268, 8E6411B0E818DF621B7E1AB271684712CAF741C38B57C0609D6978FA0198523C ] RsFx0151 C:\Windows\system32\DRIVERS\RsFx0151.sys
    07:22:58.0623 0x09ac RsFx0151 - ok
    07:22:58.0646 0x09ac [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    07:22:58.0648 0x09ac rspndr - ok
    07:22:58.0695 0x09ac [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    07:22:58.0696 0x09ac s3cap - ok
    07:22:58.0710 0x09ac [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe
    07:22:58.0711 0x09ac SamSs - ok
    07:22:58.0721 0x09ac [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    07:22:58.0724 0x09ac sbp2port - ok
    07:22:58.0845 0x09ac [ 794D4B48DFB6E999537C7C3947863463, 93DA8AA20D6B02A3360E7F56150F126E75266E9372E6409D42B89DA588EF49C3 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    07:22:58.0870 0x09ac SBSDWSCService - ok
    07:22:58.0895 0x09ac [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    07:22:58.0901 0x09ac SCardSvr - ok
    07:22:58.0947 0x09ac [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    07:22:58.0949 0x09ac scfilter - ok
    07:22:59.0025 0x09ac [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
    07:22:59.0049 0x09ac Schedule - ok
    07:22:59.0094 0x09ac [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
    07:22:59.0096 0x09ac SCPolicySvc - ok
    07:22:59.0152 0x09ac [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\drivers\sdbus.sys
    07:22:59.0156 0x09ac sdbus - ok
    07:22:59.0196 0x09ac [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    07:22:59.0201 0x09ac SDRSVC - ok
    07:22:59.0234 0x09ac [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
    07:22:59.0235 0x09ac secdrv - ok
    07:22:59.0248 0x09ac [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
    07:22:59.0250 0x09ac seclogon - ok
    07:22:59.0267 0x09ac [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
    07:22:59.0270 0x09ac SENS - ok
    07:22:59.0281 0x09ac [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
    07:22:59.0283 0x09ac SensrSvc - ok
    07:22:59.0314 0x09ac [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    07:22:59.0315 0x09ac Serenum - ok
    07:22:59.0326 0x09ac [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
    07:22:59.0329 0x09ac Serial - ok
    07:22:59.0368 0x09ac [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    07:22:59.0369 0x09ac sermouse - ok
    07:22:59.0424 0x09ac [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
    07:22:59.0428 0x09ac SessionEnv - ok
    07:22:59.0464 0x09ac [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    07:22:59.0466 0x09ac sffdisk - ok
    07:22:59.0472 0x09ac [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    07:22:59.0473 0x09ac sffp_mmc - ok
    07:22:59.0477 0x09ac [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    07:22:59.0478 0x09ac sffp_sd - ok
    07:22:59.0487 0x09ac [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    07:22:59.0488 0x09ac sfloppy - ok
    07:22:59.0520 0x09ac [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    07:22:59.0528 0x09ac SharedAccess - ok
    07:22:59.0550 0x09ac [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    07:22:59.0559 0x09ac ShellHWDetection - ok
    07:22:59.0612 0x09ac [ 20E533B5D78BF878B071766996791390, 58AE5555BB1803AEDFF55E1766C386A21E30CFC2827A99CC43E21D2BE9A39CBF ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
    07:22:59.0615 0x09ac Shockprf - ok
    07:22:59.0640 0x09ac [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    07:22:59.0642 0x09ac SiSRaid2 - ok
    07:22:59.0656 0x09ac [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    07:22:59.0658 0x09ac SiSRaid4 - ok
    07:22:59.0717 0x09ac [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    07:22:59.0722 0x09ac SkypeUpdate - ok
    07:22:59.0746 0x09ac [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    07:22:59.0749 0x09ac Smb - ok
    07:22:59.0801 0x09ac [ C40F447162D99F6CBFC29A0B7EFE270B, 8826CEC13E5AAE763826B916143E6D3289FB75933206074DC67376B265E4C796 ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
    07:22:59.0811 0x09ac SmbDrvI - ok
    07:22:59.0854 0x09ac [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    07:22:59.0856 0x09ac SNMPTRAP - ok
    07:22:59.0979 0x09ac [ 3BCD7556F3222221C31B1577B5527ED7, D4665DEF499F5F77B624ECE79A9112C277CC7502295737EA15FE0D961110B8B1 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
    07:23:00.0052 0x09ac SNP2UVC - ok
    07:23:00.0086 0x09ac [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
    07:23:00.0087 0x09ac spldr - ok
    07:23:00.0144 0x09ac [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
    07:23:00.0157 0x09ac Spooler - ok
    07:23:00.0297 0x09ac [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
    07:23:00.0371 0x09ac sppsvc - ok
    07:23:00.0404 0x09ac [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    07:23:00.0407 0x09ac sppuinotify - ok
    07:23:00.0542 0x09ac [ 3420E0482AD95120B471B7328A8D7D08, D3D8C45EC601B59ACBE7FE76B7C8478256DD29ADBF9A22938BFD4098E593B682 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
    07:23:00.0571 0x09ac SQLAgent$SQLEXPRESS - ok
    07:23:00.0664 0x09ac [ 7D67C07C63796775CC5492BCFEAFF125, BAEFF806F656FA252D1DBC1E21603CF5F7D54C5AFB3FC91F2723729A7740DF8A ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    07:23:00.0671 0x09ac SQLBrowser - ok
    07:23:00.0761 0x09ac [ 3420E0482AD95120B471B7328A8D7D08, D3D8C45EC601B59ACBE7FE76B7C8478256DD29ADBF9A22938BFD4098E593B682 ] SQLSERVERAGENT C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
    07:23:00.0770 0x09ac SQLSERVERAGENT - ok
    07:23:00.0840 0x09ac [ F98DDFBFE0EE66D4C4B00693512B9527, 322FF75D1CA460368FD72ADCD93273F1D5AA5CF2C4DF65A94BF9ABAA2E695150 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    07:23:00.0843 0x09ac SQLWriter - ok
    07:23:00.0897 0x09ac [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
    07:23:00.0907 0x09ac srv - ok
    07:23:00.0928 0x09ac [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    07:23:00.0937 0x09ac srv2 - ok
    07:23:00.0970 0x09ac [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    07:23:00.0978 0x09ac SrvHsfHDA - ok
    07:23:01.0027 0x09ac [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    07:23:01.0059 0x09ac SrvHsfV92 - ok
    07:23:01.0095 0x09ac [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    07:23:01.0111 0x09ac SrvHsfWinac - ok
    07:23:01.0127 0x09ac [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    07:23:01.0131 0x09ac srvnet - ok
    07:23:01.0159 0x09ac [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    07:23:01.0165 0x09ac SSDPSRV - ok
    07:23:01.0184 0x09ac [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
    07:23:01.0187 0x09ac SstpSvc - ok
    07:23:01.0204 0x09ac [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    07:23:01.0206 0x09ac stexstor - ok
    07:23:01.0271 0x09ac [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
    07:23:01.0285 0x09ac stisvc - ok
    07:23:01.0332 0x09ac [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    07:23:01.0333 0x09ac storflt - ok
    07:23:01.0355 0x09ac [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
    07:23:01.0357 0x09ac StorSvc - ok
    07:23:01.0373 0x09ac [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
    07:23:01.0374 0x09ac storvsc - ok
    07:23:01.0485 0x09ac [ F07850E89839894F731E4562B64E08A5, BF11E096E1CC57B57FFB4E0528DB43F6B049A7E8A0C00C34E03A00EF2F2092B6 ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    07:23:01.0495 0x09ac SUService - ok
    07:23:01.0549 0x09ac [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
    07:23:01.0550 0x09ac swenum - ok
    07:23:01.0578 0x09ac [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
    07:23:01.0591 0x09ac swprv - ok
    07:23:01.0664 0x09ac [ BBF351BB2726CBE6DB12CE8D5B052210, 97F3CCEEC910375A42E5DEA932033BB08BCB012513EE5285FE0E6E99727655F4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    07:23:01.0681 0x09ac SynTP - ok
    07:23:01.0765 0x09ac [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
    07:23:01.0803 0x09ac SysMain - ok
    07:23:01.0850 0x09ac [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
    07:23:01.0854 0x09ac TabletInputService - ok
    07:23:01.0877 0x09ac [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
    07:23:01.0884 0x09ac TapiSrv - ok
    07:23:01.0902 0x09ac [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
    07:23:01.0905 0x09ac TBS - ok
    07:23:02.0002 0x09ac [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    07:23:02.0042 0x09ac Tcpip - ok
    07:23:02.0098 0x09ac [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    07:23:02.0130 0x09ac TCPIP6 - ok
    07:23:02.0145 0x09ac tcpipBM - ok
    07:23:02.0184 0x09ac [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    07:23:02.0186 0x09ac tcpipreg - ok
    07:23:02.0205 0x09ac [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    07:23:02.0207 0x09ac TDPIPE - ok
    07:23:02.0255 0x09ac [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    07:23:02.0256 0x09ac TDTCP - ok
    07:23:02.0310 0x09ac [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    07:23:02.0313 0x09ac tdx - ok
    07:23:02.0351 0x09ac [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
    07:23:02.0352 0x09ac TermDD - ok
    07:23:02.0404 0x09ac [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
    07:23:02.0419 0x09ac TermService - ok
    07:23:02.0438 0x09ac [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
    07:23:02.0441 0x09ac Themes - ok
    07:23:02.0461 0x09ac [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
    07:23:02.0463 0x09ac THREADORDER - ok
    07:23:02.0508 0x09ac [ E9180AB69CCDE82E117A22EE1E1631B4, C97E2451826C6D63DBD16C6A4D8FC864590C57D8C7B6F6B555454C170C3071F7 ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
    07:23:02.0509 0x09ac TPDIGIMN - ok
    07:23:02.0530 0x09ac [ D238C272AEA2DF71B9D72E5E2F4F0F3A, 7ED976B3240ABEE9334045A51C6C28BB15A80147319D8259FE9C7722E84613D9 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
    07:23:02.0533 0x09ac TPHDEXLGSVC - ok
    07:23:02.0639 0x09ac [ 8A1CAB578B61DD178A505B951229E6D7, ECA0E264F47638044DDE226A4C899299B651523AE91F44ECE496C0E3DC2F78A5 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
    07:23:02.0642 0x09ac TPHKLOAD - ok
    07:23:02.0683 0x09ac [ 5B62F45C87CC0FB176C5358EEA6CFB4C, D3ED391278AE0F26BCF947057E63DD0CCA4FAD9D15C23D34E14A1F34571DAC77 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    07:23:02.0685 0x09ac TPHKSVC - ok
    07:23:02.0738 0x09ac [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM C:\Windows\system32\drivers\tpm.sys
    07:23:02.0739 0x09ac TPM - ok
    07:23:02.0758 0x09ac [ A9EF6C7E62DC3B01C51CFB92C1596C62, 432335FDA5DF9FF8C9B86767980A07C720E7158D5362E40D3A745817D4275A07 ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
    07:23:02.0759 0x09ac TPPWRIF - ok
    07:23:02.0787 0x09ac [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
    07:23:02.0792 0x09ac TrkWks - ok
    07:23:02.0887 0x09ac [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    07:23:02.0908 0x09ac TrustedInstaller - ok
    07:23:02.0953 0x09ac [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    07:23:02.0954 0x09ac tssecsrv - ok
    07:23:03.0010 0x09ac [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    07:23:03.0012 0x09ac TsUsbFlt - ok
    07:23:03.0079 0x09ac [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    07:23:03.0082 0x09ac tunnel - ok
    07:23:03.0102 0x09ac [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    07:23:03.0104 0x09ac uagp35 - ok
    07:23:03.0154 0x09ac [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    07:23:03.0162 0x09ac udfs - ok
    07:23:03.0181 0x09ac [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
    07:23:03.0184 0x09ac UI0Detect - ok
    07:23:03.0237 0x09ac [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    07:23:03.0239 0x09ac uliagpkx - ok
    07:23:03.0272 0x09ac [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    07:23:03.0274 0x09ac umbus - ok
    07:23:03.0289 0x09ac [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    07:23:03.0290 0x09ac UmPass - ok
    07:23:03.0333 0x09ac [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
    07:23:03.0339 0x09ac UmRdpService - ok
    07:23:03.0467 0x09ac [ 86DEAC5CED845D55C63B125E0908685E, E9AC1AFFEEB657F16E3F2115C53B919FD43C917B1EDE97AFA0E18C02A8ACB2DD ] UNS C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    07:23:03.0510 0x09ac UNS - ok
    07:23:03.0541 0x09ac [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
    07:23:03.0550 0x09ac upnphost - ok
    07:23:03.0603 0x09ac [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    07:23:03.0606 0x09ac usbaudio - ok
    07:23:03.0645 0x09ac [ 91D3C92A44FC682DD791147604E79152, AA0B6799BF9C26C2C1793C91295288A4989AA43EC5E070B650DA7F0A142817CE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    07:23:03.0648 0x09ac usbccgp - ok
    07:23:03.0671 0x09ac [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
    07:23:03.0674 0x09ac usbcir - ok
    07:23:03.0714 0x09ac [ F7FFDF2A1D19A76A87759126B244C816, C91F09D77E22D976952A46F7B93F611B719EDAF694D538242FA8FAF1BA9BB2F0 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    07:23:03.0716 0x09ac usbehci - ok
    07:23:03.0769 0x09ac [ 245FE7FC634D6A993E682E0A9EBA4ABB, F7A536D215EE3A63358EC8B5946D7BB3B56357BF91347B07013E00DAC98775B6 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    07:23:03.0777 0x09ac usbhub - ok
    07:23:03.0819 0x09ac [ C1A8966E0D09BFB501045105B30D86F2, 5BB95FBA441B898E258A3BFE174FC1042A04C19E25C59DE1FD90594290B11DA9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    07:23:03.0821 0x09ac usbohci - ok
    07:23:03.0843 0x09ac [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    07:23:03.0845 0x09ac usbprint - ok
    07:23:03.0890 0x09ac [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    07:23:03.0892 0x09ac USBSTOR - ok
    07:23:03.0902 0x09ac [ 2E682DCE4319A90E02A327F8A427544A, 3528C5A4669BAD53041085C3E72C64388D308E42AD9D1FAC85B6F2FFD81610FB ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    07:23:03.0904 0x09ac usbuhci - ok
    07:23:03.0943 0x09ac [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    07:23:03.0947 0x09ac usbvideo - ok
    07:23:03.0983 0x09ac [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
    07:23:03.0986 0x09ac UxSms - ok
    07:23:03.0994 0x09ac [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe
    07:23:03.0996 0x09ac VaultSvc - ok
    07:23:04.0011 0x09ac [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    07:23:04.0012 0x09ac vdrvroot - ok
    07:23:04.0072 0x09ac [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
    07:23:04.0084 0x09ac vds - ok
    07:23:04.0121 0x09ac [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    07:23:04.0123 0x09ac vga - ok
    07:23:04.0135 0x09ac [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
    07:23:04.0136 0x09ac VgaSave - ok
    07:23:04.0181 0x09ac [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    07:23:04.0186 0x09ac vhdmp - ok
    07:23:04.0229 0x09ac [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
    07:23:04.0230 0x09ac viaide - ok
    07:23:04.0250 0x09ac [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
    07:23:04.0255 0x09ac vmbus - ok
    07:23:04.0268 0x09ac [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    07:23:04.0270 0x09ac VMBusHID - ok
    07:23:04.0285 0x09ac [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    07:23:04.0287 0x09ac volmgr - ok
    07:23:04.0341 0x09ac [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    07:23:04.0349 0x09ac volmgrx - ok
    07:23:04.0370 0x09ac [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
    07:23:04.0376 0x09ac volsnap - ok
    07:23:04.0413 0x09ac [ B4A73CA4EF9A02B9738CEA9AD5FE5917, B6A8086189FE2F1C3FE5B3F484FBA3DB2E5E1836F3154D30090F136C27D16166 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
    07:23:04.0416 0x09ac vpcbus - ok
    07:23:04.0455 0x09ac [ E675FB2B48C54F09895482E2253B289C, 68BBFBF2356C849722E429CA753CC309A3CCE8CF00EBDBBD2695ECD292324DF2 ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
    07:23:04.0457 0x09ac vpcnfltr - ok
    07:23:04.0472 0x09ac [ 5FB42082B0D19A0268705F1DD343DF20, 62F8EEE6A507CE6A8BD638020118D71B78332F79BA82654AB702AE46B04767D9 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
    07:23:04.0474 0x09ac vpcusb - ok
    07:23:04.0549 0x09ac [ 207B6539799CC1C112661A9B620DD233, 6B915CC7F77C867516D94865D7BF2E5C815402EF0A4488C3EB2FEF7CFA6C98F6 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
    07:23:04.0555 0x09ac vpcvmm - ok
    07:23:04.0608 0x09ac [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    07:23:04.0612 0x09ac vsmraid - ok
    07:23:04.0740 0x09ac [ CA64A8838B4674D14BDF88ABA2F253EA, 05A44396FB7AC8BC4D45BB5C4E522FCFECC64C60828F2F36E5EB716507DE4245 ] VSPerfDrv100 c:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
    07:23:04.0744 0x09ac VSPerfDrv100 - ok
    07:23:04.0845 0x09ac [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
    07:23:04.0880 0x09ac VSS - ok
    07:23:04.0901 0x09ac [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    07:23:04.0902 0x09ac vwifibus - ok
    07:23:04.0926 0x09ac [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    07:23:04.0928 0x09ac vwififlt - ok
    07:23:04.0949 0x09ac [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    07:23:04.0950 0x09ac vwifimp - ok
    07:23:04.0983 0x09ac [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
    07:23:04.0993 0x09ac W32Time - ok
    07:23:05.0075 0x09ac [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
    07:23:05.0095 0x09ac W3SVC - ok
    07:23:05.0121 0x09ac [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    07:23:05.0122 0x09ac WacomPen - ok
    07:23:05.0179 0x09ac [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    07:23:05.0181 0x09ac WANARP - ok
    07:23:05.0186 0x09ac [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    07:23:05.0188 0x09ac Wanarpv6 - ok
    07:23:05.0213 0x09ac [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
    07:23:05.0221 0x09ac WAS - ok
    07:23:05.0283 0x09ac [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    07:23:05.0309 0x09ac WatAdminSvc - ok
    07:23:05.0392 0x09ac [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
    07:23:05.0425 0x09ac wbengine - ok
    07:23:05.0454 0x09ac [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    07:23:05.0460 0x09ac WbioSrvc - ok
    07:23:05.0512 0x09ac [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    07:23:05.0522 0x09ac wcncsvc - ok
    07:23:05.0531 0x09ac [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    07:23:05.0534 0x09ac WcsPlugInService - ok
    07:23:05.0549 0x09ac [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
    07:23:05.0551 0x09ac Wd - ok
    07:23:05.0611 0x09ac [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    07:23:05.0628 0x09ac Wdf01000 - ok
    07:23:05.0645 0x09ac [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
    07:23:05.0649 0x09ac WdiServiceHost - ok
    07:23:05.0653 0x09ac [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
    07:23:05.0656 0x09ac WdiSystemHost - ok
    07:23:05.0712 0x09ac [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
    07:23:05.0719 0x09ac WebClient - ok
    07:23:05.0744 0x09ac [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
    07:23:05.0751 0x09ac Wecsvc - ok
    07:23:05.0766 0x09ac [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    07:23:05.0769 0x09ac wercplsupport - ok
    07:23:05.0791 0x09ac [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
    07:23:05.0794 0x09ac WerSvc - ok
    07:23:05.0819 0x09ac [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    07:23:05.0820 0x09ac WfpLwf - ok
    07:23:05.0832 0x09ac [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    07:23:05.0834 0x09ac WIMMount - ok
    07:23:05.0894 0x09ac [ 7387CE6730BAAB8254DA0CE3776A4B28, 75397B2965350A8BB571F2DDD61869FD9A92481E4777922FA11ADCAC03D652EB ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
    07:23:05.0936 0x09ac winachsf - ok
    07:23:05.0966 0x09ac WinDefend - ok
    07:23:05.0980 0x09ac WinHttpAutoProxySvc - ok
    07:23:06.0023 0x09ac [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    07:23:06.0038 0x09ac Winmgmt - ok
    07:23:06.0127 0x09ac [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
    07:23:06.0170 0x09ac WinRM - ok
    07:23:06.0237 0x09ac [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    07:23:06.0238 0x09ac WinUsb - ok
    07:23:06.0283 0x09ac [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
    07:23:06.0302 0x09ac Wlansvc - ok
    07:23:06.0451 0x09ac [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    07:23:06.0499 0x09ac wlidsvc - ok
    07:23:06.0565 0x09ac WMCoreService - ok
    07:23:06.0608 0x09ac [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    07:23:06.0608 0x09ac WmiAcpi - ok
    07:23:06.0637 0x09ac [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    07:23:06.0653 0x09ac wmiApSrv - ok
    07:23:06.0708 0x09ac WMPNetworkSvc - ok
    07:23:06.0749 0x09ac [ B5BD872122A2CE82D196ABF2D5D8D80A, 06FD527BA98261905DF6C1D752843DE45987D776EAA075EBBFCFCA4652D6664A ] WMSVC C:\Windows\system32\inetsrv\wmsvc.exe
    07:23:06.0785 0x09ac WMSVC - ok
    07:23:06.0817 0x09ac [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
    07:23:06.0820 0x09ac WPCSvc - ok
    07:23:06.0868 0x09ac [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    07:23:06.0872 0x09ac WPDBusEnum - ok
    07:23:06.0892 0x09ac [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    07:23:06.0893 0x09ac ws2ifsl - ok
    07:23:06.0905 0x09ac [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
    07:23:06.0909 0x09ac wscsvc - ok
    07:23:06.0912 0x09ac WSearch - ok
    07:23:07.0016 0x09ac [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
    07:23:07.0068 0x09ac wuauserv - ok
    07:23:07.0117 0x09ac [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    07:23:07.0119 0x09ac WudfPf - ok
    07:23:07.0142 0x09ac [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    07:23:07.0147 0x09ac WUDFRd - ok
    07:23:07.0188 0x09ac [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    07:23:07.0191 0x09ac wudfsvc - ok
    07:23:07.0239 0x09ac [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
    07:23:07.0245 0x09ac WwanSvc - ok
    07:23:07.0291 0x09ac [ AA0A3A08A501237CD5BC4CFBFB64B3D6, BA0250A3FA5DC3FD9D72AF5B48E0F6610E6C0CDE7DE0D544A27F5E9EFC6343DA ] WwanUsbServ C:\Windows\system32\DRIVERS\WwanUsbMp64.sys
    07:23:07.0307 0x09ac WwanUsbServ - ok
    07:23:07.0395 0x09ac [ 3D47152CFBE400B1D2B9945164E0255D, E425BE0D9F0E5502ED1AA1399C65D791E3DA9F5696195C5DC51F1811659F7230 ] WysePocketCloud C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
    07:23:07.0419 0x09ac WysePocketCloud - ok
    07:23:07.0451 0x09ac [ 9907BC1CC78C37073AC78A4541710B61, 4340CCD4C23E94DEC970D36EEF0B4EEBAF1C2D41EB3302CFBF6BCD02482B399C ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
    07:23:07.0452 0x09ac XAudio - ok
    07:23:07.0471 0x09ac ================ Scan global ===============================
    07:23:07.0502 0x09ac [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
    07:23:07.0549 0x09ac [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
    07:23:07.0561 0x09ac [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
    07:23:07.0590 0x09ac [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
    07:23:07.0614 0x09ac [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
    07:23:07.0622 0x09ac [ Global ] - ok
    07:23:07.0622 0x09ac ================ Scan MBR ==================================
    07:23:07.0633 0x09ac [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    07:23:07.0806 0x09ac \Device\Harddisk0\DR0 - ok
    07:23:07.0807 0x09ac ================ Scan VBR ==================================
    07:23:07.0809 0x09ac [ CC701850C42F280569359D78426D370A ] \Device\Harddisk0\DR0\Partition1
    07:23:07.0810 0x09ac \Device\Harddisk0\DR0\Partition1 - ok
    07:23:07.0814 0x09ac [ 93F9E4D99CCF94E86A53131E538CB585 ] \Device\Harddisk0\DR0\Partition2
    07:23:07.0815 0x09ac \Device\Harddisk0\DR0\Partition2 - ok
    07:23:07.0828 0x09ac AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )
    07:23:07.0831 0x09ac Win FW state via NFP2: enabled
    07:23:07.0832 0x09ac ============================================================
    07:23:07.0832 0x09ac Scan finished
    07:23:07.0832 0x09ac ============================================================
    07:23:07.0838 0x1064 Detected object count: 0
    07:23:07.0838 0x1064 Actual detected object count: 0
    07:23:40.0689 0x0318 Deinitialize success
     
  12. rondev

    rondev Thread Starter

    Joined:
    Aug 14, 2005
    Messages:
    29
    Hi Askey172,

    I've been doing some research on my own (I haven't run any other scans or deleted anything other than per your instructions) and I think I may have found more detail on the problem. This website:

    http://www.virusradar.com/en/Win32_Wowlik.A/description

    matches what seems to be on my machine. Here are the reasons for this conclusion:

    1. The dll that MSE found and deleted was wow.dll
    .
    2. The registry key "fbeb8a05-beee-4442-804e-409d6c4515e9" is present on my machine in multiple places

    3. As I mentioned in my earlier posts, the process that was trying to make the ton of http requests was "explorer.exe"

    4. When I connect to the internet, I notice 1-4% network utilization, even when I'm not doing anything. From monitoring the network through task manager, I can tell that as soon as I connect svchost.exe is responsible for the network traffic.

    All of this seems to be consistent with what is listed on this page.

    I hope this helps you direct me on how to remove this nasty malware.

    As always, I really appreciate all of your help.
     
  13. rondev

    rondev Thread Starter

    Joined:
    Aug 14, 2005
    Messages:
    29
    Just wanted to correct something from my last post. In item 2, I mentioned that the registry key "fbeb8a05-beee-4442-804e-409d6c4515e9" is present in multiple places. It turns out that that key should normally be there in any standard Windows installation. The "virusradar.com" site that I referenced earlier mentioned that the malware changes this value:

    [HKEY_CURRENT_USER\*Software\*Classes\*CLSID\*{fbeb8a05-beee-4442-804e-409d6c4515e9}]

    to the following:

    "InProcServer32" = "%temp%\*%variable1%\*%variable2%\*wow.dll"

    On my machine, the value has NOT been altered, and it correctly refers to

    %SystemRoot%\system32\shell32.dll

    I say correctly since I compared that entry to what I have on a clean machine, and the value is fine. So the bottom line is that you can ignore the point I made about that registry key, since as far as I can tell, no changes were made to any entries involving that guid.

    I also discovered the source of the two urls to which the malware was making http requests. There is a config file that has references to f5f5dc.com and ffeed5.com (see my earlier posts). It was in the same location where the Microsoft Antimalware found and removed the wow.dll.

    Just to clarify my current situation, the machine is actually running fine. No popups or detectable slowness. My biggest concern is what I mentioned in my last post: when I'm connected to the network, I see network activity even if I'm not doing anything. Checking fiddler while this activity is happening, I don't see any http requests, but I'm still concerned that something might be being transmitted on the network. I'm wondering if there's some way to tell whether that activity is normal or whether it's due to the malware?
     
  14. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,502
    Rondev,
    Your machine may actually be fine now.
    The reason I asked for the TDSSKiller log is that often that infection will corrupt one or more of the system files.
    TDSSK checks the Hashes to be sure they are OK.
    Let's check the connection routing:
    ----------------------------------------------------
    Check your Connection Routing:
    Please highlight, copy (Ctrl+C) and paste (Ctrl+V) the text inside the quote into a new Notepad document.
    Save it on your Desktop as file type "All Files" (NOT as "Text Documents"), and name it findip.bat
    Close Notepad.
    Right Click Findip.bat on your Desktop, and choose "Run as administrator".
    A window may flash open and close. This is normal.
    -----------------------------------
    Now go to Start, Computer and double-click on C:\ drive.
    Find a file on the C: drive named ip.txt
    Right click the file and choose Edit
    You should see Notepad popup with a few lines of information in it.
    Please Copy the contents and paste back in a reply here.

    You mentioned a config file with those entries. Can you remember where it is?
    askey127
     
  15. rondev

    rondev Thread Starter

    Joined:
    Aug 14, 2005
    Messages:
    29
    Hi Askey127,

    I'm pretty sure you're right, my machine is fine now, at least in terms of it not having the Trojan installed (there may still be other malware there). Last night I recalled something that happened right after I first got hit with the malware. My machine rebooted twice automatically (which I'm sure was from the malware), and after the second reboot, a UAC dialog popped up asking me if I wanted to allow "sysprep" to make changes to the computer. I of course said "no".

    Recalling this incident, I spent some time researching sysprep and trojans, and found this fascinating article:

    https://blog.avast.com/2014/01/22/w...lthiness-techniques-in-64-bit-windows-part-2/

    which mentions how malware is able to install a Trojan, bypassing UAC. I'm fairly certain that the malware that I have used exactly the same technique, since sure enough, there's a dll named "cryptbase.dll" in my "c:\windows\system32\sysprep" directory, which is he exact dll name mentioned in the article. The file modification date on the "cryptbase.dll" is the date and time when I first noticed the malware. What appears to have saved me is that the authors of this malware didn't quite get the bypass right, as the article states:

    "If an attempt to bypass UAC via the above mentioned methods are not successful, users may encounter (depending on UAC settings) one or more dialogs as displayed in figures below"

    The UAC dialog did come up for the run of "sysprep", and thankfully, I said "no" to allowing it to make changes to my computer. So the above would seem to explain why TDSKiller didn't show anything, and GMER didn't indicate a rootkit.

    In addition, I made sure to kill my wireless connection as soon as I noticed, in fiddler, the requests to the two websites that I mentioned earlier (ffeed5.com and f5f5dc.com) which came from the ini file. I'm sure saved me from getting even more malware. However, since some malware did get on the machine initially, I know we still have a bit more work to do to make sure it's clean.

    I'll get you the path and exact contents of that ini file and the ipconfig results in my next post, which should be in the next couple of hours when I have a chance to get back on that machine.

    I thought you might like to know this info for now, however...
     
  16. rondev

    rondev Thread Starter

    Joined:
    Aug 14, 2005
    Messages:
    29
    Hi Askey127,

    Here are the results of running ipconfig /all. I wasn't sure if you wanted me to run it connected to the network or disconnected from it, so I'm including both here. Here's the result while connected:

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : sumida-PC
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : hil-chiphhh.chi.wayport.net

    Mobile Broadband adapter Mobile Broadband Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : F3507g Mobile Broadband Driver
    Physical Address. . . . . . . . . : 02-80-37-EC-02-00
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Wireless LAN adapter Wireless Network Connection 2:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
    Physical Address. . . . . . . . . : 00-21-6A-57-A0-37
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter Bluetooth Network Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
    Physical Address. . . . . . . . . : 00-25-56-CE-7A-4F
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Wireless LAN adapter Wireless Network Connection:

    Connection-specific DNS Suffix . : hil-chiphhh.chi.wayport.net
    Description . . . . . . . . . . . : Intel(R) WiFi Link 5300 AGN
    Physical Address. . . . . . . . . : 00-21-6A-57-A0-36
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::61a3:2921:2084:e3de%11(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.19.197(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Monday, March 24, 2014 10:12:28 AM
    Lease Expires . . . . . . . . . . : Monday, March 24, 2014 11:12:28 AM
    Default Gateway . . . . . . . . . : 192.168.19.1
    DHCP Server . . . . . . . . . . . : 192.168.19.1
    DHCPv6 IAID . . . . . . . . . . . : 218112362
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-7B-7F-BE-00-24-7E-6D-9C-BC
    DNS Servers . . . . . . . . . . . : 192.168.19.1
    64.134.255.2
    64.134.255.10
    Primary WINS Server . . . . . . . : 192.168.19.1
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Local Area Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . : Classroom
    Description . . . . . . . . . . . : Intel(R) 82567LM Gigabit Network Connection
    Physical Address. . . . . . . . . : 00-24-7E-6D-9C-BC
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 11:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:281c:26bb:3f57:ec3a(Preferred)
    Link-local IPv6 Address . . . . . : fe80::281c:26bb:3f57:ec3a%19(Preferred)
    Default Gateway . . . . . . . . . : ::
    DHCPv6 IAID . . . . . . . . . . . : 318767104
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-7B-7F-BE-00-24-7E-6D-9C-BC
    NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter isatap.{8CC7AE48-3ED5-4C1D-A993-2CDB21466410}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{A57B7498-35B3-41EE-BFE5-A2C52019B762}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.Classroom:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{9EB4A9F5-517E-467C-AF34-BA73DA95ABA1}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{9AB9B6F9-8ABB-4DCE-8B05-D0C57A22C691}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    connected:

    --------------------------------------------------------------------------------------------------------------------------------
    Here's the result while disconnected:


    Windows IP Configuration

    Host Name . . . . . . . . . . . . : sumida-PC
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Mobile Broadband adapter Mobile Broadband Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : F3507g Mobile Broadband Driver
    Physical Address. . . . . . . . . : 02-80-37-EC-02-00
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Wireless LAN adapter Wireless Network Connection 2:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
    Physical Address. . . . . . . . . : 00-21-6A-57-A0-37
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter Bluetooth Network Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
    Physical Address. . . . . . . . . : 00-25-56-CE-7A-4F
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Wireless LAN adapter Wireless Network Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) WiFi Link 5300 AGN
    Physical Address. . . . . . . . . : 00-21-6A-57-A0-36
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter Local Area Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . : Classroom
    Description . . . . . . . . . . . : Intel(R) 82567LM Gigabit Network Connection
    Physical Address. . . . . . . . . : 00-24-7E-6D-9C-BC
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 11:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{A57B7498-35B3-41EE-BFE5-A2C52019B762}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{8CC7AE48-3ED5-4C1D-A993-2CDB21466410}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.Classroom:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{9EB4A9F5-517E-467C-AF34-BA73DA95ABA1}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{9AB9B6F9-8ABB-4DCE-8B05-D0C57A22C691}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
     
  17. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1122450