Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer acting screwy (win. 7, 32 bit)

Started by gabybaby , Sep 15 2011 03:35 PM

  • This topic is locked This topic is locked

#1
gabybaby
Posted 15 September 2011 - 03:35 PM

gabybaby

    Member

  • Member
  • PipPip
  • 62 posts
Dear G2G,

My computer started acting strange the other day. It was continually filling the recycle bin with versions of a .pdf file I had created the day before. It would create almost one of these files per second. The recycle bin would fill up with these files and the system would slow down - both from the cpu being slammed with making all these files, and from the recycle bin's size leaving me w/o much ram. I deleted the file in my directory - the one that seemed to be replicated over and over in the recycle bin, and the problem went away.

But today so far I've gotten two blue-screens, once when I was doing nothing and the other time when I was saving a file to disk.

Here is my OTL log:

----------------------------------------

OTL logfile created on: 9/15/2011 2:19:52 PM - Run 5
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Gabriel\Desktop
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.46 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 19.48% Memory free
4.92 Gb Paging File | 2.97 Gb Available in Paging File | 60.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.15 Gb Total Space | 49.75 Gb Free Space | 17.32% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.04 Gb Free Space | 31.14% Space Free | Partition Type: NTFS

Computer Name: GABRIEL-W500 | User Name: Gabriel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Gabriel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc.)
PRC - C:\Program Files\MediaMall\PlayOn.exe (MediaMall Technologies, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CrashPlan\CrashPlanService.exe (CrashPlan)
PRC - C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe (Kaspersky Lab)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
PRC - C:\Windows\System32\DTS.exe ()
PRC - C:\Windows\System32\AtService.exe (AuthenTec, Inc.)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\RotateImage\RCIMGDIR.exe (Ricoh co.,Ltd.)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Windows\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Steam\bin\libcef.dll ()
MOD - C:\Program Files\Steam\bin\avcodec-52.dll ()
MOD - C:\Program Files\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files\Steam\bin\avformat-52.dll ()
MOD - C:\Program Files\Steam\bin\avutil-50.dll ()
MOD - C:\Program Files\Mozilla Firefox\js3250.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\86a2ec5efbcfcd1105475364d7975b15\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\IZArc\IZArcCM.dll ()
MOD - C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL ()
MOD - C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (MediaMall Server) -- C:\Program Files\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc.)
SRV - (CrashPlanService) -- C:\Program Files\CrashPlan\CrashPlanService.exe (CrashPlan)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (LMS) Intel® -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
SRV - (dtsvc) -- C:\Windows\System32\DTS.exe ()
SRV - (ADMonitor) -- C:\Windows\System32\ADMonitor.exe ()
SRV - (ATService) -- C:\Windows\System32\AtService.exe (AuthenTec, Inc.)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (UNS) Intel® -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (UnsignedThemes) -- C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC)
SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (mi-raysat_3dsmax2010_32) -- C:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()
SRV - (Autodesk Network Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe (Autodesk, Inc.)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (PCDSRVC{3037D694-FD904ACA-06020101}_0) -- c:\Program Files\PC-Doctor\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (e1yexpress) Intel® -- C:\Windows\System32\drivers\e1y6232.sys (Intel Corporation)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (msvad_simple) -- C:\Windows\System32\drivers\povrtdev.sys (MediaMall Technologies, Inc.)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (intelkmd) -- C:\Windows\System32\drivers\igdpmd32.sys (Intel Corporation)
DRV - (NETw5s32) Intel® -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (uxpatch) -- C:\Windows\System32\drivers\uxpatch.sys ()
DRV - (5U875UVC) -- C:\Windows\System32\drivers\5U875.sys (Ricoh co.,Ltd.)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (iaNvStor) Intel® -- C:\Windows\system32\DRIVERS\iaNvStor.sys (Intel Corporation)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (HECI) Intel® -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\Windows\System32\drivers\vcsvad.sys (Avnex)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.30
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/08 12:04:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/08 12:04:39 | 000,000,000 | ---D | M]

[2010/02/04 16:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabriel\AppData\Roaming\Mozilla\Extensions
[2011/09/14 19:29:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\61ra9znk.default\extensions
[2010/08/20 14:04:34 | 000,000,000 | ---D | M] ("BitDefender QuickScan") -- C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\61ra9znk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/06/22 09:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/09 10:42:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/04/18 12:07:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/02 14:51:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 11:14:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/13 09:29:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/17 22:01:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/22 09:40:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/02/06 10:47:55 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/08/28 09:07:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - HKCU..\Run: [PlayOn] C:\Program Files\MediaMall\PlayOn.exe (MediaMall Technologies, Inc.)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Windows Live Sync] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" /background File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://navigatela.la...ad/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.c...rt/IbmEgath.cab (IBM Access Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72C32C4B-597A-4FC1-8E49-96AA5E393656}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{739DBB35-D90A-4942-9415-A42119EFECEC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) -C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/15 14:18:39 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\Gabriel\Desktop\OTL.exe
[2011/09/15 08:32:42 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{AD12E913-5EAE-4DB4-AE68-0E2152CD7A47}
[2011/09/15 08:32:20 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{556A9F47-F112-430F-8F16-CF26B9F313FC}
[2011/09/14 20:31:51 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{0B967661-87D8-499F-8DEC-5567E4C104E1}
[2011/09/14 20:31:29 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{FC3B6228-F453-488D-BD81-05211A33FCB4}
[2011/09/14 08:30:47 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{82253016-143E-45D7-B261-9954210E32D1}
[2011/09/14 08:30:25 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{0DEA37AA-613A-4626-8B7F-326BEB193681}
[2011/09/13 16:38:28 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{BC316BD0-99C7-4682-A322-03A440D41DB0}
[2011/09/13 16:37:55 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{4AEA0655-3310-4C51-8415-0EC4FDD8B5C1}
[2011/09/13 00:12:27 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{B35AFC48-3DA5-4B0F-A19C-B6429BC92CCA}
[2011/09/13 00:12:05 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{034E6575-341A-4E84-809B-81D4B6662484}
[2011/09/12 12:11:37 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{FD60C494-3373-42DA-A8EF-7EF274469992}
[2011/09/12 12:11:14 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{F0BE7467-DE4C-47B9-B730-1BFA041946C1}
[2011/09/12 00:10:45 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{2AF9F219-AD2E-4615-A443-87A0591CD360}
[2011/09/11 12:10:07 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{5AEB428A-9606-4F43-82AC-42445F49386F}
[2011/09/11 00:08:43 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{461B91E4-2C6C-438D-B889-1BB2C3225B58}
[2011/09/11 00:08:21 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{960AA049-9C81-4DBF-B00C-EF426494F0D1}
[2011/09/10 12:07:52 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{30EADEF7-8C01-4DF5-911A-11BEBF94AAF5}
[2011/09/10 12:07:30 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{1F78526D-7246-4822-BE45-1E6550F9D448}
[2011/09/10 00:07:02 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{7FF9F591-713D-4C50-80C5-ADB7926D37A1}
[2011/09/09 12:06:23 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{3F047A88-90BD-47BB-A215-D88E9CE0E4CC}
[2011/09/09 12:06:00 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{F70B818E-51E7-4D8C-9B5C-8ACF1FFA9606}
[2011/09/09 00:05:31 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{361ADB9B-CF31-4466-AF7D-F7928747AC75}
[2011/09/08 12:03:42 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{B72BC340-EE7E-4728-92EA-AE0DE58F888A}
[2011/09/08 12:03:22 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{3F99DE22-BBFE-4E66-96C5-C85882DBEB0A}
[2011/09/07 23:55:28 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{04EC72D2-C203-429D-A85E-117A919DD1D3}
[2011/09/07 11:54:49 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{35365413-30EB-4B81-887A-E1AC2CEB6F4D}
[2011/09/07 11:54:27 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{D7A95126-A248-480A-B4F6-B6A2F89F6A2A}
[2011/09/06 23:53:58 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{A5D71AFD-192A-494E-85B1-4A88B45B44AD}
[2011/09/06 23:53:35 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{3E26A962-0228-49D5-8C85-A972E2E9B3D0}
[2011/09/06 11:53:06 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{73CD4A81-8323-4D47-BAA7-5B0FC600713F}
[2011/09/06 11:52:43 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{91D23E2A-4275-40E9-B7C7-FEF410BFFC16}
[2011/09/05 23:52:04 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{70EC5E09-8A4A-4C69-81BD-86C571D5E49E}
[2011/09/05 23:51:38 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{F5208900-B115-4505-BFBF-3594BFBC05CE}
[2011/09/05 11:50:47 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{FC4946F4-2CCF-4A35-B3A9-38AFF481EE9C}
[2011/09/05 11:50:23 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{D288FF03-DE40-46C7-9FDC-53E586D877A3}
[2011/09/04 23:49:54 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{E89E54BB-2B5E-4D8E-B3FA-ACD8644E7D3C}
[2011/09/04 11:48:57 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{D24469A7-870C-49A2-B580-642C4D901A8C}
[2011/09/04 11:48:31 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{4F0F4CD5-CD36-495F-A7F0-865C91297D9B}
[2011/09/03 22:54:23 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{1855F0F5-1F96-4561-81C1-FCF4AFAB6835}
[2011/09/03 10:53:46 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{3D279FA7-D71A-480A-9B45-FF5784A0C575}
[2011/09/03 10:53:24 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{EF0A3744-CDA4-4667-9B1C-45BEC1177EB0}
[2011/09/02 18:36:53 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{3B180E4A-4D2F-4653-91B9-07D745E5DC1B}
[2011/09/02 18:36:30 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{4F97D301-5F9E-42FB-B04A-490CC3EC7740}
[2011/09/02 06:35:10 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{0B18CDF5-7131-4C01-84DE-D5D6FD693B41}
[2011/09/02 06:34:48 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{548900A1-CDBA-4F1B-B00D-0CB4E8F3D074}
[2011/09/01 18:34:09 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{CDF6F05E-844F-4B3D-8A9A-580D369341AB}
[2011/09/01 18:33:57 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{1C1F8EEF-91B5-4F87-85C0-64A983055713}
[2011/09/01 17:08:24 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/09/01 16:52:53 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{D2ACDF30-6F38-47F7-A405-4E98E03693AE}
[2011/09/01 16:52:35 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{E40E6746-90FD-4790-B0BE-1A243393218B}
[2011/08/31 20:54:04 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{78DEE4F5-8923-4113-AF8F-BFC4A8640621}
[2011/08/31 20:53:36 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{B682973C-31F0-4079-A8E3-2E31C305AB73}
[2011/08/31 20:44:40 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{536A6663-41B3-4EA1-B267-2C5E87867280}
[2011/08/31 20:44:18 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{8E6C1069-4747-47A2-8BC5-BA3CFDE44343}
[2011/08/31 11:57:07 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{5AB1AAFF-84A4-40DF-86C8-25721381242A}
[2011/08/31 11:56:14 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{3755D724-0DC6-4ABB-ABF0-4C39F3320D00}
[2011/08/31 08:57:02 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{79B02E6E-E9F4-4A01-ADAB-F0953763883D}
[2011/08/31 08:56:43 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{4EE68900-CF08-47DF-B77B-0A041517B43F}
[2011/08/30 09:58:30 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{92DA4C6A-1615-4806-8DC9-EB26C71ED664}
[2011/08/30 09:57:50 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{87A0EFD0-9CD6-476E-B79B-300AD0E8AD06}
[2011/08/29 09:18:47 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{8A14606C-F76A-4D66-A8CA-84CC89878191}
[2011/08/29 09:18:14 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{495BF466-230B-4FC0-BE11-EF3A1D990034}
[2011/08/28 23:07:01 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{C713275A-5383-45A5-8C16-74002A3D7279}
[2011/08/28 23:06:43 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{F9143A10-C1E8-40AF-93CE-074C2F9740F5}
[2011/08/28 11:30:34 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{DCF3FC9C-A0C8-4AFD-93A5-216728A45797}
[2011/08/28 11:30:22 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{41CEBE1E-37F8-4B7C-AE41-31C446C09282}
[2011/08/27 09:16:21 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{B2AC89D1-E2B9-41FF-96FE-9B60D6FE55A8}
[2011/08/27 09:15:52 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{10BF00EA-C51A-4EFC-AE45-BE01E5B3F4B6}
[2011/08/26 11:40:18 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{F9CE5760-BEED-44A7-A8DF-D07A7876DD78}
[2011/08/26 11:39:48 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{5B4007E6-74B1-4604-BE14-7FEEAB05D3CC}
[2011/08/25 11:20:41 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{C7307764-5CE4-484F-A256-385F35A06005}
[2011/08/25 11:20:12 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{C11364BC-EADC-46C2-A220-F626FAAC6D6E}
[2011/08/24 21:38:44 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{9D0991B5-3E4B-4B87-92DC-3766E9EB7472}
[2011/08/24 21:38:28 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{2E154C52-DBB5-4386-AA47-A79B49E87DD9}
[2011/08/24 12:42:18 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{66B87676-6487-4C54-8311-6D6150C850AF}
[2011/08/24 12:41:52 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{BF58BE51-D6BB-4B73-9811-32678F162A46}
[2011/08/24 09:00:49 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{31B19665-3109-4527-B2C2-86BCCB77FD13}
[2011/08/24 09:00:31 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{CE38C063-49FA-43C3-AB0D-F77E78ECB9B9}
[2011/08/23 08:51:20 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{0E73A0DE-3DFF-4010-B912-FF9D419125E8}
[2011/08/23 08:50:56 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{9562F813-4293-410E-907C-A45748E4690F}
[2011/08/22 18:06:23 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{CB7E7240-FC55-4DCB-85A7-A0A906E81496}
[2011/08/22 18:05:55 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{8D175CDA-73A1-4C47-8C57-9CF16C3519B9}
[2011/08/21 19:32:42 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{1705FE1A-8E9E-49A4-818A-38746653EF2C}
[2011/08/21 19:32:23 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{E695FEA1-C24E-4D6F-9DA6-78FBDA30B194}
[2011/08/20 03:04:48 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{80AB11C4-E9A7-4ADD-A1A0-9F5671AF4AE9}
[2011/08/20 03:04:20 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{F126E260-6611-49F6-A3ED-CC5013BAFFDA}
[2011/08/19 12:08:40 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{D814FEA6-91E9-4C81-BC2A-A065DEDF1955}
[2011/08/19 12:08:12 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{7A2C1592-5227-421C-959E-7F9EFF202965}
[2011/08/19 08:48:02 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{EAEADFDE-32DC-4D55-A0C6-2300371957B4}
[2011/08/19 08:47:47 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{BE2FDC3D-A8DB-42B1-BC55-CDC6CD87F16D}
[2011/08/18 09:30:04 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{0554D38F-3DAA-4CBC-95CF-3A6008AB9067}
[2011/08/18 09:29:42 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{CD123272-A4AF-4865-B13B-9E468B690148}
[2011/08/18 08:37:37 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{A50864C1-A9BB-40DC-AD0C-BD63E033E25E}
[2011/08/18 08:37:06 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{17A0787D-7330-418C-837A-47879C5B13EA}
[2011/08/17 21:03:19 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{C6BEC685-67B3-4D3D-AB68-AA055BD79C6D}
[2011/08/17 21:03:03 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{1373D496-BD7B-4E70-A171-4E2836A4FB6E}
[2011/08/17 12:56:28 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{645C3B2E-E0DE-4C72-A23D-3CB52A2B8752}
[2011/08/17 12:55:48 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{25D34919-C3BD-4EB6-B4F5-8DC34676E1CB}
[2011/08/17 09:27:26 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{52DE8134-BB83-4402-B006-259E714D8D74}
[2011/08/17 09:26:57 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{9B0494E3-67B7-4B2A-9069-7977E920AAB4}
[2011/08/16 19:10:52 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{809D4697-3C0F-4250-9012-1F54EEA25E29}
[2011/08/16 19:10:27 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{9AEA8609-3A1D-4AC9-A176-5CB0DAC2C62B}
[2011/08/16 15:58:59 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Roaming\ATI
[2011/08/16 15:58:59 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\ATI
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/15 14:18:41 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Gabriel\Desktop\OTL.exe
[2011/09/15 14:17:07 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/09/15 14:02:07 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/15 14:02:07 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/15 14:00:59 | 000,674,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/15 14:00:59 | 000,125,122 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/15 13:53:39 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/09/15 13:53:36 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/15 13:53:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/15 13:53:12 | 1981,816,832 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/15 13:34:16 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/15 13:03:08 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/09/15 12:30:12 | 367,691,540 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/12 10:35:14 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011/09/12 10:35:14 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011/09/03 11:30:27 | 000,002,297 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/15 13:53:39 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/09/15 12:30:12 | 367,691,540 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/03 18:04:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/03/30 12:25:55 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/02/22 21:47:12 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/09/24 16:13:17 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/30 21:58:43 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/08/27 15:52:26 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/27 15:52:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/27 15:52:26 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/27 15:52:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/27 15:52:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/20 12:44:43 | 000,007,619 | ---- | C] () -- C:\Users\Gabriel\AppData\Local\Resmon.ResmonCfg
[2010/04/18 13:11:31 | 000,870,128 | ---- | C] () -- C:\Users\Gabriel\AppData\Roaming\mcs.rma
[2010/04/18 13:11:31 | 000,000,004 | ---- | C] () -- C:\Users\Gabriel\AppData\Roaming\1A511F
[2010/03/15 08:12:58 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2010/03/14 09:49:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/14 09:39:33 | 000,000,883 | ---- | C] () -- C:\Windows\System32\SP7302.INI
[2010/02/01 05:56:50 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/01/29 12:13:17 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010/01/29 12:13:17 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/01/27 19:43:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/01/27 19:43:32 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/01/27 19:43:31 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/01/27 19:43:31 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010/01/27 19:43:31 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/01/27 19:43:31 | 000,000,542 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/01/27 19:43:30 | 000,197,655 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/09/09 20:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009/09/01 00:32:20 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DTS.exe
[2009/09/01 00:32:16 | 000,106,496 | ---- | C] () -- C:\Windows\System32\ADMonitor.exe
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 000,528,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,674,024 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,125,122 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 02:07:46 | 000,025,448 | ---- | C] () -- C:\Windows\System32\drivers\uxpatch.sys
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/04 16:51:10 | 000,000,542 | ---- | C] () -- C:\Windows\System32\atipblup.dat
[2006/09/28 15:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006/09/26 15:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

========== LOP Check ==========

[2011/08/02 01:29:22 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Autodesk
[2010/04/07 15:12:51 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Avnex
[2011/04/22 15:38:04 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\CrashPlan
[2010/05/11 13:31:18 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\EPSON
[2010/06/20 17:26:04 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\ooVoo Details
[2010/08/19 16:55:13 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\QuickScan
[2011/05/20 14:14:13 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Update
[2011/09/09 13:03:14 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\uTorrent
[2010/05/19 19:55:08 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\ZumoDrive
[2011/09/15 13:53:39 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/03/19 08:48:47 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/07/08 17:54:01 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/15 14:17:07 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >


---------------------------------

I hope I constructed this post correctly if not sorry - Any help would be greatly appreciated - thanks in advance! -GR
  • 0

Advertisements

#2
Render
Posted 15 September 2011 - 04:47 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

Please do the following:

Please download WhoCrashed 3.02 from here to your Desktop.
Install it and run it.
Click on Analyze button.
Select all (CTRL+A) and then copy (CTRL+C).
Paste (CTRL+V) contents of clipboard in your next reply.
  • 0

#3
gabybaby
Posted 15 September 2011 - 06:02 PM

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi Render,

Thanks for your response and your assistance.

Here is the WhoCrashed log:

-------------------------------------------


--------------------------------------------------------------------------------
Welcome to WhoCrashed HOME EDITION v 3.02
--------------------------------------------------------------------------------

This program checks for drivers which have been crashing your computer. If your computer has displayed a blue screen of death, suddenly rebooted or shut down then this program will help you find the root cause and possibly a solution.

Whenever a computer suddenly reboots without displaying any notice or blue screen of death, the first thing that is often thought about is a hardware failure. In reality, on Windows most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, many computers do not show a blue screen unless they are configured for this. Instead these systems suddenly reboot without any notice.

This program will analyze your crash dumps with the single click of a button. It will tell you what drivers are likely to be responsible for crashing your computer. If will report a conclusion which offers suggestions on how to proceed in any situation while the analysis report will display internet links which will help you further troubleshoot any detected problems.


To obtain technical support visit www.resplendence.com/support

Click here to check if you have the latest version or if an update is available.

Just click the Analyze button for a comprehensible report ...



--------------------------------------------------------------------------------
Home Edition Notice
--------------------------------------------------------------------------------

This version of WhoCrashed is free for use at home only. If you would like to use this software at work or in a commercial environment you should get the professional edition of WhoCrashed which also allows analysis of crashdumps on remote drives and computers on the network and offers a range of additional features.

Click here for more information on the professional edition.
Click here to buy the the professional edition of WhoCrashed.



--------------------------------------------------------------------------------
System Information (local)
--------------------------------------------------------------------------------

computer name: GABRIEL-W500
windows version: Windows 7 Service Pack 1, 6.1, build: 7601
windows dir: C:\Windows
CPU: GenuineIntel Intel® Core™2 Duo CPU T9900 @ 3.06GHz Intel586, level: 6
2 logical processors, active mask: 3
RAM: 2642423808 total
VM: 2147352576, free: 1995444224



--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.


On Thu 9/15/2011 7:10:49 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\091511-51480-01.dmp
This was probably caused by the following module: netio.sys (NETIO+0x36E1)
Bugcheck code: 0xA (0x45, 0x2, 0x0, 0xFFFFFFFF82E84536)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\netio.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Network I/O Subsystem
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.


On Thu 9/15/2011 7:10:49 PM GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: netio.sys (NETIO+0x36E1)
Bugcheck code: 0xA (0x45, 0x2, 0x0, 0xFFFFFFFF82E84536)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\netio.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Network I/O Subsystem
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.



--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

2 crash dumps have been found and analyzed.
Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.





------------------------------

Best regards, -GR
  • 0

#4
Render
Posted 15 September 2011 - 06:30 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please do the following:

Posted Image OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
netio.sys
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#5
gabybaby
Posted 15 September 2011 - 07:02 PM

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi Render,

Thanks again for your responses and for your assistance.

Here is the OTL log:


____________________________________________________



OTL logfile created on: 9/15/2011 5:48:51 PM - Run 6
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Gabriel\Desktop
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.46 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 35.80% Memory free
4.92 Gb Paging File | 3.02 Gb Available in Paging File | 61.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.15 Gb Total Space | 50.13 Gb Free Space | 17.46% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.04 Gb Free Space | 31.14% Space Free | Partition Type: NTFS

Computer Name: GABRIEL-W500 | User Name: Gabriel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/15 14:18:41 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Gabriel\Desktop\OTL.exe
PRC - [2011/09/15 13:02:34 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/09/15 13:02:32 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/09/09 10:21:10 | 000,411,432 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2011/08/04 14:34:50 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/08/04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/08/02 09:03:06 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011/06/23 21:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/05/27 11:04:31 | 004,407,152 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files\MediaMall\MediaMallServer.exe
PRC - [2011/05/27 11:03:15 | 000,053,248 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files\MediaMall\PlayOn.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/10 11:55:04 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
PRC - [2011/02/10 11:54:34 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/24 13:22:04 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/08/18 08:20:29 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2010/04/23 00:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010/01/13 15:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/09/28 00:27:20 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/09/24 23:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/09/21 16:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/09/21 16:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/09/13 22:14:28 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/09/01 00:32:20 | 000,098,304 | ---- | M] () -- C:\Windows\System32\DTS.exe
PRC - [2009/09/01 00:28:04 | 001,692,920 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe
PRC - [2009/08/28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/08/23 21:00:30 | 000,352,256 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/23 21:00:02 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/08/19 17:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/08/06 13:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/06 13:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/03 20:00:14 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/07/14 18:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/07/13 02:07:48 | 000,021,096 | ---- | M] (The Within Network, LLC) -- C:\Windows\UnsignedThemesSvc.exe
PRC - [2009/07/01 19:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
PRC - [2009/07/01 19:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2009/07/01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
PRC - [2009/05/27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/03/13 01:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/03/12 18:36:24 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
PRC - [2009/02/02 02:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/10/30 16:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- C:\Program Files\RotateImage\RCIMGDIR.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac7302\Monitor.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/09 10:21:05 | 014,407,976 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2011/09/09 10:20:58 | 000,914,216 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-52.dll
MOD - [2011/09/09 10:20:58 | 000,190,248 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2011/09/09 10:20:58 | 000,155,432 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-52.dll
MOD - [2011/09/09 10:20:58 | 000,091,432 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-50.dll
MOD - [2011/08/16 09:04:34 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\86a2ec5efbcfcd1105475364d7975b15\System.ServiceProcess.ni.dll
MOD - [2011/08/16 09:04:31 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/16 09:04:20 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/16 09:03:58 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/08/16 09:03:48 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2010/08/10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/09/04 08:19:30 | 000,644,096 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll
MOD - [2009/08/23 11:04:00 | 000,030,720 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2009/07/01 19:03:24 | 000,132,384 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2009/05/27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/09/15 13:02:32 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/09/09 10:21:10 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/07/29 17:40:40 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/27 11:04:31 | 004,407,152 | ---- | M] (MediaMall Technologies, Inc.) [Auto | Running] -- C:\Program Files\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2011/02/10 11:55:04 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2010/08/18 08:20:29 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2010/03/03 04:00:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/29 13:52:07 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/09/24 23:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/09/21 16:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/09/21 16:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/09/13 22:14:28 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2009/09/01 00:32:20 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\DTS.exe -- (dtsvc)
SRV - [2009/09/01 00:32:16 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/09/01 00:28:04 | 001,692,920 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2009/08/28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/08/23 21:00:02 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/08/23 11:04:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009/08/06 13:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/08/04 22:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/08/03 20:00:14 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/07/14 18:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 02:07:48 | 000,021,096 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009/07/03 02:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/07/01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/04/28 19:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009/03/12 18:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2008/06/05 23:41:12 | 001,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/09/15 13:03:04 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/12/13 14:55:54 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06020101}_0)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/12 05:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/04/14 02:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/04/07 23:04:04 | 000,223,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress) Intel®
DRV - [2010/01/29 13:23:32 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/01/27 20:01:19 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009/10/14 22:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/14 10:59:38 | 000,022,696 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2009/10/02 20:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/21 19:47:10 | 005,946,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd)
DRV - [2009/09/15 13:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel®
DRV - [2009/09/14 21:30:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/09/14 20:36:00 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/09/14 15:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/09/07 02:00:00 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/09/01 16:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/09/01 02:44:16 | 000,485,376 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/08/23 21:32:48 | 005,073,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/08/23 21:32:48 | 005,073,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2009/08/23 20:09:56 | 000,106,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/08/23 11:04:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009/07/21 22:56:22 | 000,459,264 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 16:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/13 02:07:46 | 000,025,448 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\uxpatch.sys -- (uxpatch)
DRV - [2009/07/07 23:12:52 | 000,072,320 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U875.sys -- (5U875UVC)
DRV - [2009/07/02 11:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009/07/01 02:05:10 | 000,232,472 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel®
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/29 14:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/06/29 14:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/06/22 20:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/04/28 19:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/12/26 12:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/05/12 02:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/01/15 10:17:12 | 000,458,496 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3248881932-903285841-3063169814-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-3248881932-903285841-3063169814-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKU\S-1-5-21-3248881932-903285841-3063169814-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3248881932-903285841-3063169814-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.30
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/08 12:04:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/08 12:04:39 | 000,000,000 | ---D | M]

[2010/02/04 16:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabriel\AppData\Roaming\Mozilla\Extensions
[2011/09/14 19:29:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\61ra9znk.default\extensions
[2010/08/20 14:04:34 | 000,000,000 | ---D | M] ("BitDefender QuickScan") -- C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\61ra9znk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/06/22 09:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/09 10:42:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/04/18 12:07:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/02 14:51:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 11:14:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/13 09:29:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/17 22:01:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/22 09:40:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/02/06 10:47:55 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/08/28 09:07:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3: - HKU\S-1-5-21-3248881932-903285841-3063169814-1003\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKU\S-1-5-21-3248881932-903285841-3063169814-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3: - HKU\S-1-5-21-3248881932-903285841-3063169814-1003\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKU\S-1-5-21-3248881932-903285841-3063169814-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-3248881932-903285841-3063169814-1003..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - HKU\S-1-5-21-3248881932-903285841-3063169814-1003..\Run: [PlayOn] C:\Program Files\MediaMall\PlayOn.exe (MediaMall Technologies, Inc.)
O4 - HKU\S-1-5-21-3248881932-903285841-3063169814-1003..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3248881932-903285841-3063169814-1003..\Run: [Windows Live Sync] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" /background File not found
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3248881932-903285841-3063169814-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3248881932-903285841-3063169814-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3248881932-903285841-3063169814-1003\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-3248881932-903285841-3063169814-1003\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://navigatela.la...ad/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.c...rt/IbmEgath.cab (IBM Access Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72C32C4B-597A-4FC1-8E49-96AA5E393656}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{739DBB35-D90A-4942-9415-A42119EFECEC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) -C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/15 16:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2011/09/15 16:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2011/09/15 16:57:30 | 001,553,920 | ---- | C] (Resplendence Software Projects Sp. ) -- C:\Users\Gabriel\Desktop\whocrashedSetup.exe
[2011/09/15 14:18:39 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\Gabriel\Desktop\OTL.exe
[2011/09/15 08:32:42 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{AD12E913-5EAE-4DB4-AE68-0E2152CD7A47}
[2011/09/15 08:32:20 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{556A9F47-F112-430F-8F16-CF26B9F313FC}
[2011/09/14 20:31:51 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{0B967661-87D8-499F-8DEC-5567E4C104E1}
[2011/09/14 20:31:29 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{FC3B6228-F453-488D-BD81-05211A33FCB4}
[2011/09/14 08:30:47 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{82253016-143E-45D7-B261-9954210E32D1}
[2011/09/14 08:30:25 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{0DEA37AA-613A-4626-8B7F-326BEB193681}
[2011/09/13 16:38:28 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{BC316BD0-99C7-4682-A322-03A440D41DB0}
[2011/09/13 16:37:55 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{4AEA0655-3310-4C51-8415-0EC4FDD8B5C1}
[2011/09/13 00:12:27 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{B35AFC48-3DA5-4B0F-A19C-B6429BC92CCA}
[2011/09/13 00:12:05 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{034E6575-341A-4E84-809B-81D4B6662484}
[2011/09/12 12:11:37 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{FD60C494-3373-42DA-A8EF-7EF274469992}
[2011/09/12 12:11:14 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{F0BE7467-DE4C-47B9-B730-1BFA041946C1}
[2011/09/12 00:10:45 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{2AF9F219-AD2E-4615-A443-87A0591CD360}
[2011/09/11 12:10:07 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{5AEB428A-9606-4F43-82AC-42445F49386F}
[2011/09/11 00:08:43 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{461B91E4-2C6C-438D-B889-1BB2C3225B58}
[2011/09/11 00:08:21 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{960AA049-9C81-4DBF-B00C-EF426494F0D1}
[2011/09/10 12:07:52 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{30EADEF7-8C01-4DF5-911A-11BEBF94AAF5}
[2011/09/10 12:07:30 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{1F78526D-7246-4822-BE45-1E6550F9D448}
[2011/09/10 00:07:02 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{7FF9F591-713D-4C50-80C5-ADB7926D37A1}
[2011/09/09 12:06:23 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{3F047A88-90BD-47BB-A215-D88E9CE0E4CC}
[2011/09/09 12:06:00 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{F70B818E-51E7-4D8C-9B5C-8ACF1FFA9606}
[2011/09/09 00:05:31 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{361ADB9B-CF31-4466-AF7D-F7928747AC75}
[2011/09/08 12:03:42 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{B72BC340-EE7E-4728-92EA-AE0DE58F888A}
[2011/09/08 12:03:22 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{3F99DE22-BBFE-4E66-96C5-C85882DBEB0A}
[2011/09/07 23:55:28 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{04EC72D2-C203-429D-A85E-117A919DD1D3}
[2011/09/07 11:54:49 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{35365413-30EB-4B81-887A-E1AC2CEB6F4D}
[2011/09/07 11:54:27 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{D7A95126-A248-480A-B4F6-B6A2F89F6A2A}
[2011/09/06 23:53:58 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{A5D71AFD-192A-494E-85B1-4A88B45B44AD}
[2011/09/06 23:53:35 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{3E26A962-0228-49D5-8C85-A972E2E9B3D0}
[2011/09/06 11:53:06 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{73CD4A81-8323-4D47-BAA7-5B0FC600713F}
[2011/09/06 11:52:43 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{91D23E2A-4275-40E9-B7C7-FEF410BFFC16}
[2011/09/05 23:52:04 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{70EC5E09-8A4A-4C69-81BD-86C571D5E49E}
[2011/09/05 23:51:38 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{F5208900-B115-4505-BFBF-3594BFBC05CE}
[2011/09/05 11:50:47 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{FC4946F4-2CCF-4A35-B3A9-38AFF481EE9C}
[2011/09/05 11:50:23 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{D288FF03-DE40-46C7-9FDC-53E586D877A3}
[2011/09/04 23:49:54 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{E89E54BB-2B5E-4D8E-B3FA-ACD8644E7D3C}
[2011/09/04 11:48:57 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{D24469A7-870C-49A2-B580-642C4D901A8C}
[2011/09/04 11:48:31 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{4F0F4CD5-CD36-495F-A7F0-865C91297D9B}
[2011/09/03 22:54:23 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{1855F0F5-1F96-4561-81C1-FCF4AFAB6835}
[2011/09/03 10:53:46 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{3D279FA7-D71A-480A-9B45-FF5784A0C575}
[2011/09/03 10:53:24 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{EF0A3744-CDA4-4667-9B1C-45BEC1177EB0}
[2011/09/02 18:36:53 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{3B180E4A-4D2F-4653-91B9-07D745E5DC1B}
[2011/09/02 18:36:30 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{4F97D301-5F9E-42FB-B04A-490CC3EC7740}
[2011/09/02 06:35:10 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{0B18CDF5-7131-4C01-84DE-D5D6FD693B41}
[2011/09/02 06:34:48 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{548900A1-CDBA-4F1B-B00D-0CB4E8F3D074}
[2011/09/01 18:34:09 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{CDF6F05E-844F-4B3D-8A9A-580D369341AB}
[2011/09/01 18:33:57 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{1C1F8EEF-91B5-4F87-85C0-64A983055713}
[2011/09/01 17:08:24 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/09/01 16:52:53 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{D2ACDF30-6F38-47F7-A405-4E98E03693AE}
[2011/09/01 16:52:35 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{E40E6746-90FD-4790-B0BE-1A243393218B}
[2011/08/31 20:54:04 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{78DEE4F5-8923-4113-AF8F-BFC4A8640621}
[2011/08/31 20:53:36 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{B682973C-31F0-4079-A8E3-2E31C305AB73}
[2011/08/31 20:44:40 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{536A6663-41B3-4EA1-B267-2C5E87867280}
[2011/08/31 20:44:18 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{8E6C1069-4747-47A2-8BC5-BA3CFDE44343}
[2011/08/31 11:57:07 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{5AB1AAFF-84A4-40DF-86C8-25721381242A}
[2011/08/31 11:56:14 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{3755D724-0DC6-4ABB-ABF0-4C39F3320D00}
[2011/08/31 08:57:02 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{79B02E6E-E9F4-4A01-ADAB-F0953763883D}
[2011/08/31 08:56:43 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{4EE68900-CF08-47DF-B77B-0A041517B43F}
[2011/08/30 09:58:30 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{92DA4C6A-1615-4806-8DC9-EB26C71ED664}
[2011/08/30 09:57:50 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{87A0EFD0-9CD6-476E-B79B-300AD0E8AD06}
[2011/08/29 09:18:47 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{8A14606C-F76A-4D66-A8CA-84CC89878191}
[2011/08/29 09:18:14 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{495BF466-230B-4FC0-BE11-EF3A1D990034}
[2011/08/28 23:07:01 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{C713275A-5383-45A5-8C16-74002A3D7279}
[2011/08/28 23:06:43 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{F9143A10-C1E8-40AF-93CE-074C2F9740F5}
[2011/08/28 11:30:34 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{DCF3FC9C-A0C8-4AFD-93A5-216728A45797}
[2011/08/28 11:30:22 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{41CEBE1E-37F8-4B7C-AE41-31C446C09282}
[2011/08/27 09:16:21 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{B2AC89D1-E2B9-41FF-96FE-9B60D6FE55A8}
[2011/08/27 09:15:52 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{10BF00EA-C51A-4EFC-AE45-BE01E5B3F4B6}
[2011/08/26 11:40:18 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{F9CE5760-BEED-44A7-A8DF-D07A7876DD78}
[2011/08/26 11:39:48 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{5B4007E6-74B1-4604-BE14-7FEEAB05D3CC}
[2011/08/25 11:20:41 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{C7307764-5CE4-484F-A256-385F35A06005}
[2011/08/25 11:20:12 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{C11364BC-EADC-46C2-A220-F626FAAC6D6E}
[2011/08/24 21:38:44 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{9D0991B5-3E4B-4B87-92DC-3766E9EB7472}
[2011/08/24 21:38:28 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{2E154C52-DBB5-4386-AA47-A79B49E87DD9}
[2011/08/24 12:42:18 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{66B87676-6487-4C54-8311-6D6150C850AF}
[2011/08/24 12:41:52 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{BF58BE51-D6BB-4B73-9811-32678F162A46}
[2011/08/24 09:00:49 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{31B19665-3109-4527-B2C2-86BCCB77FD13}
[2011/08/24 09:00:31 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{CE38C063-49FA-43C3-AB0D-F77E78ECB9B9}
[2011/08/23 11:50:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/23 08:51:20 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{0E73A0DE-3DFF-4010-B912-FF9D419125E8}
[2011/08/23 08:50:56 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{9562F813-4293-410E-907C-A45748E4690F}
[2011/08/22 18:06:23 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{CB7E7240-FC55-4DCB-85A7-A0A906E81496}
[2011/08/22 18:05:55 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{8D175CDA-73A1-4C47-8C57-9CF16C3519B9}
[2011/08/21 19:32:42 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{1705FE1A-8E9E-49A4-818A-38746653EF2C}
[2011/08/21 19:32:23 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{E695FEA1-C24E-4D6F-9DA6-78FBDA30B194}
[2011/08/20 03:04:48 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{80AB11C4-E9A7-4ADD-A1A0-9F5671AF4AE9}
[2011/08/20 03:04:20 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{F126E260-6611-49F6-A3ED-CC5013BAFFDA}
[2011/08/19 12:08:40 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{D814FEA6-91E9-4C81-BC2A-A065DEDF1955}
[2011/08/19 12:08:12 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{7A2C1592-5227-421C-959E-7F9EFF202965}
[2011/08/19 08:48:02 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{EAEADFDE-32DC-4D55-A0C6-2300371957B4}
[2011/08/19 08:47:47 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{BE2FDC3D-A8DB-42B1-BC55-CDC6CD87F16D}
[2011/08/18 09:30:04 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{0554D38F-3DAA-4CBC-95CF-3A6008AB9067}
[2011/08/18 09:29:42 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{CD123272-A4AF-4865-B13B-9E468B690148}
[2011/08/18 08:37:37 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{A50864C1-A9BB-40DC-AD0C-BD63E033E25E}
[2011/08/18 08:37:06 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{17A0787D-7330-418C-837A-47879C5B13EA}
[2011/08/17 21:03:19 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{C6BEC685-67B3-4D3D-AB68-AA055BD79C6D}
[2011/08/17 21:03:03 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{1373D496-BD7B-4E70-A171-4E2836A4FB6E}
[2011/08/17 12:56:28 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{645C3B2E-E0DE-4C72-A23D-3CB52A2B8752}
[2011/08/17 12:55:48 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{25D34919-C3BD-4EB6-B4F5-8DC34676E1CB}
[2011/08/17 09:27:26 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{52DE8134-BB83-4402-B006-259E714D8D74}
[2011/08/17 09:26:57 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{9B0494E3-67B7-4B2A-9069-7977E920AAB4}
[2011/08/16 19:10:52 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{809D4697-3C0F-4250-9012-1F54EEA25E29}
[2011/08/16 19:10:27 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{9AEA8609-3A1D-4AC9-A176-5CB0DAC2C62B}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/15 17:34:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/15 16:59:52 | 000,007,609 | ---- | M] () -- C:\Users\Gabriel\AppData\Local\Temp7.html
[2011/09/15 16:59:19 | 000,001,892 | ---- | M] () -- C:\Users\Gabriel\AppData\Local\Temp1.html
[2011/09/15 16:57:34 | 001,553,920 | ---- | M] (Resplendence Software Projects Sp. ) -- C:\Users\Gabriel\Desktop\whocrashedSetup.exe
[2011/09/15 14:18:41 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Gabriel\Desktop\OTL.exe
[2011/09/15 14:17:07 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/09/15 14:02:07 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/15 14:02:07 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/15 14:00:59 | 000,674,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/15 14:00:59 | 000,125,122 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/15 13:53:39 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/09/15 13:53:36 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/15 13:53:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/15 13:53:12 | 1981,816,832 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/15 13:03:08 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/09/12 10:35:14 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011/09/12 10:35:14 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011/09/03 11:30:27 | 000,002,297 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/15 16:59:52 | 000,007,609 | ---- | C] () -- C:\Users\Gabriel\AppData\Local\Temp7.html
[2011/09/15 16:59:19 | 000,001,892 | ---- | C] () -- C:\Users\Gabriel\AppData\Local\Temp1.html
[2011/09/15 13:53:39 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/06/03 18:04:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/03/30 12:25:55 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/02/22 21:47:12 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/09/24 16:13:17 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/30 21:58:43 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/08/27 15:52:26 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/27 15:52:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/27 15:52:26 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/27 15:52:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/27 15:52:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/20 12:44:43 | 000,007,619 | ---- | C] () -- C:\Users\Gabriel\AppData\Local\Resmon.ResmonCfg
[2010/04/18 13:11:31 | 000,870,128 | ---- | C] () -- C:\Users\Gabriel\AppData\Roaming\mcs.rma
[2010/04/18 13:11:31 | 000,000,004 | ---- | C] () -- C:\Users\Gabriel\AppData\Roaming\1A511F
[2010/03/15 08:12:58 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2010/03/14 09:49:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/14 09:39:33 | 000,000,883 | ---- | C] () -- C:\Windows\System32\SP7302.INI
[2010/02/01 05:56:50 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/01/29 12:13:17 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010/01/29 12:13:17 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/01/27 19:43:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/01/27 19:43:32 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/01/27 19:43:31 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/01/27 19:43:31 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010/01/27 19:43:31 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/01/27 19:43:31 | 000,000,542 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/01/27 19:43:30 | 000,197,655 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/09/09 20:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009/09/01 00:32:20 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DTS.exe
[2009/09/01 00:32:16 | 000,106,496 | ---- | C] () -- C:\Windows\System32\ADMonitor.exe
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 000,528,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,674,024 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,125,122 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 02:07:46 | 000,025,448 | ---- | C] () -- C:\Windows\System32\drivers\uxpatch.sys
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/04 16:51:10 | 000,000,542 | ---- | C] () -- C:\Windows\System32\atipblup.dat
[2006/09/28 15:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006/09/26 15:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

========== LOP Check ==========

[2011/08/02 01:29:22 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Autodesk
[2010/04/07 15:12:51 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Avnex
[2011/04/22 15:38:04 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\CrashPlan
[2010/05/11 13:31:18 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\EPSON
[2010/06/20 17:26:04 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\ooVoo Details
[2010/08/19 16:55:13 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\QuickScan
[2011/05/20 14:14:13 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Update
[2011/09/09 13:03:14 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\uTorrent
[2010/05/19 19:55:08 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\ZumoDrive
[2011/09/15 13:53:39 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/03/19 08:48:47 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/07/08 17:54:01 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/15 14:17:07 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2010/01/27 20:30:09 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/01/27 20:30:33 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/01/27 20:30:33 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2010/01/27 20:30:09 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

< MD5 for: NETIO.SYS >
[2010/11/20 05:30:05 | 000,240,000 | ---- | M] (Microsoft Corporation) MD5=2899EF7AEEF6913ED4FCB0E8A7A04F46 -- C:\Windows\System32\drivers\netio.sys
[2010/11/20 05:30:05 | 000,240,000 | ---- | M] (Microsoft Corporation) MD5=2899EF7AEEF6913ED4FCB0E8A7A04F46 -- C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.1.7601.17514_none_58a2d6c1138fa06a\netio.sys
[2009/07/13 18:20:44 | 000,240,208 | ---- | M] (Microsoft Corporation) MD5=E87FE6DAF5A1B0845A0E376F4269F75B -- C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_5671c2f916a11cd0\netio.sys

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/27 23:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/10/27 23:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 22:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 18:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2010/01/27 20:30:57 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=AB59486E41610AB13B1555D7D585AE8F -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_705136794f3f8a98\winlogon.exe
[2010/01/27 20:30:57 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B151128D1FEBF745BC7EFDE9FACB165A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_6fbf975e36292016\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/08 12:04:37 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/08 12:04:37 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/08 12:04:37 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/08 12:04:33 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/08 12:04:33 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/08 12:04:33 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 05:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 05:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 05:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/09/03 05:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 05:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 05:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 05:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 05:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2010/11/20 05:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/08 12:04:37 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/08 12:04:37 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/08 12:04:37 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/08 12:04:33 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/08 12:04:33 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/08 12:04:33 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 05:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 05:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 05:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/09/03 05:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 05:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 05:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 05:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 05:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2010/11/20 05:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< End of report >




_________________________________________________


Best regards, -GR
  • 0

#6
Render
Posted 15 September 2011 - 07:08 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please post also Extras log. Then do this:

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select No.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

  • 0

#7
gabybaby
Posted 15 September 2011 - 07:16 PM

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi Render,

OTL created another log named "extras", here are the contents of that log:


________________________________________________________________




OTL Extras logfile created on: 9/15/2011 5:48:51 PM - Run 6
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Gabriel\Desktop
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.46 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 35.80% Memory free
4.92 Gb Paging File | 3.02 Gb Available in Paging File | 61.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.15 Gb Total Space | 50.13 Gb Free Space | 17.46% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.04 Gb Free Space | 31.14% Space Free | Partition Type: NTFS

Computer Name: GABRIEL-W500 | User Name: Gabriel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3248881932-903285841-3063169814-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C6F231-1B18-C448-323A-56D1A0DB9C46}" = Catalyst Control Center Graphics Full New
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.7
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{17FB7811-87DD-53C4-3A56-7F7F37DCD802}" = Catalyst Control Center Graphics Previews Vista
"{192359F3-D455-0C89-3161-766008BD6D10}" = CCC Help French
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DF0C90D-0705-32EA-B4DB-341C311EBB93}" = ATI Catalyst Install Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 26
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D40C5BB-673F-4976-BD20-0835D4B32B8B}" = CrashPlan
"{2D440AF4-7330-43F0-A085-35DE1A90E703}" = Lenovo Fingerprint Software
"{31423F74-36B2-4d24-B10D-CD00BFB7C118}" = Intel® Turbo Memory
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{446B2807-CF65-6D50-2BC8-141E235CD1CD}" = ccc-core-static
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF99FCA-1D0C-4D5A-9BFE-0D4376A52B23}" = Autodesk Revit Architecture 2011
"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{73ED3EA3-F96F-D098-7EE4-146FBD30113E}" = PX Profile Update
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A03BEDC-6390-440E-8D13-721A22F0BD1F}" = PhoenixRC
"{7C6DD158-A31F-5F0B-82A0-C28258CBB31F}" = CCC Help Japanese
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{82EB6CEA-749A-410F-8AD2-372A286BA3BE}" = Integrated Camera Driver Installer Package Ver.1.27.500.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{872D8B75-1B00-E5AD-22DD-DA74CA237C7C}" = CCC Help Chinese Standard
"{89428E27-F481-4FB3-B669-A3CCDB1579DF}" = PlayOn
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager and Intel® Turbo Memory
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{91B7B957-0F45-4BDC-85BA-08F80D49B9BC}" = Mobile Broadband Connect
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0B15A5-DDCB-BD52-DF23-0FB44A59B903}" = ccc-utility
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C67CBD7-631C-0409-B00B-98B5DEB67C27}" = Autodesk 3ds Max Design 2010 32-bit
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A34D0CB7-38BC-2C6D-270E-84BF07DB7CCB}" = Catalyst Control Center Graphics Light
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B8909A6F-E372-4ABE-8882-91F8D13D81F1}" = JC-AM100
"{B99D0112-5508-59BD-B80E-4049E907845C}" = CCC Help Chinese Traditional
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB5B4945-AA4C-5A32-D6EC-0365F6DC0C41}" = Catalyst Control Center Core Implementation
"{CC23F0EF-15E9-4264-8165-272A5AA2B873}" = Sirius Device Recovery
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel® PROSet/Wireless WiFi Software
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D00A26B4-CFAD-373C-8A62-4408AA382451}" = CCC Help Dutch
"{D4001570-E33E-5B45-7BB6-B0AD9E08788C}" = CCC Help German
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{D984A74E-DFB9-B6A2-C863-732A551F8FB2}" = Catalyst Control Center Localization All
"{DAA3DC12-2A82-0866-B3E1-8BCFF6EC5715}" = CCC Help Korean
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EA855E-9187-4AFB-E7A9-FE655B48386B}" = CCC Help English
"{E276D6EE-9FB5-8456-633A-603893C8F539}" = CCC Help Portuguese
"{E2773E0C-BD2A-D110-F209-0C3E1118009E}" = CCC Help Spanish
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1B03D1F-29B4-86D7-DCF5-8C2DCE13B05E}" = CCC Help Italian
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F65525AB-4B63-AC34-BE4A-08CA24FC1414}" = Catalyst Control Center Graphics Full Existing
"{F67714D1-6842-EACA-C159-D25B947FA380}" = Catalyst Control Center InstallProxy
"{F932659E-6B83-1BF6-C10D-5F722F33C175}" = CCC Help Swedish
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"112AA64E0C8CC704E307FE914F7DEC1C0035598E" = Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55)
"1FBDB507F002A372EB195A0ACF6E2A2F9D34689E" = Windows Driver Package - Ricoh Company (rismxdp) hdc (09/03/2009 6.10.01.05)
"5F72B7FA1792CB768F6A46E18A9DAD0E1FE1C863" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (09/03/2009 6.10.01.05)
"8E6CE26AD682E6D46DCCDD39CD93277A2EAF2449" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (07/07/2009 8.1.2.56)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Aide PDF to DXF Converter_is1" = Aide PDF to DXF Converter 9.6
"ATI Uninstaller" = ATI Uninstaller
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Autodesk FBX Plugin 2009.4 - 3ds Max Design 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max Design 2010
"Autodesk Revit Architecture 2011" = Autodesk Revit Architecture 2011
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"CutePDF Writer Installation" = CutePDF Writer 2.8
"D50474ACAF488895A3CE5D30373288EA6AD46EAA" = Windows Driver Package - Ricoh Company MMC Host Controller (09/03/2009 6.10.01.05)
"E59560E2F5B162D40255FCD327ACA5E989D995D2" = Windows Driver Package - Ricoh (5U875UVC) Image (07/08/2009 1.27.500.0)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"HECI" = Intel® Management Engine Interface
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{CC23F0EF-15E9-4264-8165-272A5AA2B873}" = Sirius Device Recovery
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MassPlus v3.0" = MassPlus v3.0
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
"OnScreenDisplay" = On Screen Display
"Orb" = Winamp Remote
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel® Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"Rhapsody" = Rhapsody
"Simpson AutoCAD Menu" = Simpson AutoCAD Menu
"ST6UNST #1" = STEELPro Version 1.1 By Redem Legaspi
"Steam App 24010" = RailWorks
"SuperPurge Lite" = SuperPurge Lite
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"W7DevOR" = Registry Patch to arrange icons in Device and Printers folder of Windows 7
"WhoCrashed_is1" = WhoCrashed 3.02
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3248881932-903285841-3063169814-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/14/2011 5:00:15 PM | Computer Name = Gabriel-W500 | Source = PC-Doctor | ID = 1
Description =

Error - 1/15/2011 7:01:06 AM | Computer Name = Gabriel-W500 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Program Files\Lenovo\System
Update\Installer64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/15/2011 5:00:16 PM | Computer Name = Gabriel-W500 | Source = PC-Doctor | ID = 1
Description =

Error - 1/15/2011 7:29:04 PM | Computer Name = Gabriel-W500 | Source = PC-Doctor | ID = 1
Description =

Error - 1/16/2011 6:39:52 AM | Computer Name = Gabriel-W500 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Program Files\Lenovo\System
Update\Installer64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/16/2011 5:00:22 PM | Computer Name = Gabriel-W500 | Source = PC-Doctor | ID = 1
Description =

Error - 1/17/2011 6:38:41 AM | Computer Name = Gabriel-W500 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Program Files\Lenovo\System
Update\Installer64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/17/2011 5:00:16 PM | Computer Name = Gabriel-W500 | Source = PC-Doctor | ID = 1
Description =

Error - 1/18/2011 5:48:38 AM | Computer Name = Gabriel-W500 | Source = Application Hang | ID = 1002
Description = The program acad.exe version 23.0.54.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 350 Start Time:
01cbb66e672e52ff Termination Time: 117 Application Path: C:\Program Files\AutoCAD
2007\acad.exe Report Id: 1ac4e73d-22e8-11e0-9769-00216a9c69f3

Error - 1/18/2011 7:11:14 AM | Computer Name = Gabriel-W500 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Program Files\Lenovo\System
Update\Installer64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Lenovo-Message Center Plus/Admin Events ]
Error - 2/11/2010 5:01:38 PM | Computer Name = Gabriel-W500 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 2/11/2010 11:07:12 PM | Computer Name = Gabriel-W500 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 2/23/2010 9:26:51 PM | Computer Name = Gabriel-W500 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 2/25/2010 11:27:32 AM | Computer Name = Gabriel-W500 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 2/27/2010 12:03:30 PM | Computer Name = Gabriel-W500 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 3/22/2010 10:54:20 PM | Computer Name = Gabriel-W500 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 5/29/2010 3:04:59 PM | Computer Name = Gabriel-W500 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 7/21/2010 7:40:18 AM | Computer Name = Gabriel-W500 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 6/3/2011 3:52:13 AM | Computer Name = Gabriel-W500 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 6/20/2011 3:27:31 AM | Computer Name = Gabriel-W500 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

[ Media Center Events ]
Error - 11/23/2010 12:23:01 PM | Computer Name = Gabriel-W500 | Source = MCUpdate | ID = 0
Description = 8:22:56 AM - Error connecting to the internet. 8:22:56 AM - Unable
to contact server..

Error - 11/23/2010 1:23:10 PM | Computer Name = Gabriel-W500 | Source = MCUpdate | ID = 0
Description = 9:23:10 AM - Error connecting to the internet. 9:23:10 AM - Unable
to contact server..

Error - 11/23/2010 1:23:17 PM | Computer Name = Gabriel-W500 | Source = MCUpdate | ID = 0
Description = 9:23:15 AM - Error connecting to the internet. 9:23:15 AM - Unable
to contact server..

Error - 11/23/2010 2:23:37 PM | Computer Name = Gabriel-W500 | Source = MCUpdate | ID = 0
Description = 10:23:36 AM - Error connecting to the internet. 10:23:36 AM - Unable
to contact server..

Error - 11/23/2010 2:23:53 PM | Computer Name = Gabriel-W500 | Source = MCUpdate | ID = 0
Description = 10:23:42 AM - Error connecting to the internet. 10:23:42 AM - Unable
to contact server..

Error - 11/23/2010 3:24:00 PM | Computer Name = Gabriel-W500 | Source = MCUpdate | ID = 0
Description = 11:24:00 AM - Error connecting to the internet. 11:24:00 AM - Unable
to contact server..

Error - 11/23/2010 3:24:07 PM | Computer Name = Gabriel-W500 | Source = MCUpdate | ID = 0
Description = 11:24:05 AM - Error connecting to the internet. 11:24:05 AM - Unable
to contact server..

Error - 11/23/2010 11:21:32 PM | Computer Name = Gabriel-W500 | Source = MCUpdate | ID = 0
Description = 7:21:32 PM - Error connecting to the internet. 7:21:32 PM - Unable
to contact server..

Error - 11/23/2010 11:21:39 PM | Computer Name = Gabriel-W500 | Source = MCUpdate | ID = 0
Description = 7:21:37 PM - Error connecting to the internet. 7:21:37 PM - Unable
to contact server..

Error - 6/11/2011 6:51:54 AM | Computer Name = Gabriel-W500 | Source = MCUpdate | ID = 0
Description = 3:51:54 AM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

[ OSession Events ]
Error - 4/13/2011 12:18:00 PM | Computer Name = Gabriel-W500 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/3/2011 12:16:59 PM | Computer Name = Gabriel-W500 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/9/2011 4:16:16 PM | Computer Name = Gabriel-W500 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/10/2011 11:59:47 AM | Computer Name = Gabriel-W500 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/10/2011 11:59:47 AM | Computer Name = Gabriel-W500 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/4/2011 4:41:19 PM | Computer Name = Gabriel-W500 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/7/2011 2:15:55 PM | Computer Name = Gabriel-W500 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/15/2011 12:12:24 PM | Computer Name = Gabriel-W500 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/20/2011 4:10:24 PM | Computer Name = Gabriel-W500 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/18/2011 9:31:19 AM | Computer Name = Gabriel-W500 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/15/2011 7:51:09 PM | Computer Name = Gabriel-W500 | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 9/15/2011 7:51:10 PM | Computer Name = Gabriel-W500 | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 9/15/2011 7:51:10 PM | Computer Name = Gabriel-W500 | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 9/15/2011 7:51:11 PM | Computer Name = Gabriel-W500 | Source = PNRPSvc | ID = 102
Description =

Error - 9/15/2011 7:51:11 PM | Computer Name = Gabriel-W500 | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 9/15/2011 7:51:11 PM | Computer Name = Gabriel-W500 | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 9/15/2011 7:58:02 PM | Computer Name = Gabriel-W500 | Source = ipnathlp | ID = 31004
Description =

Error - 9/15/2011 8:08:14 PM | Computer Name = Gabriel-W500 | Source = ipnathlp | ID = 31004
Description =

Error - 9/15/2011 8:14:57 PM | Computer Name = Gabriel-W500 | Source = ipnathlp | ID = 34001
Description =

Error - 9/15/2011 8:27:04 PM | Computer Name = Gabriel-W500 | Source = ipnathlp | ID = 34001
Description =


< End of report >





___________________________________________________________



Best regards,

-GR
  • 0

#8
gabybaby
Posted 15 September 2011 - 07:27 PM

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi Render,

Thanks again for your responses and your assistance.

Here is the log from ASWmbr:

_____________________________________________________


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-15 18:21:37
-----------------------------
18:21:37.489 OS Version: Windows 6.1.7601 Service Pack 1
18:21:37.489 Number of processors: 2 586 0x170A
18:21:37.489 ComputerName: GABRIEL-W500 UserName: Gabriel
18:21:39.720 Initialize success
18:21:57.369 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:21:57.369 Disk 0 Vendor: Size: 0MB BusType: 0
18:21:57.369 Disk 1 \Device\Harddisk1\DR1 -> \Device\RobsonImd-0
18:21:57.385 Disk 1 Vendor: Size: 1405MB BusType: 0
18:21:57.400 Disk 0 MBR read successfully
18:21:57.400 Disk 0 MBR scan
18:21:57.400 Disk 0 unknown MBR code
18:21:57.400 Disk 0 MBR hidden
18:21:57.416 Disk 0 scanning C:\Windows\system32\drivers
18:22:08.196 Service scanning
18:22:09.475 Modules scanning
18:22:13.016 Disk 0 trace - called modules:
18:22:13.032 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys iaNvStor.sys
18:22:13.032 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8838a5c8]
18:22:13.032 3 CLASSPNP.SYS[8a5b159e] -> nt!IofCallDriver -> [0x85f58958]
18:22:13.032 5 ACPI.sys[89ea23d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f18028]
18:22:13.047 Scan finished successfully
18:23:23.575 Disk 0 MBR has been saved successfully to "C:\Users\Gabriel\Desktop\MBR.dat"
18:23:23.606 The log file has been saved successfully to "C:\Users\Gabriel\Desktop\aswMBR.txt"




__________________________________________________


Best regards,

-GR
  • 0

#9
Render
Posted 16 September 2011 - 06:42 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please proceed with this:

  • Please download Speccy from here install and run it.
  • Wait a few minutes then click File menu then Save as Text file... and save report to your desktop.
  • Open that txt file in Notepad and find Operating System section and delete this line: Serial Number: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
  • Save it by clicking on File and then on Save.
  • Please attach that report in your next reply.

How to add an attachment to a new topic or reply
  • 0

#10
gabybaby
Posted 16 September 2011 - 02:11 PM

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi Render,

Thanks again for your responses and your assistance.

Please find attached the Speccy file you requested.

Best regards,

-GR

Attached Files


  • 0

#11
Render
Posted 16 September 2011 - 02:49 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please do the following:

  • Now go to this page here.
  • Click on Download Drivers & Software.
  • New pop-up windows will open.
  • At selection 1 select :Laptops & Netbooks and click Continue.
  • At selection 2 select: ThinkPad W Series laptops and click Continue.
  • At selection 4 select: 4058 and click Continue.
  • At selection 5 select: CTO and click Continue.
  • At selection 6 select: Windows 7 32bit and click Continue.

Now you shoud be on Download Drivers and Software page for your laptop.
Click on Networking.
Download and then install following drivers:
  • Ethernet driver (Intel PRO/1000 LAN adapter software) for Windows 7 (32-bit, 64-bit), XP - ThinkPad
  • Intel Wireless LAN (11bgn) for Windows 7 (32-bit, 64-bit) - ThinkPad
I want you to run your PC as normal and when you encounter problems and BSODs come back to me.
  • 0

#12
Render
Posted 29 September 2011 - 02:16 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP