Windows 7 64-bit Startup Repair Loop [Solved]
Started by
Nikolina
, May 05 2012 05:45 AM
-
This topic is locked
#31
Posted 06 May 2012 - 04:04 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
#32
Posted 06 May 2012 - 04:20 PM
Nikolina
- Topic Starter
-
- Member
-
- 22 posts
Member
Ok.
This is the first one aswMBR.txt
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-06 22:59:01
-----------------------------
22:59:01.683 OS Version: Windows x64 6.1.7601 Service Pack 1
22:59:01.684 Number of processors: 4 586 0x2502
22:59:01.685 ComputerName: BEAUTY UserName:
22:59:07.328 Initialize success
22:59:41.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:59:41.255 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
22:59:41.271 Disk 0 MBR read successfully
22:59:41.273 Disk 0 MBR scan
22:59:41.276 Disk 0 unknown MBR code
22:59:41.287 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
22:59:41.302 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465737 MB offset 2459648
22:59:41.331 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072
22:59:41.366 Disk 0 scanning C:\Windows\system32\drivers
22:59:45.099 Service scanning
23:00:01.043 Modules scanning
23:00:01.055 Disk 0 trace - called modules:
23:00:01.100 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
23:00:01.108 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cdb790]
23:00:01.118 3 CLASSPNP.SYS[fffff88001a9143f] -> nt!IofCallDriver -> [0xfffffa80049fc560]
23:00:01.126 5 ACPI.sys[fffff88000f5a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a01050]
23:00:01.133 Scan finished successfully
23:00:23.356 Disk 0 MBR has been saved successfully to "C:\Users\Nikolina\Desktop\MBR.dat"
23:00:23.361 The log file has been saved successfully to "C:\Users\Nikolina\Desktop\aswMBR.txt"
OTL.txt
OTL logfile created on: 5/6/2012 11:05:50 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Nikolina\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.86 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 55.59% Memory free
7.73 Gb Paging File | 5.91 Gb Available in Paging File | 76.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.82 Gb Total Space | 349.22 Gb Free Space | 76.78% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 0.61 Gb Free Space | 6.23% Space Free | Partition Type: NTFS
Computer Name: BEAUTY | User Name: Nikolina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/06 23:02:03 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Nikolina\Desktop\OTL.exe
PRC - [2011/09/06 15:47:44 | 005,152,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
PRC - [2011/08/24 10:35:05 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebarsvc.exe
PRC - [2011/08/24 10:35:05 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebrmon.exe
PRC - [2011/08/23 22:54:59 | 014,051,120 | ---- | M] (FreeCall) -- C:\Program Files (x86)\FreeCall.com\FreeCall\freecall.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2010/03/25 20:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2010/03/01 19:31:32 | 000,402,792 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2010/03/01 19:29:14 | 000,435,560 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
PRC - [2010/03/01 19:29:12 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2010/03/01 19:29:10 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2010/03/01 19:17:52 | 000,344,064 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2010/02/18 07:26:38 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/02/10 23:40:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2010/02/05 20:20:50 | 000,331,512 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
PRC - [2009/11/24 05:51:20 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/11/17 10:06:04 | 000,044,984 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2009/11/17 06:07:46 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/11/16 10:19:38 | 000,062,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/11/11 09:33:12 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2009/11/09 05:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\cammute.exe
PRC - [2009/11/04 05:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 05:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/28 22:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/05/28 06:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
========== Modules (No Company Name) ==========
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/08/28 22:27:20 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\Common Files\Lenovo\CDRecord.dll
MOD - [2009/05/28 06:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/02/18 07:26:38 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/01/13 14:04:10 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/18 06:04:24 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009/11/17 10:06:04 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2009/11/16 10:19:38 | 000,062,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2009/11/09 05:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\cammute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2009/10/09 20:12:52 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2009/09/30 01:25:48 | 000,126,392 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/09/22 00:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2009/09/22 00:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/04/14 05:06:22 | 000,306,688 | ---- | M] (Option) [Auto | Running] -- C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe -- (GtFlashSwitch)
SRV - [2011/08/24 10:35:05 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebarsvc.exe -- (CieoNetUtilities_0eService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe -- (NIS)
SRV - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/03/25 20:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/01 19:29:12 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2010/03/01 19:29:10 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/02/10 23:40:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010/02/05 20:20:50 | 000,331,512 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe -- (QDLService2kLenovo) Qualcomm Gobi 2000 Download Service (Lenovo)
SRV - [2010/01/05 19:12:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/11/04 05:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/11/04 05:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/08/28 22:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/07/08 17:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/06/27 16:06:54 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020200}_0)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/02 23:24:03 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/31 04:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/31 04:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/15 03:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 07:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 06:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/23 00:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/08 13:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/05 18:41:38 | 000,241,664 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbnetlno2k.sys -- (qcusbnetlno2k) Gobi 2000 USB-NDIS miniport(05C6-9205)
DRV:64bit: - [2010/02/05 18:41:38 | 000,121,600 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbserlno2k.sys -- (qcusbserlno2k) Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205)
DRV:64bit: - [2010/02/05 18:41:38 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcfilterlno2k.sys -- (qcfilterlno2k) Gobi 2000 USB Composite Device Filter Driver(05C6-9205)
DRV:64bit: - [2010/01/15 20:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/15 05:23:00 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/15 05:23:00 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/15 05:23:00 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/13 14:26:02 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/01/13 14:26:02 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/13 13:10:58 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/05 19:12:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2009/12/02 07:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/11/30 07:56:00 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/11/18 06:04:04 | 000,032,880 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009/10/26 04:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/09 20:11:38 | 000,136,744 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009/10/09 20:10:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009/09/30 01:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/30 01:25:50 | 000,012,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/15 20:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/02 03:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/06/18 18:21:58 | 000,161,024 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 06:33:00 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/05/12 10:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2007/07/09 14:17:44 | 000,110,592 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV:64bit: - [2007/06/26 13:39:10 | 000,070,656 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gt72ubus.sys -- (GT72UBUS)
DRV:64bit: - [2007/03/30 13:38:16 | 000,010,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtptser.sys -- (GTPTSER)
DRV - [2012/05/06 20:56:13 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120505.016\ex64.sys -- (NAVEX15)
DRV - [2012/05/06 20:56:13 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/05/06 20:56:13 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys -- (EraserUtilDrv11122)
DRV - [2012/05/06 20:56:13 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120505.016\eng64.sys -- (NAVENG)
DRV - [2012/05/05 01:07:30 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120505.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/04/13 01:34:56 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120413.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/12/01 00:18:16 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 57 A9 BA D2 2B CD 01 [binary data]
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\URLSearchHook: {f864ba3f-9878-458a-ba2b-dad32bcbc472} - No CLSID value found
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/we...l&geo=GB&ver=17
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\SearchScopes\{ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@CieoNetUtilities_0e.com/Plugin: C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\NP0eStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/inoPanoViewer: C:\Program Files (x86)\innoPlus\Panorama-Viewer-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Nikolina\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2012/05/05 02:31:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_4_3 [2012/05/06 21:22:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\0effxtbr@CieoNetUtilities_0e.com: C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin [2012/05/05 02:27:38 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Search Assistant BHO) - {4cbfd6a0-f21b-4d52-bf56-c57a37625141} - C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0eSrcAs.dll (COMPANYVERS_NAME)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Toolbar BHO) - {8ca6701f-b8e8-43b9-b206-b2a9ee3216cf} - C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebar.dll (MindSpark)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (CieoNet Utilities) - {8175e372-1ff1-4288-8e6e-addebd415d47} - C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\Toolbar\WebBrowser: (CieoNet Utilities) - {8175E372-1FF1-4288-8E6E-ADDEBD415D47} - C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebar.dll (MindSpark)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe ()
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CieoNetUtilities_0e Browser Plugin Loader] C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-937968807-2987181820-2307277295-1003..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} http://shop.lenovo.c...MachineInfo.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {5CF549B1-E178-4D8C-ADEF-73F226644F12} http://deploy.webvde.../WebVDSetUp.cab (Room328 Designer Setup)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5051B246-2951-4358-9621-24C4FC939F5A}: DhcpNameServer = 10.48.65.30
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4AA4D0D-BCBD-471E-BEBB-A3BFBA50DA4B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 17:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{5aa4b7a3-6dc7-11df-81ab-c80aa9467b0d}\Shell - "" = AutoRun
O33 - MountPoints2\{5aa4b7a3-6dc7-11df-81ab-c80aa9467b0d}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{bfbc8c31-4873-11df-9379-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bfbc8c31-4873-11df-9379-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/05/07 03:08:42 | 000,000,000 | ---D | C] -- C:\FRST
[2012/05/06 23:01:09 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Nikolina\Desktop\OTL.exe
[2012/05/06 22:58:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Nikolina\Desktop\aswMBR.exe
[2012/05/06 21:24:31 | 000,000,000 | ---D | C] -- C:\Users\Nikolina\AppData\Local\{69ADFFDD-7209-4B43-9DF9-AA51ADFF5FCC}
[2012/05/06 21:23:37 | 000,000,000 | ---D | C] -- C:\Users\Nikolina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2012/05/06 21:21:18 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[10 C:\Users\Nikolina\Documents\*.tmp files -> C:\Users\Nikolina\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/06 23:02:03 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Nikolina\Desktop\OTL.exe
[2012/05/06 23:00:23 | 000,000,512 | ---- | M] () -- C:\Users\Nikolina\Desktop\MBR.dat
[2012/05/06 22:58:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Nikolina\Desktop\aswMBR.exe
[2012/05/06 22:24:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/06 21:33:37 | 000,002,351 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/06 21:24:07 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/06 21:21:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/06 21:21:10 | 3111,555,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/06 21:15:55 | 001,957,462 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2012/05/06 20:45:02 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/05/06 20:41:02 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/05/06 20:31:56 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/06 20:31:56 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/06 20:26:30 | 000,792,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/06 20:26:30 | 000,675,582 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/06 20:26:30 | 000,128,548 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/05 09:35:20 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat
[10 C:\Users\Nikolina\Documents\*.tmp files -> C:\Users\Nikolina\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/06 23:00:23 | 000,000,512 | ---- | C] () -- C:\Users\Nikolina\Desktop\MBR.dat
[2012/05/06 21:21:10 | 3111,555,072 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/05 09:35:20 | 000,001,732 | ---- | C] () -- C:\tvtpktfilter.dat
[2011/11/21 21:55:57 | 000,000,216 | -H-- | C] () -- C:\ProgramData\~s760lQjjteTrvbr
[2011/11/21 21:55:56 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~s760lQjjteTrvb
[2011/11/21 21:55:51 | 000,000,464 | -H-- | C] () -- C:\ProgramData\s760lQjjteTrvb
[2011/07/16 21:58:35 | 000,670,496 | -H-- | C] () -- C:\Users\Nikolina\AppData\Local\wanancsp.dat
[2011/01/04 23:49:42 | 000,001,940 | ---- | C] () -- C:\Users\Nikolina\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
========== LOP Check ==========
[2012/05/05 10:53:27 | 000,000,000 | ---D | M] -- C:\Users\Nikolina\AppData\Roaming\Downloaded Installations
[2012/05/05 10:53:28 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\eTeks
[2012/05/05 02:38:32 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\FreeCall
[2012/05/05 10:53:28 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\InterVideo
[2012/05/05 10:53:28 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\Lenovo
[2012/05/05 10:55:33 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\Nitro PDF
[2012/05/05 10:55:34 | 000,000,000 | ---D | M] -- C:\Users\Nikolina\AppData\Roaming\PCDr
[2012/05/05 10:55:38 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\QcWizard
[2012/05/05 02:38:49 | 000,000,000 | ---D | M] -- C:\Users\Nikolina\AppData\Roaming\Tific
[2012/05/05 10:55:42 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\Ulead Systems
[2012/05/05 10:55:42 | 000,000,000 | ---D | M] -- C:\Users\Nikolina\AppData\Roaming\Update
[2011/01/26 13:48:59 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\Windows Live Writer
[2012/05/06 20:41:02 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/09/14 01:16:10 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/06 20:45:02 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2010/04/15 11:42:28 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/04/15 11:42:28 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/04/15 11:43:20 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/04/15 11:43:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/04/15 11:43:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/04/15 11:42:28 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/04/15 11:43:20 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/04/15 11:42:28 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
< MD5 for: EXPLORER.EXE.MUI >
[2009/07/14 03:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/14 03:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: USERINIT.EXE.MUI >
[2009/07/14 03:26:28 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=87AE19DA46FE7D5E293937DD36FF1889 -- C:\Windows\SysNative\en-US\userinit.exe.mui
[2009/07/14 03:03:34 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=EA67C653ECFED02D7DBFB889A908CAA9 -- C:\Windows\SysWOW64\en-US\userinit.exe.mui
< MD5 for: WINLOGON.EXE >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/04/15 11:44:20 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=9ED521C0B287D4A396E1456B3D1556C9 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_cbde32e1ee86914c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2010/04/15 11:44:20 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=FEFF314FF78051201309E47D90554BE8 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_cc6fd1fd079cfbce\winlogon.exe
< MD5 for: WINLOGON.EXE.MUI >
[2010/11/20 14:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
< C:\Windows\assembly\tmp\U\*.* /s >
< %Temp%\smtmp\1\*.* >
< %Temp%\smtmp\2\*.* >
< %Temp%\smtmp\3\*.* >
< %Temp%\smtmp\4\*.* >
< End of report >
And Extras.txt
OTL Extras logfile created on: 5/6/2012 11:05:50 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Nikolina\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.86 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 55.59% Memory free
7.73 Gb Paging File | 5.91 Gb Available in Paging File | 76.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.82 Gb Total Space | 349.22 Gb Free Space | 76.78% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 0.61 Gb Free Space | 6.23% Space Free | Partition Type: NTFS
Computer Name: BEAUTY | User Name: Nikolina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003E2113-4B90-4707-978E-B1E2584F5EE5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{02379939-7B02-4A37-AD8C-09C4ABABE869}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{061ADE52-51EF-445D-8D4E-4080C2ABB305}" = lport=138 | protocol=17 | dir=in | app=system |
"{0D4AC2A4-7AB3-4797-8331-5BF3DFD2076F}" = rport=137 | protocol=17 | dir=out | app=system |
"{0F2BFB98-5E26-4BB0-A922-E1150E09C52B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1F45F88E-673D-4E85-A4FB-E9A328D32D35}" = lport=137 | protocol=17 | dir=in | app=system |
"{24732480-3923-433B-ACED-F11982A897B7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{47D5C785-9648-4C65-B811-045ADF2CBC5A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{4E0741A0-3855-44F7-9643-C9F1D00799D7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{609466EF-AC9A-4DDD-8A95-F01C64A779C9}" = rport=138 | protocol=17 | dir=out | app=system |
"{62BB5A69-60AC-43BD-9DF1-92D39F647A35}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6E49F4B3-A0B8-4879-832A-7DD920446BDC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6ECDFB08-92F0-4277-A3A2-2B6DB8C093CA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{70B97AFC-C1E5-46A8-B6CF-CEFB9283ED39}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7262EB6E-F6D7-48C3-8CE2-E160049DEA59}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76308093-F75F-43E8-85F3-2BCE10818E69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{815E5488-5C83-4CB0-B1C7-0067529A87A5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8B213B1A-596D-414B-B5F2-3565DAF7C23F}" = rport=445 | protocol=6 | dir=out | app=system |
"{8E3ACA29-628D-4A3B-8BD6-F3FA4F4CFA1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98A6F3AD-3D80-4AE1-B727-FF9636ADE978}" = lport=445 | protocol=6 | dir=in | app=system |
"{A8A554F0-1875-4201-928A-16DCD7361B7E}" = lport=139 | protocol=6 | dir=in | app=system |
"{AC0850FC-66B8-47C9-88D2-BF5F582DD6BD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B79AE537-1175-4EF3-B6B2-FCA7BBB2FA81}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C56CF1D9-7C74-425A-968C-91716203F03E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C76EEE2A-3AD2-4B7E-B2A3-BDBF85E0E49F}" = rport=139 | protocol=6 | dir=out | app=system |
"{CF010E83-F1B7-45BB-87D9-8EB6CB148B7E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{D1CBA127-2A79-452A-9706-376C31DEBD51}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D7F643D0-8CD1-456D-9AD8-205BAF2B5B79}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EE114B2C-C1FB-4B6B-80B7-2A7188FCDE0C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F9450372-11FD-4B1A-89AE-ABBD63DD7B24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FE5524D8-1694-468E-8459-F92E7CB55114}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0108444E-746C-48E4-B72F-E602A06D845D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{01E4798F-AAB1-4E87-9EC3-B52EE4489653}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{04B14E66-2215-4E59-8A1B-BB699035C55F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{056D3D0D-229E-486D-891C-22AEBBB7D47E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0944C192-77C3-409A-9A25-FD9A68D5B693}" = protocol=17 | dir=in | app=c:\program files (x86)\freecall.com\freecall\freecall.exe |
"{0E46E808-2478-48AF-A367-7483403E1582}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{114FC76B-8C03-45F7-89EF-3084A96E77C9}" = protocol=17 | dir=in | app=c:\program files (x86)\freecall.com\freecall\freecall.exe |
"{20F96301-EB18-4BC1-B5EE-EE6363434630}" = protocol=6 | dir=out | app=system |
"{314E60CB-C496-4943-8D63-15D8D0A5527E}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{35921508-0D22-4B62-8B7C-1489F39A6483}" = protocol=6 | dir=in | app=c:\program files (x86)\freecall.com\freecall\freecall.exe |
"{3997442A-E8D2-4F09-A8B6-EFFE59C6DC88}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3EF45792-B2D4-48BE-9B78-8809EBE72696}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{535296B7-3B63-47D6-9C99-41D530043C3C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |
"{54B3DB82-CC65-4228-A2F4-D943E9B1C0D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B763542-96F6-47E7-A54B-FD53460FC680}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6D6F7592-1D29-49BD-B6B6-FDCB789F18CA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{739083D8-5B01-47E5-8C24-699F27497F9C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{75333414-CD03-43F9-8017-98902E6DA804}" = protocol=1 | dir=in | [email protected],-28543 |
"{7FCB6A17-B033-4D45-98E5-07987E44E78D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{82E4972A-2EE7-4B87-9DDB-9EC74645F752}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{85CBDCC6-D4EA-4685-9749-D072C19E8005}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{876B265D-1470-4CCE-8B84-6902888826CA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{9A8429C1-2ECC-4266-A488-CB1AC9955B38}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9A84EBE1-0972-4D6F-BBE0-EBB3C77D1E0E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9AA2AA59-3518-49A5-BDE9-064F2427D658}" = protocol=6 | dir=in | app=c:\program files (x86)\freecall.com\freecall\freecall.exe |
"{A2DE365C-061D-44FB-BA24-1DCBD49E77E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A76CBE20-1BFE-471F-8423-C2C37D252595}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A84EC4D2-F31B-4A77-84D0-DF8F94FB0EE7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B45D8B39-0727-42EF-AE1E-1905A7A410CC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B894DE3A-C48E-4EE3-A5A1-C2A0117587C3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BA7A2916-0D70-473D-BFED-B373B3503336}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{BC7EE6B2-BF66-49C3-9D1A-F0AE817F57E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6F97F8D-AC43-48F7-9F1A-5E641575A394}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |
"{CD15DCBB-AE02-46ED-B90D-DE7B04AFCCEB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D34AACB8-3A6E-473C-A9A0-655BC4E62E02}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DC3BECC9-9034-417D-86D5-5E0C3951E477}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E4D44B3A-367E-4AEA-B5F2-DF3E441C3626}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E85F0CD4-D3EF-4028-A3F9-BAA00C2FC6A3}" = protocol=58 | dir=out | [email protected],-28546 |
"{E88073CA-2F1E-4DC1-90EC-670EAE696787}" = protocol=1 | dir=out | [email protected],-28544 |
"{ED29A263-6C90-41D5-B45A-211D440C3FBC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |
"{EE559BDC-349E-4306-9675-960EA878B7BB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F823FF51-8E25-4C43-ACB8-A0DBFF7E9B2D}" = protocol=58 | dir=in | [email protected],-28545 |
"{FACC8D83-00A3-4E6B-86B3-A7C8820CF173}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |
"{FB91554F-4335-46C0-805F-72A95BE0CB17}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1A4E5E49-16DC-B032-9D6A-FD703B51EA61}" = ccc-utility64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{3FD730D4-755F-439B-8082-B55E00924A44}" = Client Security - Password Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel® PROSet/Wireless WiFi Software
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC9665FB-D2C5-4721-94F6-674B89786EA5}" = GlobeTrotter Connect
"{F11F930D-5126-CE5C-B36A-19E8B87A5C78}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"114EB224AD576F278686036AA9E1EFB7847E3935" = Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
"1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31" = Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013)
"220F59F12D4F9AB9DC2F81E5F4A560FC75E12468" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (12/01/2009 5.10.0.5992)
"3512AA88B7C41B232F5FF5219DFEEDB41AFC3AEA" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (12/10/2009 6.0.1.6000)
"3544757091834266C7CF5425D84E6EC4AF3A074A" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (12/01/2009 6.0.1.5992)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"573C3C32A1DB5625CA00E633E584E8A0E6383672" = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)
"7341A1B43E7FE58942EB1E820A17C18305DFBCE6" = Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417)
"85CE3A3657FAE5FD305B143E90E6FC89BA53001C" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419)
"A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"ATI Uninstaller" = ATI Uninstaller
"D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1" = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0501943A-EC6C-FEDF-C073-11682700D121}" = CCC Help English
"{050BF7DA-82C4-416A-8294-7AFEB8ED94E1}" = Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0BDC93-A0DB-B7F5-72F9-E901EF1B76AD}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 29
"{27080CAD-8C55-C782-19F2-B120D32B8600}" = CCC Help Danish
"{27AA3C54-1913-21C6-FAF5-8C26AF3475A5}" = CCC Help Portuguese
"{27AE4445-375D-B58D-58E9-6BD4E49C3635}" = CCC Help Hungarian
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2E11EE89-DAA5-65E7-CB9A-3558F4327BCD}" = Catalyst Control Center Localization All
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B4D7895-AB43-3B68-9BC6-4964266A2607}" = CCC Help French
"{3DA363EE-6715-38E8-2BF1-52B9EDB2CA84}" = CCC Help Chinese Standard
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{41941CA6-1D79-39E1-7EBF-90B85269C029}" = CCC Help Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding
"{600A5200-B0CC-F6A2-EF22-0ACFAC71D4D0}" = CCC Help Thai
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E26868-787F-7C55-498B-48DC1DBDFA63}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79240A6D-6599-22B7-26D0-289659071259}" = CCC Help Dutch
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{800998E6-EDF8-EBF5-CE31-1AFFD0E2B5FA}" = CCC Help Czech
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{840CEA81-73BF-AEA2-F499-B59ED274EDCD}" = CCC Help Japanese
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C7750D1-ADE6-4DAD-A54E-871EB2ABFE98}" = ThinkVantage GPS
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9C021685-940E-2797-6E84-4BBA6E4455A1}" = CCC Help Russian
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F999CDF-1FFC-8023-CC66-DB9EACE0B969}" = CCC Help German
"{A1983C32-C0FE-5C58-1472-6EF80427CEF1}" = CCC Help Finnish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2C60BF1-82E3-493C-911D-14AD50471F2F}" = Panorama-Viewer-innoPlus
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A68F1ECD-0097-6733-1B27-F3600DB68823}" = CCC Help Norwegian
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF0100AE-C23A-BDF9-55FA-003871E34D50}" = Catalyst Control Center Graphics Light
"{B371EE8F-30EA-B0FA-7DF4-6B934857799A}" = Catalyst Control Center Core Implementation
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B39783B9-5ADB-B1C2-4056-A85E5FE962EE}" = CCC Help Chinese Traditional
"{B4039C42-62A5-A482-B18B-E077E93FAD46}" = CCC Help Italian
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7536911-5CCB-6D5C-027A-1DB44A00B2A4}" = Catalyst Control Center Graphics Previews Vista
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoplus
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.0.1.2
"{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6DC79DD-84EB-8F56-67F5-9F85FF39D087}" = Catalyst Control Center Graphics Full Existing
"{CAAD69D6-85FF-4C63-B279-5350B072A835}" = ccc-core-static
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEE9C2A0-CCF5-778C-D176-86F9C0379B11}" = CCC Help Spanish
"{CF60B890-DA94-C27A-A0B5-B54E7C402201}" = Catalyst Control Center Graphics Full New
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FDDCE0-86F3-7B03-CFED-F583DA6299E2}" = CCC Help Korean
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4B48349-A165-4097-8D78-AC950BD8638E}" = Business Contact Manager for Microsoft Outlook 2010
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E853D04F-8E25-4C68-808D-BFC46749E1B1}" = Qualcomm Gobi 2000 Package for Lenovo
"{ED544336-B83E-3E72-731C-B75648AD04CC}" = CCC Help Greek
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F4BD11FE-8C8E-4FB8-826E-D3FDBF1CF037}" = Mobile Broadband Connect
"{F6717C50-4256-D361-2CA1-3AD533D67954}" = CCC Help Swedish
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Business Contact Manager" = Business Contact Manager for Microsoft Outlook 2010
"CieoNetUtilities_0ebar Uninstall" = CieoNet Utilities
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FreeCall_is1" = FreeCall
"Google Chrome" = Google Chrome
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Lenovo Welcome_is1" = Lenovo Welcome
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NIS" = Norton Internet Security
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-937968807-2987181820-2307277295-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6/24/2011 4:00:39 AM | Computer Name = Beauty | Source = PC-Doctor | ID = 1
Description = (10964) Asapi: (09:00:39:2620)(10964) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.ExpiringWarranty.button.text locale:
PCDLocale: language = en, customer = lenovo, variant = ltt
Error - 6/24/2011 4:00:39 AM | Computer Name = Beauty | Source = PC-Doctor | ID = 1
Description = (10964) Asapi: (09:00:39:2620)(10964) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.ExpiringWarranty.button.text locale:
PCDLocale: language = en, customer = lenovo, variant = ltt
Error - 6/24/2011 4:00:39 AM | Computer Name = Beauty | Source = PC-Doctor | ID = 1
Description = (10964) Asapi: (09:00:39:4980)(10964) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.ExtendWarranty.title locale: PCDLocale:
language = en, customer = lenovo, variant = ltt
Error - 6/24/2011 4:00:39 AM | Computer Name = Beauty | Source = PC-Doctor | ID = 1
Description = (10964) Asapi: (09:00:39:5020)(10964) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.ExtendWarranty.body locale: PCDLocale:
language = en, customer = lenovo, variant = ltt
Error - 6/24/2011 4:00:39 AM | Computer Name = Beauty | Source = PC-Doctor | ID = 1
Description = (10964) Asapi: (09:00:39:5080)(10964) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.ExtendWarranty.button.text locale:
PCDLocale: language = en, customer = lenovo, variant = ltt
Error - 6/24/2011 4:00:39 AM | Computer Name = Beauty | Source = PC-Doctor | ID = 1
Description = (10964) Asapi: (09:00:39:5080)(10964) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.ExtendWarranty.button.text locale:
PCDLocale: language = en, customer = lenovo, variant = ltt
Error - 6/24/2011 4:01:03 AM | Computer Name = Beauty | Source = PC-Doctor | ID = 1
Description = (10964) Asapi: (09:01:03:5260)(10964) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.LenovoCare.title locale: PCDLocale:
language = en, customer = lenovo, variant = ltt
Error - 6/24/2011 4:01:03 AM | Computer Name = Beauty | Source = PC-Doctor | ID = 1
Description = (10964) Asapi: (09:01:03:5260)(10964) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.LenovoCare.body locale: PCDLocale:
language = en, customer = lenovo, variant = ltt
Error - 6/24/2011 4:01:03 AM | Computer Name = Beauty | Source = PC-Doctor | ID = 1
Description = (10964) Asapi: (09:01:03:5260)(10964) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale:
language = en, customer = lenovo, variant = ltt
Error - 6/24/2011 4:01:03 AM | Computer Name = Beauty | Source = PC-Doctor | ID = 1
Description = (10964) Asapi: (09:01:03:5560)(10964) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale:
language = en, customer = lenovo, variant = ltt
[ Lenovo-Message Center Plus/Admin Events ]
Error - 6/27/2010 10:02:42 PM | Computer Name = Beauty | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.
Error - 10/13/2010 6:12:38 PM | Computer Name = Beauty | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.
Error - 12/17/2010 10:41:44 AM | Computer Name = Beauty | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.
Error - 7/9/2011 7:46:39 AM | Computer Name = Beauty | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The remote server returned an error: (503) Server Unavailable. ->
Exception message: The remote server returned an error: (503) Server Unavailable.
Error - 7/12/2011 5:40:22 PM | Computer Name = Beauty | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The remote server returned an error: (503) Server Unavailable. ->
Exception message: The remote server returned an error: (503) Server Unavailable.
[ System Events ]
Error - 12/24/2011 10:10:39 PM | Computer Name = Beauty | Source = Service Control Manager | ID = 7031
Description = The Telephony service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.
Error - 12/24/2011 10:11:49 PM | Computer Name = Beauty | Source = Service Control Manager | ID = 7034
Description = The Cryptographic Services service terminated unexpectedly. It has
done this 2 time(s).
Error - 12/24/2011 10:11:49 PM | Computer Name = Beauty | Source = Service Control Manager | ID = 7031
Description = The DNS Client service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 300000 milliseconds:
Restart the service.
Error - 12/24/2011 10:11:49 PM | Computer Name = Beauty | Source = Service Control Manager | ID = 7031
Description = The Workstation service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.
Error - 12/24/2011 10:11:51 PM | Computer Name = Beauty | Source = Service Control Manager | ID = 7031
Description = The Network Location Awareness service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 100
milliseconds: Restart the service.
Error - 12/24/2011 10:11:51 PM | Computer Name = Beauty | Source = Service Control Manager | ID = 7031
Description = The Telephony service terminated unexpectedly. It has done this 2
time(s). The following corrective action will be taken in 300000 milliseconds:
Restart the service.
Error - 12/24/2011 10:12:36 PM | Computer Name = Beauty | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the DNS Client service, but this
action failed with the following error: %%1056
Error - 12/25/2011 4:31:54 AM | Computer Name = Beauty | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).
Error - 5/6/2012 4:21:37 PM | Computer Name = Beauty | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:03:32 on ?25/?12/?2011 was unexpected.
Error - 5/6/2012 3:27:56 PM | Computer Name = Beauty | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).
< End of report >
This is the first one aswMBR.txt
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-06 22:59:01
-----------------------------
22:59:01.683 OS Version: Windows x64 6.1.7601 Service Pack 1
22:59:01.684 Number of processors: 4 586 0x2502
22:59:01.685 ComputerName: BEAUTY UserName:
22:59:07.328 Initialize success
22:59:41.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:59:41.255 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
22:59:41.271 Disk 0 MBR read successfully
22:59:41.273 Disk 0 MBR scan
22:59:41.276 Disk 0 unknown MBR code
22:59:41.287 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
22:59:41.302 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465737 MB offset 2459648
22:59:41.331 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072
22:59:41.366 Disk 0 scanning C:\Windows\system32\drivers
22:59:45.099 Service scanning
23:00:01.043 Modules scanning
23:00:01.055 Disk 0 trace - called modules:
23:00:01.100 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
23:00:01.108 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cdb790]
23:00:01.118 3 CLASSPNP.SYS[fffff88001a9143f] -> nt!IofCallDriver -> [0xfffffa80049fc560]
23:00:01.126 5 ACPI.sys[fffff88000f5a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a01050]
23:00:01.133 Scan finished successfully
23:00:23.356 Disk 0 MBR has been saved successfully to "C:\Users\Nikolina\Desktop\MBR.dat"
23:00:23.361 The log file has been saved successfully to "C:\Users\Nikolina\Desktop\aswMBR.txt"
OTL.txt
OTL logfile created on: 5/6/2012 11:05:50 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Nikolina\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.86 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 55.59% Memory free
7.73 Gb Paging File | 5.91 Gb Available in Paging File | 76.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.82 Gb Total Space | 349.22 Gb Free Space | 76.78% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 0.61 Gb Free Space | 6.23% Space Free | Partition Type: NTFS
Computer Name: BEAUTY | User Name: Nikolina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/06 23:02:03 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Nikolina\Desktop\OTL.exe
PRC - [2011/09/06 15:47:44 | 005,152,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
PRC - [2011/08/24 10:35:05 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebarsvc.exe
PRC - [2011/08/24 10:35:05 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebrmon.exe
PRC - [2011/08/23 22:54:59 | 014,051,120 | ---- | M] (FreeCall) -- C:\Program Files (x86)\FreeCall.com\FreeCall\freecall.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2010/03/25 20:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2010/03/01 19:31:32 | 000,402,792 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2010/03/01 19:29:14 | 000,435,560 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
PRC - [2010/03/01 19:29:12 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2010/03/01 19:29:10 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2010/03/01 19:17:52 | 000,344,064 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2010/02/18 07:26:38 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/02/10 23:40:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2010/02/05 20:20:50 | 000,331,512 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
PRC - [2009/11/24 05:51:20 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/11/17 10:06:04 | 000,044,984 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2009/11/17 06:07:46 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/11/16 10:19:38 | 000,062,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/11/11 09:33:12 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2009/11/09 05:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\cammute.exe
PRC - [2009/11/04 05:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 05:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/28 22:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/05/28 06:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
========== Modules (No Company Name) ==========
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/08/28 22:27:20 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\Common Files\Lenovo\CDRecord.dll
MOD - [2009/05/28 06:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/02/18 07:26:38 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/01/13 14:04:10 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/18 06:04:24 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009/11/17 10:06:04 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2009/11/16 10:19:38 | 000,062,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2009/11/09 05:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\cammute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2009/10/09 20:12:52 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2009/09/30 01:25:48 | 000,126,392 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/09/22 00:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2009/09/22 00:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/04/14 05:06:22 | 000,306,688 | ---- | M] (Option) [Auto | Running] -- C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe -- (GtFlashSwitch)
SRV - [2011/08/24 10:35:05 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebarsvc.exe -- (CieoNetUtilities_0eService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe -- (NIS)
SRV - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/03/25 20:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/01 19:29:12 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2010/03/01 19:29:10 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/02/10 23:40:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010/02/05 20:20:50 | 000,331,512 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe -- (QDLService2kLenovo) Qualcomm Gobi 2000 Download Service (Lenovo)
SRV - [2010/01/05 19:12:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/11/04 05:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/11/04 05:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/08/28 22:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/07/08 17:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/06/27 16:06:54 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020200}_0)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/02 23:24:03 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/31 04:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/31 04:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/15 03:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 07:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 06:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/23 00:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/08 13:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/05 18:41:38 | 000,241,664 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbnetlno2k.sys -- (qcusbnetlno2k) Gobi 2000 USB-NDIS miniport(05C6-9205)
DRV:64bit: - [2010/02/05 18:41:38 | 000,121,600 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbserlno2k.sys -- (qcusbserlno2k) Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205)
DRV:64bit: - [2010/02/05 18:41:38 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcfilterlno2k.sys -- (qcfilterlno2k) Gobi 2000 USB Composite Device Filter Driver(05C6-9205)
DRV:64bit: - [2010/01/15 20:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/15 05:23:00 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/15 05:23:00 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/15 05:23:00 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/13 14:26:02 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/01/13 14:26:02 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/13 13:10:58 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/05 19:12:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2009/12/02 07:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/11/30 07:56:00 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/11/18 06:04:04 | 000,032,880 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009/10/26 04:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/09 20:11:38 | 000,136,744 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009/10/09 20:10:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009/09/30 01:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/30 01:25:50 | 000,012,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/15 20:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/02 03:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/06/18 18:21:58 | 000,161,024 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 06:33:00 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/05/12 10:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2007/07/09 14:17:44 | 000,110,592 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV:64bit: - [2007/06/26 13:39:10 | 000,070,656 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gt72ubus.sys -- (GT72UBUS)
DRV:64bit: - [2007/03/30 13:38:16 | 000,010,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtptser.sys -- (GTPTSER)
DRV - [2012/05/06 20:56:13 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120505.016\ex64.sys -- (NAVEX15)
DRV - [2012/05/06 20:56:13 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/05/06 20:56:13 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys -- (EraserUtilDrv11122)
DRV - [2012/05/06 20:56:13 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120505.016\eng64.sys -- (NAVENG)
DRV - [2012/05/05 01:07:30 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120505.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/04/13 01:34:56 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120413.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/12/01 00:18:16 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 57 A9 BA D2 2B CD 01 [binary data]
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\URLSearchHook: {f864ba3f-9878-458a-ba2b-dad32bcbc472} - No CLSID value found
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/we...l&geo=GB&ver=17
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\SearchScopes\{ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@CieoNetUtilities_0e.com/Plugin: C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\NP0eStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/inoPanoViewer: C:\Program Files (x86)\innoPlus\Panorama-Viewer-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Nikolina\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2012/05/05 02:31:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_4_3 [2012/05/06 21:22:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\0effxtbr@CieoNetUtilities_0e.com: C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin [2012/05/05 02:27:38 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Search Assistant BHO) - {4cbfd6a0-f21b-4d52-bf56-c57a37625141} - C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0eSrcAs.dll (COMPANYVERS_NAME)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Toolbar BHO) - {8ca6701f-b8e8-43b9-b206-b2a9ee3216cf} - C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebar.dll (MindSpark)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (CieoNet Utilities) - {8175e372-1ff1-4288-8e6e-addebd415d47} - C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\Toolbar\WebBrowser: (CieoNet Utilities) - {8175E372-1FF1-4288-8E6E-ADDEBD415D47} - C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebar.dll (MindSpark)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe ()
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CieoNetUtilities_0e Browser Plugin Loader] C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-937968807-2987181820-2307277295-1003..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} http://shop.lenovo.c...MachineInfo.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {5CF549B1-E178-4D8C-ADEF-73F226644F12} http://deploy.webvde.../WebVDSetUp.cab (Room328 Designer Setup)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5051B246-2951-4358-9621-24C4FC939F5A}: DhcpNameServer = 10.48.65.30
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4AA4D0D-BCBD-471E-BEBB-A3BFBA50DA4B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 17:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{5aa4b7a3-6dc7-11df-81ab-c80aa9467b0d}\Shell - "" = AutoRun
O33 - MountPoints2\{5aa4b7a3-6dc7-11df-81ab-c80aa9467b0d}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{bfbc8c31-4873-11df-9379-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bfbc8c31-4873-11df-9379-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/05/07 03:08:42 | 000,000,000 | ---D | C] -- C:\FRST
[2012/05/06 23:01:09 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Nikolina\Desktop\OTL.exe
[2012/05/06 22:58:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Nikolina\Desktop\aswMBR.exe
[2012/05/06 21:24:31 | 000,000,000 | ---D | C] -- C:\Users\Nikolina\AppData\Local\{69ADFFDD-7209-4B43-9DF9-AA51ADFF5FCC}
[2012/05/06 21:23:37 | 000,000,000 | ---D | C] -- C:\Users\Nikolina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2012/05/06 21:21:18 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[10 C:\Users\Nikolina\Documents\*.tmp files -> C:\Users\Nikolina\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/06 23:02:03 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Nikolina\Desktop\OTL.exe
[2012/05/06 23:00:23 | 000,000,512 | ---- | M] () -- C:\Users\Nikolina\Desktop\MBR.dat
[2012/05/06 22:58:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Nikolina\Desktop\aswMBR.exe
[2012/05/06 22:24:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/06 21:33:37 | 000,002,351 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/06 21:24:07 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/06 21:21:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/06 21:21:10 | 3111,555,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/06 21:15:55 | 001,957,462 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2012/05/06 20:45:02 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/05/06 20:41:02 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/05/06 20:31:56 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/06 20:31:56 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/06 20:26:30 | 000,792,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/06 20:26:30 | 000,675,582 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/06 20:26:30 | 000,128,548 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/05 09:35:20 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat
[10 C:\Users\Nikolina\Documents\*.tmp files -> C:\Users\Nikolina\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/06 23:00:23 | 000,000,512 | ---- | C] () -- C:\Users\Nikolina\Desktop\MBR.dat
[2012/05/06 21:21:10 | 3111,555,072 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/05 09:35:20 | 000,001,732 | ---- | C] () -- C:\tvtpktfilter.dat
[2011/11/21 21:55:57 | 000,000,216 | -H-- | C] () -- C:\ProgramData\~s760lQjjteTrvbr
[2011/11/21 21:55:56 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~s760lQjjteTrvb
[2011/11/21 21:55:51 | 000,000,464 | -H-- | C] () -- C:\ProgramData\s760lQjjteTrvb
[2011/07/16 21:58:35 | 000,670,496 | -H-- | C] () -- C:\Users\Nikolina\AppData\Local\wanancsp.dat
[2011/01/04 23:49:42 | 000,001,940 | ---- | C] () -- C:\Users\Nikolina\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
========== LOP Check ==========
[2012/05/05 10:53:27 | 000,000,000 | ---D | M] -- C:\Users\Nikolina\AppData\Roaming\Downloaded Installations
[2012/05/05 10:53:28 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\eTeks
[2012/05/05 02:38:32 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\FreeCall
[2012/05/05 10:53:28 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\InterVideo
[2012/05/05 10:53:28 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\Lenovo
[2012/05/05 10:55:33 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\Nitro PDF
[2012/05/05 10:55:34 | 000,000,000 | ---D | M] -- C:\Users\Nikolina\AppData\Roaming\PCDr
[2012/05/05 10:55:38 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\QcWizard
[2012/05/05 02:38:49 | 000,000,000 | ---D | M] -- C:\Users\Nikolina\AppData\Roaming\Tific
[2012/05/05 10:55:42 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\Ulead Systems
[2012/05/05 10:55:42 | 000,000,000 | ---D | M] -- C:\Users\Nikolina\AppData\Roaming\Update
[2011/01/26 13:48:59 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\Windows Live Writer
[2012/05/06 20:41:02 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/09/14 01:16:10 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/06 20:45:02 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2010/04/15 11:42:28 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/04/15 11:42:28 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/04/15 11:43:20 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/04/15 11:43:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/04/15 11:43:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/04/15 11:42:28 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/04/15 11:43:20 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/04/15 11:42:28 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
< MD5 for: EXPLORER.EXE.MUI >
[2009/07/14 03:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/14 03:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: USERINIT.EXE.MUI >
[2009/07/14 03:26:28 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=87AE19DA46FE7D5E293937DD36FF1889 -- C:\Windows\SysNative\en-US\userinit.exe.mui
[2009/07/14 03:03:34 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=EA67C653ECFED02D7DBFB889A908CAA9 -- C:\Windows\SysWOW64\en-US\userinit.exe.mui
< MD5 for: WINLOGON.EXE >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/04/15 11:44:20 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=9ED521C0B287D4A396E1456B3D1556C9 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_cbde32e1ee86914c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2010/04/15 11:44:20 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=FEFF314FF78051201309E47D90554BE8 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_cc6fd1fd079cfbce\winlogon.exe
< MD5 for: WINLOGON.EXE.MUI >
[2010/11/20 14:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
< C:\Windows\assembly\tmp\U\*.* /s >
< %Temp%\smtmp\1\*.* >
< %Temp%\smtmp\2\*.* >
< %Temp%\smtmp\3\*.* >
< %Temp%\smtmp\4\*.* >
< End of report >
And Extras.txt
OTL Extras logfile created on: 5/6/2012 11:05:50 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Nikolina\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.86 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 55.59% Memory free
7.73 Gb Paging File | 5.91 Gb Available in Paging File | 76.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.82 Gb Total Space | 349.22 Gb Free Space | 76.78% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 0.61 Gb Free Space | 6.23% Space Free | Partition Type: NTFS
Computer Name: BEAUTY | User Name: Nikolina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003E2113-4B90-4707-978E-B1E2584F5EE5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{02379939-7B02-4A37-AD8C-09C4ABABE869}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{061ADE52-51EF-445D-8D4E-4080C2ABB305}" = lport=138 | protocol=17 | dir=in | app=system |
"{0D4AC2A4-7AB3-4797-8331-5BF3DFD2076F}" = rport=137 | protocol=17 | dir=out | app=system |
"{0F2BFB98-5E26-4BB0-A922-E1150E09C52B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1F45F88E-673D-4E85-A4FB-E9A328D32D35}" = lport=137 | protocol=17 | dir=in | app=system |
"{24732480-3923-433B-ACED-F11982A897B7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{47D5C785-9648-4C65-B811-045ADF2CBC5A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{4E0741A0-3855-44F7-9643-C9F1D00799D7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{609466EF-AC9A-4DDD-8A95-F01C64A779C9}" = rport=138 | protocol=17 | dir=out | app=system |
"{62BB5A69-60AC-43BD-9DF1-92D39F647A35}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6E49F4B3-A0B8-4879-832A-7DD920446BDC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6ECDFB08-92F0-4277-A3A2-2B6DB8C093CA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{70B97AFC-C1E5-46A8-B6CF-CEFB9283ED39}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7262EB6E-F6D7-48C3-8CE2-E160049DEA59}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76308093-F75F-43E8-85F3-2BCE10818E69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{815E5488-5C83-4CB0-B1C7-0067529A87A5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8B213B1A-596D-414B-B5F2-3565DAF7C23F}" = rport=445 | protocol=6 | dir=out | app=system |
"{8E3ACA29-628D-4A3B-8BD6-F3FA4F4CFA1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98A6F3AD-3D80-4AE1-B727-FF9636ADE978}" = lport=445 | protocol=6 | dir=in | app=system |
"{A8A554F0-1875-4201-928A-16DCD7361B7E}" = lport=139 | protocol=6 | dir=in | app=system |
"{AC0850FC-66B8-47C9-88D2-BF5F582DD6BD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B79AE537-1175-4EF3-B6B2-FCA7BBB2FA81}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C56CF1D9-7C74-425A-968C-91716203F03E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C76EEE2A-3AD2-4B7E-B2A3-BDBF85E0E49F}" = rport=139 | protocol=6 | dir=out | app=system |
"{CF010E83-F1B7-45BB-87D9-8EB6CB148B7E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{D1CBA127-2A79-452A-9706-376C31DEBD51}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D7F643D0-8CD1-456D-9AD8-205BAF2B5B79}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EE114B2C-C1FB-4B6B-80B7-2A7188FCDE0C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F9450372-11FD-4B1A-89AE-ABBD63DD7B24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FE5524D8-1694-468E-8459-F92E7CB55114}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0108444E-746C-48E4-B72F-E602A06D845D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{01E4798F-AAB1-4E87-9EC3-B52EE4489653}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{04B14E66-2215-4E59-8A1B-BB699035C55F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{056D3D0D-229E-486D-891C-22AEBBB7D47E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0944C192-77C3-409A-9A25-FD9A68D5B693}" = protocol=17 | dir=in | app=c:\program files (x86)\freecall.com\freecall\freecall.exe |
"{0E46E808-2478-48AF-A367-7483403E1582}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{114FC76B-8C03-45F7-89EF-3084A96E77C9}" = protocol=17 | dir=in | app=c:\program files (x86)\freecall.com\freecall\freecall.exe |
"{20F96301-EB18-4BC1-B5EE-EE6363434630}" = protocol=6 | dir=out | app=system |
"{314E60CB-C496-4943-8D63-15D8D0A5527E}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{35921508-0D22-4B62-8B7C-1489F39A6483}" = protocol=6 | dir=in | app=c:\program files (x86)\freecall.com\freecall\freecall.exe |
"{3997442A-E8D2-4F09-A8B6-EFFE59C6DC88}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3EF45792-B2D4-48BE-9B78-8809EBE72696}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{535296B7-3B63-47D6-9C99-41D530043C3C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |
"{54B3DB82-CC65-4228-A2F4-D943E9B1C0D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B763542-96F6-47E7-A54B-FD53460FC680}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6D6F7592-1D29-49BD-B6B6-FDCB789F18CA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{739083D8-5B01-47E5-8C24-699F27497F9C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{75333414-CD03-43F9-8017-98902E6DA804}" = protocol=1 | dir=in | [email protected],-28543 |
"{7FCB6A17-B033-4D45-98E5-07987E44E78D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{82E4972A-2EE7-4B87-9DDB-9EC74645F752}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{85CBDCC6-D4EA-4685-9749-D072C19E8005}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{876B265D-1470-4CCE-8B84-6902888826CA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{9A8429C1-2ECC-4266-A488-CB1AC9955B38}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9A84EBE1-0972-4D6F-BBE0-EBB3C77D1E0E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9AA2AA59-3518-49A5-BDE9-064F2427D658}" = protocol=6 | dir=in | app=c:\program files (x86)\freecall.com\freecall\freecall.exe |
"{A2DE365C-061D-44FB-BA24-1DCBD49E77E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A76CBE20-1BFE-471F-8423-C2C37D252595}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A84EC4D2-F31B-4A77-84D0-DF8F94FB0EE7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B45D8B39-0727-42EF-AE1E-1905A7A410CC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B894DE3A-C48E-4EE3-A5A1-C2A0117587C3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BA7A2916-0D70-473D-BFED-B373B3503336}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{BC7EE6B2-BF66-49C3-9D1A-F0AE817F57E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6F97F8D-AC43-48F7-9F1A-5E641575A394}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |
"{CD15DCBB-AE02-46ED-B90D-DE7B04AFCCEB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D34AACB8-3A6E-473C-A9A0-655BC4E62E02}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DC3BECC9-9034-417D-86D5-5E0C3951E477}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E4D44B3A-367E-4AEA-B5F2-DF3E441C3626}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E85F0CD4-D3EF-4028-A3F9-BAA00C2FC6A3}" = protocol=58 | dir=out | [email protected],-28546 |
"{E88073CA-2F1E-4DC1-90EC-670EAE696787}" = protocol=1 | dir=out | [email protected],-28544 |
"{ED29A263-6C90-41D5-B45A-211D440C3FBC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |
"{EE559BDC-349E-4306-9675-960EA878B7BB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F823FF51-8E25-4C43-ACB8-A0DBFF7E9B2D}" = protocol=58 | dir=in | [email protected],-28545 |
"{FACC8D83-00A3-4E6B-86B3-A7C8820CF173}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |
"{FB91554F-4335-46C0-805F-72A95BE0CB17}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1A4E5E49-16DC-B032-9D6A-FD703B51EA61}" = ccc-utility64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{3FD730D4-755F-439B-8082-B55E00924A44}" = Client Security - Password Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel® PROSet/Wireless WiFi Software
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC9665FB-D2C5-4721-94F6-674B89786EA5}" = GlobeTrotter Connect
"{F11F930D-5126-CE5C-B36A-19E8B87A5C78}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"114EB224AD576F278686036AA9E1EFB7847E3935" = Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
"1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31" = Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013)
"220F59F12D4F9AB9DC2F81E5F4A560FC75E12468" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (12/01/2009 5.10.0.5992)
"3512AA88B7C41B232F5FF5219DFEEDB41AFC3AEA" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (12/10/2009 6.0.1.6000)
"3544757091834266C7CF5425D84E6EC4AF3A074A" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (12/01/2009 6.0.1.5992)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"573C3C32A1DB5625CA00E633E584E8A0E6383672" = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)
"7341A1B43E7FE58942EB1E820A17C18305DFBCE6" = Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417)
"85CE3A3657FAE5FD305B143E90E6FC89BA53001C" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419)
"A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"ATI Uninstaller" = ATI Uninstaller
"D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1" = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0501943A-EC6C-FEDF-C073-11682700D121}" = CCC Help English
"{050BF7DA-82C4-416A-8294-7AFEB8ED94E1}" = Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0BDC93-A0DB-B7F5-72F9-E901EF1B76AD}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 29
"{27080CAD-8C55-C782-19F2-B120D32B8600}" = CCC Help Danish
"{27AA3C54-1913-21C6-FAF5-8C26AF3475A5}" = CCC Help Portuguese
"{27AE4445-375D-B58D-58E9-6BD4E49C3635}" = CCC Help Hungarian
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2E11EE89-DAA5-65E7-CB9A-3558F4327BCD}" = Catalyst Control Center Localization All
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B4D7895-AB43-3B68-9BC6-4964266A2607}" = CCC Help French
"{3DA363EE-6715-38E8-2BF1-52B9EDB2CA84}" = CCC Help Chinese Standard
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{41941CA6-1D79-39E1-7EBF-90B85269C029}" = CCC Help Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding
"{600A5200-B0CC-F6A2-EF22-0ACFAC71D4D0}" = CCC Help Thai
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E26868-787F-7C55-498B-48DC1DBDFA63}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79240A6D-6599-22B7-26D0-289659071259}" = CCC Help Dutch
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{800998E6-EDF8-EBF5-CE31-1AFFD0E2B5FA}" = CCC Help Czech
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{840CEA81-73BF-AEA2-F499-B59ED274EDCD}" = CCC Help Japanese
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C7750D1-ADE6-4DAD-A54E-871EB2ABFE98}" = ThinkVantage GPS
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9C021685-940E-2797-6E84-4BBA6E4455A1}" = CCC Help Russian
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F999CDF-1FFC-8023-CC66-DB9EACE0B969}" = CCC Help German
"{A1983C32-C0FE-5C58-1472-6EF80427CEF1}" = CCC Help Finnish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2C60BF1-82E3-493C-911D-14AD50471F2F}" = Panorama-Viewer-innoPlus
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A68F1ECD-0097-6733-1B27-F3600DB68823}" = CCC Help Norwegian
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF0100AE-C23A-BDF9-55FA-003871E34D50}" = Catalyst Control Center Graphics Light
"{B371EE8F-30EA-B0FA-7DF4-6B934857799A}" = Catalyst Control Center Core Implementation
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B39783B9-5ADB-B1C2-4056-A85E5FE962EE}" = CCC Help Chinese Traditional
"{B4039C42-62A5-A482-B18B-E077E93FAD46}" = CCC Help Italian
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7536911-5CCB-6D5C-027A-1DB44A00B2A4}" = Catalyst Control Center Graphics Previews Vista
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoplus
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.0.1.2
"{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6DC79DD-84EB-8F56-67F5-9F85FF39D087}" = Catalyst Control Center Graphics Full Existing
"{CAAD69D6-85FF-4C63-B279-5350B072A835}" = ccc-core-static
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEE9C2A0-CCF5-778C-D176-86F9C0379B11}" = CCC Help Spanish
"{CF60B890-DA94-C27A-A0B5-B54E7C402201}" = Catalyst Control Center Graphics Full New
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FDDCE0-86F3-7B03-CFED-F583DA6299E2}" = CCC Help Korean
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4B48349-A165-4097-8D78-AC950BD8638E}" = Business Contact Manager for Microsoft Outlook 2010
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E853D04F-8E25-4C68-808D-BFC46749E1B1}" = Qualcomm Gobi 2000 Package for Lenovo
"{ED544336-B83E-3E72-731C-B75648AD04CC}" = CCC Help Greek
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F4BD11FE-8C8E-4FB8-826E-D3FDBF1CF037}" = Mobile Broadband Connect
"{F6717C50-4256-D361-2CA1-3AD533D67954}" = CCC Help Swedish
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Business Contact Manager" = Business Contact Manager for Microsoft Outlook 2010
"CieoNetUtilities_0ebar Uninstall" = CieoNet Utilities
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FreeCall_is1" = FreeCall
"Google Chrome" = Google Chrome
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Lenovo Welcome_is1" = Lenovo Welcome
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NIS" = Norton Internet Security
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-937968807-2987181820-2307277295-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6/24/2011 4:00:39 AM | Computer Name = Beauty | Source = PC-Doctor | ID = 1
Description = (10964) Asapi: (09:00:39:2620)(10964) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.ExpiringWarranty.button.text locale:
PCDLocale: language = en, customer = lenovo, variant = ltt
Error - 6/24/2011 4:00:39 AM | Computer Name = Beauty | Source = PC-Doctor | ID = 1
Description = (10964) Asapi: (09:00:39:2620)(10964) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.ExpiringWarranty.button.text locale:
PCDLocale: language = en, customer = lenovo, variant = ltt
Error - 6/24/2011 4:00:39 AM | Computer Name = Beauty | Source = PC-Doctor | ID = 1
Description = (10964) Asapi: (09:00:39:4980)(10964) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.ExtendWarranty.title locale: PCDLocale:
language = en, customer = lenovo, variant = ltt
Error - 6/24/2011 4:00:39 AM | Computer Name = Beauty | Source = PC-Doctor | ID = 1
Description = (10964) Asapi: (09:00:39:5020)(10964) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.ExtendWarranty.body locale: PCDLocale:
language = en, customer = lenovo, variant = ltt
Error - 6/24/2011 4:00:39 AM | Computer Name = Beauty | Source = PC-Doctor | ID = 1
Description = (10964) Asapi: (09:00:39:5080)(10964) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.ExtendWarranty.button.text locale:
PCDLocale: language = en, customer = lenovo, variant = ltt
Error - 6/24/2011 4:00:39 AM | Computer Name = Beauty | Source = PC-Doctor | ID = 1
Description = (10964) Asapi: (09:00:39:5080)(10964) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.ExtendWarranty.button.text locale:
PCDLocale: language = en, customer = lenovo, variant = ltt
Error - 6/24/2011 4:01:03 AM | Computer Name = Beauty | Source = PC-Doctor | ID = 1
Description = (10964) Asapi: (09:01:03:5260)(10964) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.LenovoCare.title locale: PCDLocale:
language = en, customer = lenovo, variant = ltt
Error - 6/24/2011 4:01:03 AM | Computer Name = Beauty | Source = PC-Doctor | ID = 1
Description = (10964) Asapi: (09:01:03:5260)(10964) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.LenovoCare.body locale: PCDLocale:
language = en, customer = lenovo, variant = ltt
Error - 6/24/2011 4:01:03 AM | Computer Name = Beauty | Source = PC-Doctor | ID = 1
Description = (10964) Asapi: (09:01:03:5260)(10964) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale:
language = en, customer = lenovo, variant = ltt
Error - 6/24/2011 4:01:03 AM | Computer Name = Beauty | Source = PC-Doctor | ID = 1
Description = (10964) Asapi: (09:01:03:5560)(10964) DEFECT.LOCALIZATION - Error
-- Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale:
language = en, customer = lenovo, variant = ltt
[ Lenovo-Message Center Plus/Admin Events ]
Error - 6/27/2010 10:02:42 PM | Computer Name = Beauty | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.
Error - 10/13/2010 6:12:38 PM | Computer Name = Beauty | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.
Error - 12/17/2010 10:41:44 AM | Computer Name = Beauty | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.
Error - 7/9/2011 7:46:39 AM | Computer Name = Beauty | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The remote server returned an error: (503) Server Unavailable. ->
Exception message: The remote server returned an error: (503) Server Unavailable.
Error - 7/12/2011 5:40:22 PM | Computer Name = Beauty | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The remote server returned an error: (503) Server Unavailable. ->
Exception message: The remote server returned an error: (503) Server Unavailable.
[ System Events ]
Error - 12/24/2011 10:10:39 PM | Computer Name = Beauty | Source = Service Control Manager | ID = 7031
Description = The Telephony service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.
Error - 12/24/2011 10:11:49 PM | Computer Name = Beauty | Source = Service Control Manager | ID = 7034
Description = The Cryptographic Services service terminated unexpectedly. It has
done this 2 time(s).
Error - 12/24/2011 10:11:49 PM | Computer Name = Beauty | Source = Service Control Manager | ID = 7031
Description = The DNS Client service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 300000 milliseconds:
Restart the service.
Error - 12/24/2011 10:11:49 PM | Computer Name = Beauty | Source = Service Control Manager | ID = 7031
Description = The Workstation service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.
Error - 12/24/2011 10:11:51 PM | Computer Name = Beauty | Source = Service Control Manager | ID = 7031
Description = The Network Location Awareness service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 100
milliseconds: Restart the service.
Error - 12/24/2011 10:11:51 PM | Computer Name = Beauty | Source = Service Control Manager | ID = 7031
Description = The Telephony service terminated unexpectedly. It has done this 2
time(s). The following corrective action will be taken in 300000 milliseconds:
Restart the service.
Error - 12/24/2011 10:12:36 PM | Computer Name = Beauty | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the DNS Client service, but this
action failed with the following error: %%1056
Error - 12/25/2011 4:31:54 AM | Computer Name = Beauty | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).
Error - 5/6/2012 4:21:37 PM | Computer Name = Beauty | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:03:32 on ?25/?12/?2011 was unexpected.
Error - 5/6/2012 3:27:56 PM | Computer Name = Beauty | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).
< End of report >
#33
Posted 07 May 2012 - 02:28 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK how is Norton behaving now is it still warning ?
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Run OTL
THEN
Download the latest version of TDSSKiller from here and save it to your Desktop.
Please copy and paste its contents on your next reply.
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
IE - HKLM\..\SearchScopes\{ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\SearchScopes\{ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2}: "URL" = http://search.mywebs...r={searchTerms}
O3 - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
[2011/11/21 21:55:57 | 000,000,216 | -H-- | C] () -- C:\ProgramData\~s760lQjjteTrvbr
[2011/11/21 21:55:56 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~s760lQjjteTrvb
[2011/11/21 21:55:51 | 000,000,464 | -H-- | C] () -- C:\ProgramData\s760lQjjteTrvb
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Download the latest version of TDSSKiller from here and save it to your Desktop.
- Doubleclick on TDSSKiller.exe to run the application
- Then click on Change parameters.
- Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
- Click the Start Scan button.
- If a suspicious object is detected, the default action will be Skip, click on Continue.
- If malicious objects are found, they will show in the Scan results and offer three (3) options.
- Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
- Get the report by selecting Reports
- Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
#34
Posted 07 May 2012 - 04:30 AM
Nikolina
- Topic Starter
-
- Member
-
- 22 posts
Member
Hi
Norton seems very happy....system secure....no more warnings.
This is the contents of the notepad message that popped up immediately after reboot. I thought i'd include it anyway.
I will add at the bottom the results of the quick scan log too.
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2}\ not found.
Registry key HKEY_USERS\S-1-5-21-937968807-2987181820-2307277295-1003\Software\Microsoft\Internet Explorer\SearchScopes\{ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2}\ not found.
Registry value HKEY_USERS\S-1-5-21-937968807-2987181820-2307277295-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
C:\ProgramData\~s760lQjjteTrvbr moved successfully.
C:\ProgramData\~s760lQjjteTrvb moved successfully.
C:\ProgramData\s760lQjjteTrvb moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Nikolina\Desktop\cmd.bat deleted successfully.
C:\Users\Nikolina\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Nikolina
->Temp folder emptied: 373146776 bytes
->Temporary Internet Files folder emptied: 252765979 bytes
->Java cache emptied: 12919400 bytes
->Flash cache emptied: 243500 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 209614170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 22288 bytes
Total Files Cleaned = 810.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.42.3 log created on 05072012_110746
Files\Folders moved on Reboot...
C:\Users\Nikolina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nikolina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Nikolina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3HYU69O\fastbutton[1].htm moved successfully.
Registry entries deleted on Reboot...
RESULTS OF THE OTL QUICK SCAN
OTL logfile created on: 5/7/2012 11:22:01 AM - Run 2
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Nikolina\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.86 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 52.94% Memory free
7.73 Gb Paging File | 5.72 Gb Available in Paging File | 74.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.82 Gb Total Space | 349.49 Gb Free Space | 76.84% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 0.61 Gb Free Space | 6.23% Space Free | Partition Type: NTFS
Computer Name: BEAUTY | User Name: Nikolina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/06 23:02:03 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Nikolina\Desktop\OTL.exe
PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2012/01/11 16:11:58 | 005,153,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
PRC - [2011/08/24 10:35:05 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebarsvc.exe
PRC - [2011/08/24 10:35:05 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebrmon.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe
PRC - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2010/03/25 20:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2010/03/01 19:31:32 | 000,402,792 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2010/03/01 19:29:14 | 000,435,560 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
PRC - [2010/03/01 19:29:12 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2010/03/01 19:29:10 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2010/03/01 19:17:52 | 000,344,064 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2010/02/18 07:26:38 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/02/10 23:40:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2010/02/05 20:20:50 | 000,331,512 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
PRC - [2009/11/24 05:51:20 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/11/17 10:06:04 | 000,044,984 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2009/11/17 06:07:46 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/11/16 10:19:38 | 000,062,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/11/11 09:33:12 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2009/11/09 05:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\cammute.exe
PRC - [2009/11/04 05:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 05:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/28 22:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/05/28 06:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
========== Modules (No Company Name) ==========
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/05/28 06:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/02/18 07:26:38 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/01/13 14:04:10 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/18 06:04:24 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009/11/17 10:06:04 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2009/11/16 10:19:38 | 000,062,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2009/11/09 05:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\cammute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2009/10/09 20:12:52 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2009/09/30 01:25:48 | 000,126,392 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/09/22 00:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2009/09/22 00:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/04/14 05:06:22 | 000,306,688 | ---- | M] (Option) [Auto | Running] -- C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe -- (GtFlashSwitch)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/08/24 10:35:05 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebarsvc.exe -- (CieoNetUtilities_0eService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe -- (NIS)
SRV - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/03/25 20:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/01 19:29:12 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2010/03/01 19:29:10 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/02/10 23:40:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010/02/05 20:20:50 | 000,331,512 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe -- (QDLService2kLenovo) Qualcomm Gobi 2000 Download Service (Lenovo)
SRV - [2010/01/05 19:12:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/11/04 05:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/11/04 05:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/08/28 22:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/27 16:06:54 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020200}_0)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/02 23:24:03 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/21 02:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/31 04:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/31 04:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/15 03:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 07:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 06:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/23 00:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/08 13:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/05 18:41:38 | 000,241,664 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbnetlno2k.sys -- (qcusbnetlno2k) Gobi 2000 USB-NDIS miniport(05C6-9205)
DRV:64bit: - [2010/02/05 18:41:38 | 000,121,600 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbserlno2k.sys -- (qcusbserlno2k) Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205)
DRV:64bit: - [2010/02/05 18:41:38 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcfilterlno2k.sys -- (qcfilterlno2k) Gobi 2000 USB Composite Device Filter Driver(05C6-9205)
DRV:64bit: - [2010/01/15 20:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/15 05:23:00 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/15 05:23:00 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/15 05:23:00 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/13 14:26:02 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/01/13 14:26:02 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/13 13:10:58 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/05 19:12:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2009/12/02 07:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/11/30 07:56:00 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/11/18 06:04:04 | 000,032,880 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009/10/26 04:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/09 20:11:38 | 000,136,744 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009/10/09 20:10:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009/09/30 01:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/30 01:25:50 | 000,012,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/15 20:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/02 03:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/06/18 18:21:58 | 000,161,024 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 06:33:00 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/05/12 10:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2007/07/09 14:17:44 | 000,110,592 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV:64bit: - [2007/06/26 13:39:10 | 000,070,656 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gt72ubus.sys -- (GT72UBUS)
DRV:64bit: - [2007/03/30 13:38:16 | 000,010,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtptser.sys -- (GTPTSER)
DRV - [2012/05/06 20:56:13 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120506.006\EX64.SYS -- (NAVEX15)
DRV - [2012/05/06 20:56:13 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/05/06 20:56:13 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/06 20:56:13 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120506.006\ENG64.SYS -- (NAVENG)
DRV - [2012/05/05 01:07:30 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120505.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/04/13 01:34:56 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120413.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 57 A9 BA D2 2B CD 01 [binary data]
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\URLSearchHook: {f864ba3f-9878-458a-ba2b-dad32bcbc472} - No CLSID value found
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/we...l&geo=GB&ver=17
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@CieoNetUtilities_0e.com/Plugin: C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\NP0eStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/inoPanoViewer: C:\Program Files (x86)\innoPlus\Panorama-Viewer-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Nikolina\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2012/05/07 11:13:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_5_1 [2012/05/07 11:12:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\0effxtbr@CieoNetUtilities_0e.com: C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin [2012/05/05 02:27:38 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2012/05/07 11:07:47 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Search Assistant BHO) - {4cbfd6a0-f21b-4d52-bf56-c57a37625141} - C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0eSrcAs.dll (COMPANYVERS_NAME)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Toolbar BHO) - {8ca6701f-b8e8-43b9-b206-b2a9ee3216cf} - C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebar.dll (MindSpark)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (CieoNet Utilities) - {8175e372-1ff1-4288-8e6e-addebd415d47} - C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\Toolbar\WebBrowser: (CieoNet Utilities) - {8175E372-1FF1-4288-8E6E-ADDEBD415D47} - C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebar.dll (MindSpark)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe ()
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CieoNetUtilities_0e Browser Plugin Loader] C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} http://shop.lenovo.c...MachineInfo.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {5CF549B1-E178-4D8C-ADEF-73F226644F12} http://deploy.webvde.../WebVDSetUp.cab (Room328 Designer Setup)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5051B246-2951-4358-9621-24C4FC939F5A}: DhcpNameServer = 10.48.65.30
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4AA4D0D-BCBD-471E-BEBB-A3BFBA50DA4B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 17:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{5aa4b7a3-6dc7-11df-81ab-c80aa9467b0d}\Shell - "" = AutoRun
O33 - MountPoints2\{5aa4b7a3-6dc7-11df-81ab-c80aa9467b0d}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{bfbc8c31-4873-11df-9379-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bfbc8c31-4873-11df-9379-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/07 11:14:38 | 000,000,000 | ---D | C] -- C:\Users\Nikolina\AppData\Local\{64C80BB3-2C86-412C-A981-8F1BF1320BD3}
[2012/05/07 11:14:26 | 000,000,000 | ---D | C] -- C:\Users\Nikolina\AppData\Local\{DB8FCFE1-CEA0-44F7-8A15-7C8D7DFD00AC}
[2012/05/07 11:07:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/07 03:39:13 | 000,000,000 | ---D | C] -- C:\Users\Nikolina\AppData\Local\{4E4BBDD0-A6B1-4350-BCA4-467669DE6259}
[2012/05/07 03:39:02 | 000,000,000 | ---D | C] -- C:\Users\Nikolina\AppData\Local\{8B679334-1869-447B-A4DD-D5F8E5676FA9}
[2012/05/07 03:08:42 | 000,000,000 | ---D | C] -- C:\FRST
[2012/05/06 23:01:09 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Nikolina\Desktop\OTL.exe
[2012/05/06 22:58:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Nikolina\Desktop\aswMBR.exe
[2012/05/06 21:24:31 | 000,000,000 | ---D | C] -- C:\Users\Nikolina\AppData\Local\{69ADFFDD-7209-4B43-9DF9-AA51ADFF5FCC}
[2012/05/06 21:23:37 | 000,000,000 | ---D | C] -- C:\Users\Nikolina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2012/05/06 21:21:18 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[10 C:\Users\Nikolina\Documents\*.tmp files -> C:\Users\Nikolina\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/07 11:24:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/07 11:20:39 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 11:20:39 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 11:17:32 | 000,792,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/07 11:17:32 | 000,675,582 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/07 11:17:32 | 000,128,548 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/07 11:12:37 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/05/07 11:12:36 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/07 11:12:05 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/05/07 11:11:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/07 11:11:49 | 001,966,966 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1207010.003\Cat.DB
[2012/05/07 11:11:32 | 3111,555,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/07 11:07:47 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/05/07 03:34:55 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/05/07 03:34:41 | 000,439,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/06 23:02:03 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Nikolina\Desktop\OTL.exe
[2012/05/06 23:00:23 | 000,000,512 | ---- | M] () -- C:\Users\Nikolina\Desktop\MBR.dat
[2012/05/06 22:58:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Nikolina\Desktop\aswMBR.exe
[2012/05/06 21:33:37 | 000,002,351 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/05 09:35:20 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat
[10 C:\Users\Nikolina\Documents\*.tmp files -> C:\Users\Nikolina\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/06 23:00:23 | 000,000,512 | ---- | C] () -- C:\Users\Nikolina\Desktop\MBR.dat
[2012/05/06 21:21:10 | 3111,555,072 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/05 09:35:20 | 000,001,732 | ---- | C] () -- C:\tvtpktfilter.dat
[2011/07/16 21:58:35 | 000,670,496 | -H-- | C] () -- C:\Users\Nikolina\AppData\Local\wanancsp.dat
[2011/01/04 23:49:42 | 000,001,940 | ---- | C] () -- C:\Users\Nikolina\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
========== LOP Check ==========
[2012/05/05 10:53:27 | 000,000,000 | ---D | M] -- C:\Users\Nikolina\AppData\Roaming\Downloaded Installations
[2012/05/05 10:53:28 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\eTeks
[2012/05/05 02:38:32 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\FreeCall
[2012/05/05 10:53:28 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\InterVideo
[2012/05/05 10:53:28 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\Lenovo
[2012/05/05 10:55:33 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\Nitro PDF
[2012/05/05 10:55:34 | 000,000,000 | ---D | M] -- C:\Users\Nikolina\AppData\Roaming\PCDr
[2012/05/05 10:55:38 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\QcWizard
[2012/05/05 02:38:49 | 000,000,000 | ---D | M] -- C:\Users\Nikolina\AppData\Roaming\Tific
[2012/05/05 10:55:42 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\Ulead Systems
[2012/05/05 10:55:42 | 000,000,000 | ---D | M] -- C:\Users\Nikolina\AppData\Roaming\Update
[2011/01/26 13:48:59 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\Windows Live Writer
[2012/05/07 03:34:55 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/09/14 01:16:10 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/07 11:12:05 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
========== Purity Check ==========
< End of report >
Norton seems very happy....system secure....no more warnings.
This is the contents of the notepad message that popped up immediately after reboot. I thought i'd include it anyway.
I will add at the bottom the results of the quick scan log too.
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2}\ not found.
Registry key HKEY_USERS\S-1-5-21-937968807-2987181820-2307277295-1003\Software\Microsoft\Internet Explorer\SearchScopes\{ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2}\ not found.
Registry value HKEY_USERS\S-1-5-21-937968807-2987181820-2307277295-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
C:\ProgramData\~s760lQjjteTrvbr moved successfully.
C:\ProgramData\~s760lQjjteTrvb moved successfully.
C:\ProgramData\s760lQjjteTrvb moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Nikolina\Desktop\cmd.bat deleted successfully.
C:\Users\Nikolina\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Nikolina
->Temp folder emptied: 373146776 bytes
->Temporary Internet Files folder emptied: 252765979 bytes
->Java cache emptied: 12919400 bytes
->Flash cache emptied: 243500 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 209614170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 22288 bytes
Total Files Cleaned = 810.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.42.3 log created on 05072012_110746
Files\Folders moved on Reboot...
C:\Users\Nikolina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nikolina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Nikolina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3HYU69O\fastbutton[1].htm moved successfully.
Registry entries deleted on Reboot...
RESULTS OF THE OTL QUICK SCAN
OTL logfile created on: 5/7/2012 11:22:01 AM - Run 2
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Nikolina\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.86 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 52.94% Memory free
7.73 Gb Paging File | 5.72 Gb Available in Paging File | 74.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.82 Gb Total Space | 349.49 Gb Free Space | 76.84% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 0.61 Gb Free Space | 6.23% Space Free | Partition Type: NTFS
Computer Name: BEAUTY | User Name: Nikolina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/06 23:02:03 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Nikolina\Desktop\OTL.exe
PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2012/01/11 16:11:58 | 005,153,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
PRC - [2011/08/24 10:35:05 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebarsvc.exe
PRC - [2011/08/24 10:35:05 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebrmon.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe
PRC - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2010/03/25 20:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2010/03/01 19:31:32 | 000,402,792 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2010/03/01 19:29:14 | 000,435,560 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
PRC - [2010/03/01 19:29:12 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2010/03/01 19:29:10 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2010/03/01 19:17:52 | 000,344,064 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2010/02/18 07:26:38 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/02/10 23:40:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2010/02/05 20:20:50 | 000,331,512 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
PRC - [2009/11/24 05:51:20 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/11/17 10:06:04 | 000,044,984 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2009/11/17 06:07:46 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/11/16 10:19:38 | 000,062,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/11/11 09:33:12 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2009/11/09 05:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\cammute.exe
PRC - [2009/11/04 05:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 05:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/28 22:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/05/28 06:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
========== Modules (No Company Name) ==========
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/05/28 06:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/02/18 07:26:38 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/01/13 14:04:10 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/18 06:04:24 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009/11/17 10:06:04 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2009/11/16 10:19:38 | 000,062,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2009/11/09 05:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\cammute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2009/10/09 20:12:52 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2009/09/30 01:25:48 | 000,126,392 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/09/22 00:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2009/09/22 00:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/04/14 05:06:22 | 000,306,688 | ---- | M] (Option) [Auto | Running] -- C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe -- (GtFlashSwitch)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/08/24 10:35:05 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebarsvc.exe -- (CieoNetUtilities_0eService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe -- (NIS)
SRV - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/03/25 20:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/01 19:29:12 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2010/03/01 19:29:10 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/02/10 23:40:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010/02/05 20:20:50 | 000,331,512 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe -- (QDLService2kLenovo) Qualcomm Gobi 2000 Download Service (Lenovo)
SRV - [2010/01/05 19:12:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/11/04 05:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/11/04 05:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/08/28 22:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/27 16:06:54 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020200}_0)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/02 23:24:03 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/21 02:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/31 04:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/31 04:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/15 03:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 07:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 06:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/23 00:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/08 13:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/05 18:41:38 | 000,241,664 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbnetlno2k.sys -- (qcusbnetlno2k) Gobi 2000 USB-NDIS miniport(05C6-9205)
DRV:64bit: - [2010/02/05 18:41:38 | 000,121,600 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbserlno2k.sys -- (qcusbserlno2k) Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205)
DRV:64bit: - [2010/02/05 18:41:38 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcfilterlno2k.sys -- (qcfilterlno2k) Gobi 2000 USB Composite Device Filter Driver(05C6-9205)
DRV:64bit: - [2010/01/15 20:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/15 05:23:00 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/15 05:23:00 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/15 05:23:00 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/13 14:26:02 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/01/13 14:26:02 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/13 13:10:58 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/05 19:12:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2009/12/02 07:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/11/30 07:56:00 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/11/18 06:04:04 | 000,032,880 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009/10/26 04:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/09 20:11:38 | 000,136,744 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009/10/09 20:10:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009/09/30 01:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/30 01:25:50 | 000,012,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/15 20:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/02 03:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/06/18 18:21:58 | 000,161,024 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 06:33:00 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/05/12 10:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2007/07/09 14:17:44 | 000,110,592 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV:64bit: - [2007/06/26 13:39:10 | 000,070,656 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gt72ubus.sys -- (GT72UBUS)
DRV:64bit: - [2007/03/30 13:38:16 | 000,010,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtptser.sys -- (GTPTSER)
DRV - [2012/05/06 20:56:13 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120506.006\EX64.SYS -- (NAVEX15)
DRV - [2012/05/06 20:56:13 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/05/06 20:56:13 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/06 20:56:13 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120506.006\ENG64.SYS -- (NAVENG)
DRV - [2012/05/05 01:07:30 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120505.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/04/13 01:34:56 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120413.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 57 A9 BA D2 2B CD 01 [binary data]
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\URLSearchHook: {f864ba3f-9878-458a-ba2b-dad32bcbc472} - No CLSID value found
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/we...l&geo=GB&ver=17
IE - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@CieoNetUtilities_0e.com/Plugin: C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\NP0eStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/inoPanoViewer: C:\Program Files (x86)\innoPlus\Panorama-Viewer-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Nikolina\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2012/05/07 11:13:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_5_1 [2012/05/07 11:12:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\0effxtbr@CieoNetUtilities_0e.com: C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin [2012/05/05 02:27:38 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2012/05/07 11:07:47 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Search Assistant BHO) - {4cbfd6a0-f21b-4d52-bf56-c57a37625141} - C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0eSrcAs.dll (COMPANYVERS_NAME)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Toolbar BHO) - {8ca6701f-b8e8-43b9-b206-b2a9ee3216cf} - C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebar.dll (MindSpark)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (CieoNet Utilities) - {8175e372-1ff1-4288-8e6e-addebd415d47} - C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-937968807-2987181820-2307277295-1003\..\Toolbar\WebBrowser: (CieoNet Utilities) - {8175E372-1FF1-4288-8E6E-ADDEBD415D47} - C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebar.dll (MindSpark)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe ()
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CieoNetUtilities_0e Browser Plugin Loader] C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} http://shop.lenovo.c...MachineInfo.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {5CF549B1-E178-4D8C-ADEF-73F226644F12} http://deploy.webvde.../WebVDSetUp.cab (Room328 Designer Setup)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5051B246-2951-4358-9621-24C4FC939F5A}: DhcpNameServer = 10.48.65.30
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4AA4D0D-BCBD-471E-BEBB-A3BFBA50DA4B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 17:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{5aa4b7a3-6dc7-11df-81ab-c80aa9467b0d}\Shell - "" = AutoRun
O33 - MountPoints2\{5aa4b7a3-6dc7-11df-81ab-c80aa9467b0d}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{bfbc8c31-4873-11df-9379-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bfbc8c31-4873-11df-9379-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/07 11:14:38 | 000,000,000 | ---D | C] -- C:\Users\Nikolina\AppData\Local\{64C80BB3-2C86-412C-A981-8F1BF1320BD3}
[2012/05/07 11:14:26 | 000,000,000 | ---D | C] -- C:\Users\Nikolina\AppData\Local\{DB8FCFE1-CEA0-44F7-8A15-7C8D7DFD00AC}
[2012/05/07 11:07:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/07 03:39:13 | 000,000,000 | ---D | C] -- C:\Users\Nikolina\AppData\Local\{4E4BBDD0-A6B1-4350-BCA4-467669DE6259}
[2012/05/07 03:39:02 | 000,000,000 | ---D | C] -- C:\Users\Nikolina\AppData\Local\{8B679334-1869-447B-A4DD-D5F8E5676FA9}
[2012/05/07 03:08:42 | 000,000,000 | ---D | C] -- C:\FRST
[2012/05/06 23:01:09 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Nikolina\Desktop\OTL.exe
[2012/05/06 22:58:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Nikolina\Desktop\aswMBR.exe
[2012/05/06 21:24:31 | 000,000,000 | ---D | C] -- C:\Users\Nikolina\AppData\Local\{69ADFFDD-7209-4B43-9DF9-AA51ADFF5FCC}
[2012/05/06 21:23:37 | 000,000,000 | ---D | C] -- C:\Users\Nikolina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2012/05/06 21:21:18 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[10 C:\Users\Nikolina\Documents\*.tmp files -> C:\Users\Nikolina\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/07 11:24:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/07 11:20:39 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 11:20:39 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 11:17:32 | 000,792,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/07 11:17:32 | 000,675,582 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/07 11:17:32 | 000,128,548 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/07 11:12:37 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/05/07 11:12:36 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/07 11:12:05 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/05/07 11:11:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/07 11:11:49 | 001,966,966 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1207010.003\Cat.DB
[2012/05/07 11:11:32 | 3111,555,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/07 11:07:47 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/05/07 03:34:55 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/05/07 03:34:41 | 000,439,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/06 23:02:03 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Nikolina\Desktop\OTL.exe
[2012/05/06 23:00:23 | 000,000,512 | ---- | M] () -- C:\Users\Nikolina\Desktop\MBR.dat
[2012/05/06 22:58:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Nikolina\Desktop\aswMBR.exe
[2012/05/06 21:33:37 | 000,002,351 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/05 09:35:20 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat
[10 C:\Users\Nikolina\Documents\*.tmp files -> C:\Users\Nikolina\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/06 23:00:23 | 000,000,512 | ---- | C] () -- C:\Users\Nikolina\Desktop\MBR.dat
[2012/05/06 21:21:10 | 3111,555,072 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/05 09:35:20 | 000,001,732 | ---- | C] () -- C:\tvtpktfilter.dat
[2011/07/16 21:58:35 | 000,670,496 | -H-- | C] () -- C:\Users\Nikolina\AppData\Local\wanancsp.dat
[2011/01/04 23:49:42 | 000,001,940 | ---- | C] () -- C:\Users\Nikolina\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
========== LOP Check ==========
[2012/05/05 10:53:27 | 000,000,000 | ---D | M] -- C:\Users\Nikolina\AppData\Roaming\Downloaded Installations
[2012/05/05 10:53:28 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\eTeks
[2012/05/05 02:38:32 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\FreeCall
[2012/05/05 10:53:28 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\InterVideo
[2012/05/05 10:53:28 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\Lenovo
[2012/05/05 10:55:33 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\Nitro PDF
[2012/05/05 10:55:34 | 000,000,000 | ---D | M] -- C:\Users\Nikolina\AppData\Roaming\PCDr
[2012/05/05 10:55:38 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\QcWizard
[2012/05/05 02:38:49 | 000,000,000 | ---D | M] -- C:\Users\Nikolina\AppData\Roaming\Tific
[2012/05/05 10:55:42 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\Ulead Systems
[2012/05/05 10:55:42 | 000,000,000 | ---D | M] -- C:\Users\Nikolina\AppData\Roaming\Update
[2011/01/26 13:48:59 | 000,000,000 | -H-D | M] -- C:\Users\Nikolina\AppData\Roaming\Windows Live Writer
[2012/05/07 03:34:55 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/09/14 01:16:10 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/07 11:12:05 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
========== Purity Check ==========
< End of report >
#35
Posted 07 May 2012 - 04:46 AM
Nikolina
- Topic Starter
-
- Member
-
- 22 posts
Member
I have also run TDSSKiller. I've got the report but it doesn't allow copy-paste option.
I can't save it either.
There were 4 suspicious and no malicious objects.
Is there any other way i can get you those details?
I can't save it either.
There were 4 suspicious and no malicious objects.
Is there any other way i can get you those details?
#36
Posted 07 May 2012 - 08:16 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
No need I am happy with that report.. For information, what happened was that Norton deleted the files but failed to delete the partion settings for the boot sequence thereby it was try to boot from a partition with invalid data
FSRT reset those elements allowing a straight forward reboot
What are the current problems before I tidy up ? Anything at all that is misbehaving or just plain weird
FSRT reset those elements allowing a straight forward reboot
What are the current problems before I tidy up ? Anything at all that is misbehaving or just plain weird
#37
Posted 07 May 2012 - 11:10 AM
Nikolina
- Topic Starter
-
- Member
-
- 22 posts
Member
I have just been checking and everything seems fine.
There is only one windows update that has forever refused to istall and i don't know if that is related to this virus.
It is Security Update for Microsoft Office PowerPoint 2007 (KB2596764).
I have tried MS Fix It in the past to fix that error but with no luck.
There is only one windows update that has forever refused to istall and i don't know if that is related to this virus.
It is Security Update for Microsoft Office PowerPoint 2007 (KB2596764).
I have tried MS Fix It in the past to fix that error but with no luck.
#38
Posted 07 May 2012 - 11:40 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
That is a known error and it is related to an old version of an Office programme being installed alongside the 2010 version or better viz:
Microsoft Office 2007 Primary Interop Assemblies
There is a resolution for it on this page
Give that a whirl and let me know if it works
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
SPRING CLEAN
To manually create a new Restore Point
Now we can purge the infected ones
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes. Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe
Microsoft Office 2007 Primary Interop Assemblies
There is a resolution for it on this page
Give that a whirl and let me know if it works
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[resethosts]
[emptytemp]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
- Go to this site and click Do I have Java
- It will check your current version and then offer to update to the latest version
SPRING CLEAN
To manually create a new Restore Point
- Go to Control Panel and select System
- Select System
- On the left select System Protection and accept the warning if you get one
- Select System Protection Tab
- Select Create at the bottom
- Type in a name i.e. Clean
- Select Create
Now we can purge the infected ones
- GoStart > All programs > Accessories > system tools
- Right click Disc cleanup and select run as administrator
- Select Your main drive and accept the warning if you get one
- For a few moments the system will make some calculations
- Select the More Options tab
- In the System Restore and Shadow Backups select Clean up
- Select Delete on the pop up
- Select OK
- Select Delete
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes. Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe
#39
Posted 07 May 2012 - 05:15 PM
Nikolina
- Topic Starter
-
- Member
-
- 22 posts
Member
I can't thank you enough! You're a life saver !
I removed Microsoft Office 2007 Primary Interop Assemblies and it worked like magic.
I followed the rest of the advice and OTL has been deleted.
I still have aswMBR, plus MBR.dat and aswMBR.txt present on my desktop. Should I remove those?
Also, i thought i updated JAVA but when i click on "Do I have JAVA?" it posts a notepad message with error...and shuts my IE. I tried 3 times and each time a new message pops up.
Here are the contents in case you think they are relevant to what we have been doing.
#
# A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x000000006d484c92, pid=6400, tid=3080
#
# JRE version: 6.0_17-b04
# Java VM: Java HotSpot™ 64-Bit Server VM (14.3-b01 mixed mode windows-amd64 )
# Problematic frame:
# C 0x000000006d484c92
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/...eport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#
--------------- T H R E A D ---------------
Current thread (0x000000000b685000): JavaThread "main" [_thread_in_native, id=3080, stack(0x0000000014520000,0x0000000014720000)]
siginfo: ExceptionCode=0xc0000005, reading address 0x0000000000000000
Registers:
EAX=0x0000000000000003, EBX=0x000000001ce5ce30, ECX=0x0000000000000000, EDX=0x000000001471c6d0
ESP=0x000000001471c680, EBP=0x000000001471c730, ESI=0x000000001d0573a0, EDI=0x000000000b6851b8
EIP=0x000000006d484c92, EFLAGS=0x0000000000010206
Top of Stack: (sp=0x000000001471c680)
0x000000001471c680: 000000001ce5ce30 0000000019c51432
0x000000001471c690: 000000001471c7b8 000000001ce5ce30
0x000000001471c6a0: 000000001d0573a0 0000000019c4589a
0x000000001471c6b0: 000000001ce5ce30 0000000019c51588
0x000000001471c6c0: 0000000019c5c103 0000000019c44e90
0x000000001471c6d0: 0000000000000000 0000000000000000
0x000000001471c6e0: 000000001471c750 000000001471c918
0x000000001471c6f0: 000000001471c6f0 000000001ce5ce30
0x000000001471c700: 000000001471c758 000000001ce68d90
0x000000001471c710: 0000000000000000 000000001ce5ce30
0x000000001471c720: 0000000000000000 000000001471c750
0x000000001471c730: 000000001471c7a8 0000000019c45969
0x000000001471c740: 000000001ce68250 0000000019c4de5b
0x000000001471c750: 00000000131453b0 0000000023659db0
0x000000001471c760: 0000000023659db0 000000001471c768
0x000000001471c770: 000000001ce5cd67 000000001471c7b8
Instructions: (pc=0x000000006d484c92)
0x000000006d484c82: 4c 24 50 85 c0 78 2b 48 c7 44 24 58 00 00 00 00
0x000000006d484c92: 48 8b 01 48 8d 54 24 58 ff 90 40 01 00 00 85 c0
Stack: [0x0000000014520000,0x0000000014720000], sp=0x000000001471c680, free space=2033k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C 0x000000006d484c92
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase()Ljava/lang/String;+31
j sun.plugin2.main.server.JVMInstance.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZIZZ)Z+14
j sun.plugin2.main.server.JVMManager.startAppletImpl(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;ZIZ)Lsun/plugin2/main/server/AppletID;+240
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;)Lsun/plugin2/main/server/AppletID;+16
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZ)Lsun/plugin2/main/server/AppletID;+19
j sun.plugin2.main.server.IExplorerPlugin.maybeStartApplet()V+192
j sun.plugin2.main.server.IExplorerPlugin.access$200(Lsun/plugin2/main/server/IExplorerPlugin;)V+1
j sun.plugin2.main.server.IExplorerPlugin$BackgroundStarter$1.run()V+7
v ~StubRoutines::call_stub
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase0(J)Ljava/lang/String;+0
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase()Ljava/lang/String;+31
j sun.plugin2.main.server.JVMInstance.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZIZZ)Z+14
j sun.plugin2.main.server.JVMManager.startAppletImpl(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;ZIZ)Lsun/plugin2/main/server/AppletID;+240
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;)Lsun/plugin2/main/server/AppletID;+16
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZ)Lsun/plugin2/main/server/AppletID;+19
j sun.plugin2.main.server.IExplorerPlugin.maybeStartApplet()V+192
j sun.plugin2.main.server.IExplorerPlugin.access$200(Lsun/plugin2/main/server/IExplorerPlugin;)V+1
j sun.plugin2.main.server.IExplorerPlugin$BackgroundStarter$1.run()V+7
v ~StubRoutines::call_stub
--------------- P R O C E S S ---------------
Java Threads: ( => current thread )
0x000000000bfb2000 JavaThread "JRE 1.6.0.17 Worker Thread" [_thread_blocked, id=1244, stack(0x0000000025ae0000,0x0000000025be0000)]
0x000000000beb2800 JavaThread "JRE 1.6.0.17 Output Reader Thread" [_thread_in_native, id=2528, stack(0x0000000025c00000,0x0000000025d00000)]
0x000000000beb1800 JavaThread "JRE 1.6.0.17 Output Reader Thread" [_thread_in_native, id=1728, stack(0x0000000025930000,0x0000000025a30000)]
0x000000000beb9000 JavaThread "Thread-0" [_thread_in_native, id=7148, stack(0x0000000025780000,0x0000000025880000)]
0x000000000beb8000 JavaThread "Java Plug-In Pipe Worker Thread (Server-Side)" daemon [_thread_in_native, id=1904, stack(0x0000000025620000,0x0000000025720000)]
0x000000000bee6000 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=1476, stack(0x0000000024810000,0x0000000024910000)]
0x000000000b7c7000 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=6344, stack(0x0000000024510000,0x0000000024610000)]
0x000000000b7c5000 JavaThread "CompilerThread1" daemon [_thread_blocked, id=5092, stack(0x0000000024360000,0x0000000024460000)]
0x000000000b7c0800 JavaThread "CompilerThread0" daemon [_thread_blocked, id=2016, stack(0x00000000241f0000,0x00000000242f0000)]
0x000000000b7c0000 JavaThread "Attach Listener" daemon [_thread_blocked, id=6416, stack(0x00000000240f0000,0x00000000241f0000)]
0x000000000b7bf000 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=1936, stack(0x0000000018b90000,0x0000000018c90000)]
0x0000000015c1a800 JavaThread "Finalizer" daemon [_thread_blocked, id=4932, stack(0x0000000018f10000,0x0000000019010000)]
0x0000000015c1a000 JavaThread "Reference Handler" daemon [_thread_blocked, id=3076, stack(0x0000000019140000,0x0000000019240000)]
=>0x000000000b685000 JavaThread "main" [_thread_in_native, id=3080, stack(0x0000000014520000,0x0000000014720000)]
Other Threads:
0x0000000015c19000 VMThread [stack: 0x00000000183d0000,0x00000000184d0000] [id=5012]
0x000000000b7c8000 WatcherThread [stack: 0x0000000024660000,0x0000000024760000] [id=6320]
VM state:not at safepoint (normal execution)
VM Mutex/Monitor currently owned by a thread: None
Heap
PSYoungGen total 3584K, used 1192K [0x00000000235a0000, 0x00000000239a0000, 0x0000000024040000)
eden space 3072K, 38% used [0x00000000235a0000,0x00000000236ca320,0x00000000238a0000)
from space 512K, 0% used [0x0000000023920000,0x0000000023920000,0x00000000239a0000)
to space 512K, 0% used [0x00000000238a0000,0x00000000238a0000,0x0000000023920000)
PSOldGen total 5312K, used 0K [0x0000000022040000, 0x0000000022570000, 0x00000000235a0000)
object space 5312K, 0% used [0x0000000022040000,0x0000000022040000,0x0000000022570000)
PSPermGen total 21248K, used 4579K [0x000000001cc40000, 0x000000001e100000, 0x0000000022040000)
object space 21248K, 21% used [0x000000001cc40000,0x000000001d0b8c60,0x000000001e100000)
Dynamic libraries:
0x00000000013c0000 - 0x000000000147b000 C:\Program Files\Internet Explorer\iexplore.exe
0x0000000077880000 - 0x0000000077a29000 C:\Windows\SYSTEM32\ntdll.dll
0x0000000077450000 - 0x000000007756f000 C:\Windows\system32\kernel32.dll
0x000007fefe040000 - 0x000007fefe0ac000 C:\Windows\system32\KERNELBASE.dll
0x000007fefe840000 - 0x000007fefe91b000 C:\Windows\system32\ADVAPI32.dll
0x000007fefe170000 - 0x000007fefe20f000 C:\Windows\system32\msvcrt.dll
0x000007fefe150000 - 0x000007fefe16f000 C:\Windows\SYSTEM32\sechost.dll
0x000007fefe210000 - 0x000007fefe33d000 C:\Windows\system32\RPCRT4.dll
0x0000000077780000 - 0x000000007787a000 C:\Windows\system32\USER32.dll
0x000007fefe550000 - 0x000007fefe5b7000 C:\Windows\system32\GDI32.dll
0x000007fefe340000 - 0x000007fefe34e000 C:\Windows\system32\LPK.dll
0x000007feffac0000 - 0x000007feffb89000 C:\Windows\system32\USP10.dll
0x000007fefe920000 - 0x000007fefe991000 C:\Windows\system32\SHLWAPI.dll
0x000007fefed30000 - 0x000007feffab8000 C:\Windows\system32\SHELL32.dll
0x000007fefe9a0000 - 0x000007fefeba3000 C:\Windows\system32\ole32.dll
0x00000000771a0000 - 0x00000000772ed000 C:\Windows\system32\urlmon.dll
0x000007fefebb0000 - 0x000007fefec87000 C:\Windows\system32\OLEAUT32.dll
0x0000000077570000 - 0x000000007777f000 C:\Windows\system32\iertutil.dll
0x00000000772f0000 - 0x000000007744a000 C:\Windows\system32\WININET.dll
0x0000000077a40000 - 0x0000000077a43000 C:\Windows\system32\Normaliz.dll
0x000007fefe7f0000 - 0x000007fefe81e000 C:\Windows\system32\IMM32.DLL
0x000007fefe440000 - 0x000007fefe549000 C:\Windows\system32\MSCTF.dll
0x000007fef5150000 - 0x000007fef5bb8000 C:\Windows\system32\IEFRAME.dll
0x0000000077a50000 - 0x0000000077a57000 C:\Windows\system32\PSAPI.DLL
0x000007fefb790000 - 0x000007fefb7e4000 C:\Windows\system32\OLEACC.dll
0x000007fefc530000 - 0x000007fefc724000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
0x000007fefe0b0000 - 0x000007fefe147000 C:\Windows\system32\comdlg32.dll
0x000007feef1f0000 - 0x000007feef23f000 C:\Program Files\Internet Explorer\IEShims.dll
0x000007fefdc10000 - 0x000007fefdc1f000 C:\Windows\system32\CRYPTBASE.dll
0x000007fefc350000 - 0x000007fefc3a6000 C:\Windows\system32\uxtheme.dll
0x000007fefdb40000 - 0x000007fefdb4b000 C:\Windows\system32\Secur32.dll
0x000007fefdb80000 - 0x000007fefdba5000 C:\Windows\system32\SSPICLI.DLL
0x000007fefdce0000 - 0x000007fefdcef000 C:\Windows\system32\profapi.dll
0x000007fefe7a0000 - 0x000007fefe7ed000 C:\Windows\system32\WS2_32.dll
0x000007fefe350000 - 0x000007fefe358000 C:\Windows\system32\NSI.dll
0x000007fefd3d0000 - 0x000007fefd42b000 C:\Windows\system32\dnsapi.DLL
0x000007fefb3d0000 - 0x000007fefb3f7000 C:\Windows\system32\iphlpapi.DLL
0x000007fefb3c0000 - 0x000007fefb3cb000 C:\Windows\system32\WINNSI.DLL
0x000007fefd550000 - 0x000007fefd5a5000 C:\Windows\system32\mswsock.dll
0x000007fefbf70000 - 0x000007fefbf88000 C:\Windows\system32\dwmapi.dll
0x000007fefcec0000 - 0x000007fefcec7000 C:\Windows\System32\wshtcpip.dll
0x000007fefd540000 - 0x000007fefd547000 C:\Windows\System32\wship6.dll
0x000007fefcaf0000 - 0x000007fefcb1d000 C:\Windows\system32\ntmarta.dll
0x000007fefe3e0000 - 0x000007fefe432000 C:\Windows\system32\WLDAP32.dll
0x000007fefa4f0000 - 0x000007fefa51f000 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
0x0000000073c90000 - 0x0000000073cb6000 C:\Program Files\Bonjour\mdnsNSP.dll
0x000007fefdcc0000 - 0x000007fefdcd4000 C:\Windows\system32\RpcRtRemote.dll
0x000007fefa460000 - 0x000007fefa468000 C:\Windows\system32\rasadhlp.dll
0x000007fefd5b0000 - 0x000007fefd5c7000 C:\Windows\system32\CRYPTSP.dll
0x000007fefd2b0000 - 0x000007fefd2f7000 C:\Windows\system32\rsaenh.dll
0x000007fefec90000 - 0x000007fefed29000 C:\Windows\system32\CLBCatQ.DLL
0x000007feef830000 - 0x000007feef8b9000 C:\Program Files\Internet Explorer\ieproxy.dll
0x000007fefdbb0000 - 0x000007fefdc07000 C:\Windows\system32\apphelp.dll
0x000007fefbaa0000 - 0x000007fefbb02000 C:\Windows\system32\RASAPI32.dll
0x000007fefbc60000 - 0x000007fefbc7c000 C:\Windows\system32\rasman.dll
0x000007fef1550000 - 0x000007fef1561000 C:\Windows\system32\rtutils.dll
0x000007fefab50000 - 0x000007fefaba3000 C:\Windows\System32\fwpuclnt.dll
0x000007fef1b90000 - 0x000007fef1b99000 C:\Windows\system32\sensapi.dll
0x000007feef250000 - 0x000007feef290000 C:\Windows\system32\IEUI.dll
0x000007fef5ce0000 - 0x000007fef5ce7000 C:\Windows\system32\MSIMG32.dll
0x0000000010000000 - 0x0000000010065000 C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll
0x000007fefc400000 - 0x000007fefc52c000 C:\Windows\system32\PROPSYS.dll
0x000007fef0780000 - 0x000007fef079d000 C:\Windows\system32\mssprxy.dll
0x000007fefbf30000 - 0x000007fefbf65000 C:\Windows\system32\xmllite.dll
0x000007fef9dc0000 - 0x000007fef9f8a000 C:\Windows\system32\explorerframe.dll
0x000007fefbfe0000 - 0x000007fefc023000 C:\Windows\system32\DUser.dll
0x000007fefc030000 - 0x000007fefc122000 C:\Windows\system32\DUI70.dll
0x0000000065e40000 - 0x0000000066f3c000 C:\Windows\system32\MSHTML.dll
0x000007fefcdf0000 - 0x000007fefcdfc000 C:\Windows\system32\VERSION.dll
0x000007fefe5c0000 - 0x000007fefe797000 C:\Windows\system32\setupapi.dll
0x000007fefdfc0000 - 0x000007fefdff6000 C:\Windows\system32\CFGMGR32.dll
0x000007fefdfa0000 - 0x000007fefdfba000 C:\Windows\system32\DEVOBJ.dll
0x000007feef100000 - 0x000007feef1e2000 C:\Windows\system32\d2d1.dll
0x000007feeef80000 - 0x000007feef0fe000 C:\Windows\system32\DWrite.dll
0x000007fefa050000 - 0x000007fefa0f7000 C:\Windows\system32\dxgi.dll
0x000007fefe000000 - 0x000007fefe03a000 C:\Windows\system32\WINTRUST.dll
0x000007fefdd90000 - 0x000007fefdef7000 C:\Windows\system32\CRYPT32.dll
0x000007fefdd80000 - 0x000007fefdd8f000 C:\Windows\system32\MSASN1.dll
0x000007fefa160000 - 0x000007fefa194000 C:\Windows\system32\d3d10_1.dll
0x000007fefa100000 - 0x000007fefa155000 C:\Windows\system32\d3d10_1core.dll
0x0000000073b10000 - 0x0000000073b87000 C:\Windows\system32\aticfx64.dll
0x000007fef9ff0000 - 0x000007fef9ffc000 C:\Windows\system32\atiuxp64.dll
0x0000000073780000 - 0x0000000073b0a000 C:\Windows\system32\atidxx64.dll
0x000007fef5cf0000 - 0x000007fef5d2b000 C:\Windows\system32\MLANG.dll
0x000007fefb680000 - 0x000007fefb695000 C:\Windows\system32\NLAapi.dll
0x000007fefdc20000 - 0x000007fefdcb1000 C:\Windows\system32\SXS.DLL
0x0000000067fb0000 - 0x0000000068037000 C:\Windows\System32\ieapfltr.dll
0x000007feed770000 - 0x000007feed9a8000 C:\Windows\System32\jscript9.dll
0x000007feef7d0000 - 0x000007feef7de000 C:\Windows\system32\msimtf.dll
0x000007fefbe00000 - 0x000007fefbf2a000 C:\Windows\system32\windowscodecs.dll
0x000007feeeee0000 - 0x000007feeef24000 C:\Windows\system32\windowscodecsext.dll
0x00000000673d0000 - 0x0000000067faf000 C:\Windows\system32\Macromed\Flash\Flash64_11_1_102.ocx
0x000007fefa000000 - 0x000007fefa03b000 C:\Windows\system32\WINMM.dll
0x000007feeee50000 - 0x000007feeeed8000 C:\Windows\system32\DSOUND.dll
0x000007fefcda0000 - 0x000007fefcdcc000 C:\Windows\system32\POWRPROF.dll
0x000007feed9f0000 - 0x000007feedbef000 C:\Windows\system32\d3d9.dll
0x000007feef6c0000 - 0x000007feef6c7000 C:\Windows\system32\d3d8thk.dll
0x000007feeedb0000 - 0x000007feeee4c000 C:\Windows\system32\mscms.dll
0x000007fefcfe0000 - 0x000007fefcffe000 C:\Windows\system32\USERENV.dll
0x000007feface0000 - 0x000007fefaed2000 C:\Windows\System32\msxml6.dll
0x000007feef240000 - 0x000007feef24b000 C:\Windows\system32\atiu9p64.dll
0x0000000066f40000 - 0x00000000673cb000 C:\Windows\system32\atiumd64.dll
0x0000000065900000 - 0x0000000065b9f000 C:\Windows\system32\atiumd6a.dll
0x000007fefca20000 - 0x000007fefca6b000 C:\Windows\System32\MMDevApi.dll
0x000007feed630000 - 0x000007feed76d000 C:\Windows\system32\d3d10.dll
0x000007feeed60000 - 0x000007feeedab000 C:\Windows\system32\d3d10core.dll
0x000007fef5c40000 - 0x000007fef5c7a000 C:\Windows\system32\msls31.dll
0x000007feeebb0000 - 0x000007feeec47000 C:\Windows\system32\vbscript.dll
0x000007fefd130000 - 0x000007fefd13a000 C:\Windows\system32\credssp.dll
0x000007fefd340000 - 0x000007fefd398000 C:\Windows\system32\schannel.DLL
0x000007feeeab0000 - 0x000007feeebad000 C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
0x000007fefb620000 - 0x000007fefb639000 C:\Windows\system32\ATL.DLL
0x000007fefc130000 - 0x000007fefc345000 C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\gdiplus.dll
0x000007fef4e20000 - 0x000007fef4e5b000 C:\Windows\system32\wdmaud.drv
0x0000000072be0000 - 0x0000000072be6000 C:\Windows\system32\ksuser.dll
0x000007fefcb20000 - 0x000007fefcb29000 C:\Windows\system32\AVRT.dll
0x000007fef5020000 - 0x000007fef506f000 C:\Windows\system32\AUDIOSES.DLL
0x000007fef4e10000 - 0x000007fef4e1a000 C:\Windows\system32\msacm32.drv
0x000007fef4df0000 - 0x000007fef4e08000 C:\Windows\system32\MSACM32.dll
0x000007fef4de0000 - 0x000007fef4de9000 C:\Windows\system32\midimap.dll
0x000007feef810000 - 0x000007feef821000 C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
0x0000000073520000 - 0x00000000735c3000 C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll
0x000000000fd20000 - 0x000000000fd51000 C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
0x000007feed4e0000 - 0x000007feed628000 C:\Windows\System32\NaturalLanguage6.dll
0x000007fef0eb0000 - 0x000007fef10ea000 C:\Windows\system32\tquery.dll
0x000007feece60000 - 0x000007feecedb000 C:\Windows\System32\StructuredQuery.dll
0x000007fefd730000 - 0x000007fefd77e000 C:\Windows\system32\ncrypt.dll
0x000007fefd700000 - 0x000007fefd722000 C:\Windows\system32\bcrypt.dll
VM Arguments:
jvm_args: -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar -Xmx32m -Djava.awt.headless=true -Dkernel.background.download=false -Dkernel.download.dialog=false -XX:MaxDirectMemorySize=64m
java_command: <unknown>
Launcher Type: generic
Environment Variables:
CLASSPATH=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
PATH=C:\Program Files (x86)\Internet Explorer;;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\ThinkPad\Bluetooth Software\;C:\Program Files\ThinkPad\Bluetooth Software\syswow64;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Common Files\Lenovo;C:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files\Common Files\Lenovo;C:\Program Files (x86)\Lenovo\Client Security Solution;C:\Program Files\Lenovo\Client Security Solution;c:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\
USERNAME=Nikolina
OS=Windows_NT
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
--------------- S Y S T E M ---------------
OS: Windows 7 Build 7601 Service Pack 1
CPU:total 4 (8 cores per cpu, 2 threads per core) family 6 model 37 stepping 2, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3, sse4.1, sse4.2, ht
Memory: 4k page, physical 4051508k(2257964k free), swap 8101164k(5977824k free)
vm_info: Java HotSpot™ 64-Bit Server VM (14.3-b01) for windows-amd64 JRE (1.6.0_17-b04), built on Oct 11 2009 00:46:08 by "java_re" with MS VC++ 8.0
time: Mon May 07 23:56:58 2012
elapsed time: 4 seconds
!I removed Microsoft Office 2007 Primary Interop Assemblies and it worked like magic.
I followed the rest of the advice and OTL has been deleted.
I still have aswMBR, plus MBR.dat and aswMBR.txt present on my desktop. Should I remove those?
Also, i thought i updated JAVA but when i click on "Do I have JAVA?" it posts a notepad message with error...and shuts my IE. I tried 3 times and each time a new message pops up.
Here are the contents in case you think they are relevant to what we have been doing.
#
# A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x000000006d484c92, pid=6400, tid=3080
#
# JRE version: 6.0_17-b04
# Java VM: Java HotSpot™ 64-Bit Server VM (14.3-b01 mixed mode windows-amd64 )
# Problematic frame:
# C 0x000000006d484c92
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/...eport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#
--------------- T H R E A D ---------------
Current thread (0x000000000b685000): JavaThread "main" [_thread_in_native, id=3080, stack(0x0000000014520000,0x0000000014720000)]
siginfo: ExceptionCode=0xc0000005, reading address 0x0000000000000000
Registers:
EAX=0x0000000000000003, EBX=0x000000001ce5ce30, ECX=0x0000000000000000, EDX=0x000000001471c6d0
ESP=0x000000001471c680, EBP=0x000000001471c730, ESI=0x000000001d0573a0, EDI=0x000000000b6851b8
EIP=0x000000006d484c92, EFLAGS=0x0000000000010206
Top of Stack: (sp=0x000000001471c680)
0x000000001471c680: 000000001ce5ce30 0000000019c51432
0x000000001471c690: 000000001471c7b8 000000001ce5ce30
0x000000001471c6a0: 000000001d0573a0 0000000019c4589a
0x000000001471c6b0: 000000001ce5ce30 0000000019c51588
0x000000001471c6c0: 0000000019c5c103 0000000019c44e90
0x000000001471c6d0: 0000000000000000 0000000000000000
0x000000001471c6e0: 000000001471c750 000000001471c918
0x000000001471c6f0: 000000001471c6f0 000000001ce5ce30
0x000000001471c700: 000000001471c758 000000001ce68d90
0x000000001471c710: 0000000000000000 000000001ce5ce30
0x000000001471c720: 0000000000000000 000000001471c750
0x000000001471c730: 000000001471c7a8 0000000019c45969
0x000000001471c740: 000000001ce68250 0000000019c4de5b
0x000000001471c750: 00000000131453b0 0000000023659db0
0x000000001471c760: 0000000023659db0 000000001471c768
0x000000001471c770: 000000001ce5cd67 000000001471c7b8
Instructions: (pc=0x000000006d484c92)
0x000000006d484c82: 4c 24 50 85 c0 78 2b 48 c7 44 24 58 00 00 00 00
0x000000006d484c92: 48 8b 01 48 8d 54 24 58 ff 90 40 01 00 00 85 c0
Stack: [0x0000000014520000,0x0000000014720000], sp=0x000000001471c680, free space=2033k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C 0x000000006d484c92
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase()Ljava/lang/String;+31
j sun.plugin2.main.server.JVMInstance.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZIZZ)Z+14
j sun.plugin2.main.server.JVMManager.startAppletImpl(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;ZIZ)Lsun/plugin2/main/server/AppletID;+240
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;)Lsun/plugin2/main/server/AppletID;+16
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZ)Lsun/plugin2/main/server/AppletID;+19
j sun.plugin2.main.server.IExplorerPlugin.maybeStartApplet()V+192
j sun.plugin2.main.server.IExplorerPlugin.access$200(Lsun/plugin2/main/server/IExplorerPlugin;)V+1
j sun.plugin2.main.server.IExplorerPlugin$BackgroundStarter$1.run()V+7
v ~StubRoutines::call_stub
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase0(J)Ljava/lang/String;+0
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase()Ljava/lang/String;+31
j sun.plugin2.main.server.JVMInstance.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZIZZ)Z+14
j sun.plugin2.main.server.JVMManager.startAppletImpl(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;ZIZ)Lsun/plugin2/main/server/AppletID;+240
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;)Lsun/plugin2/main/server/AppletID;+16
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZ)Lsun/plugin2/main/server/AppletID;+19
j sun.plugin2.main.server.IExplorerPlugin.maybeStartApplet()V+192
j sun.plugin2.main.server.IExplorerPlugin.access$200(Lsun/plugin2/main/server/IExplorerPlugin;)V+1
j sun.plugin2.main.server.IExplorerPlugin$BackgroundStarter$1.run()V+7
v ~StubRoutines::call_stub
--------------- P R O C E S S ---------------
Java Threads: ( => current thread )
0x000000000bfb2000 JavaThread "JRE 1.6.0.17 Worker Thread" [_thread_blocked, id=1244, stack(0x0000000025ae0000,0x0000000025be0000)]
0x000000000beb2800 JavaThread "JRE 1.6.0.17 Output Reader Thread" [_thread_in_native, id=2528, stack(0x0000000025c00000,0x0000000025d00000)]
0x000000000beb1800 JavaThread "JRE 1.6.0.17 Output Reader Thread" [_thread_in_native, id=1728, stack(0x0000000025930000,0x0000000025a30000)]
0x000000000beb9000 JavaThread "Thread-0" [_thread_in_native, id=7148, stack(0x0000000025780000,0x0000000025880000)]
0x000000000beb8000 JavaThread "Java Plug-In Pipe Worker Thread (Server-Side)" daemon [_thread_in_native, id=1904, stack(0x0000000025620000,0x0000000025720000)]
0x000000000bee6000 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=1476, stack(0x0000000024810000,0x0000000024910000)]
0x000000000b7c7000 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=6344, stack(0x0000000024510000,0x0000000024610000)]
0x000000000b7c5000 JavaThread "CompilerThread1" daemon [_thread_blocked, id=5092, stack(0x0000000024360000,0x0000000024460000)]
0x000000000b7c0800 JavaThread "CompilerThread0" daemon [_thread_blocked, id=2016, stack(0x00000000241f0000,0x00000000242f0000)]
0x000000000b7c0000 JavaThread "Attach Listener" daemon [_thread_blocked, id=6416, stack(0x00000000240f0000,0x00000000241f0000)]
0x000000000b7bf000 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=1936, stack(0x0000000018b90000,0x0000000018c90000)]
0x0000000015c1a800 JavaThread "Finalizer" daemon [_thread_blocked, id=4932, stack(0x0000000018f10000,0x0000000019010000)]
0x0000000015c1a000 JavaThread "Reference Handler" daemon [_thread_blocked, id=3076, stack(0x0000000019140000,0x0000000019240000)]
=>0x000000000b685000 JavaThread "main" [_thread_in_native, id=3080, stack(0x0000000014520000,0x0000000014720000)]
Other Threads:
0x0000000015c19000 VMThread [stack: 0x00000000183d0000,0x00000000184d0000] [id=5012]
0x000000000b7c8000 WatcherThread [stack: 0x0000000024660000,0x0000000024760000] [id=6320]
VM state:not at safepoint (normal execution)
VM Mutex/Monitor currently owned by a thread: None
Heap
PSYoungGen total 3584K, used 1192K [0x00000000235a0000, 0x00000000239a0000, 0x0000000024040000)
eden space 3072K, 38% used [0x00000000235a0000,0x00000000236ca320,0x00000000238a0000)
from space 512K, 0% used [0x0000000023920000,0x0000000023920000,0x00000000239a0000)
to space 512K, 0% used [0x00000000238a0000,0x00000000238a0000,0x0000000023920000)
PSOldGen total 5312K, used 0K [0x0000000022040000, 0x0000000022570000, 0x00000000235a0000)
object space 5312K, 0% used [0x0000000022040000,0x0000000022040000,0x0000000022570000)
PSPermGen total 21248K, used 4579K [0x000000001cc40000, 0x000000001e100000, 0x0000000022040000)
object space 21248K, 21% used [0x000000001cc40000,0x000000001d0b8c60,0x000000001e100000)
Dynamic libraries:
0x00000000013c0000 - 0x000000000147b000 C:\Program Files\Internet Explorer\iexplore.exe
0x0000000077880000 - 0x0000000077a29000 C:\Windows\SYSTEM32\ntdll.dll
0x0000000077450000 - 0x000000007756f000 C:\Windows\system32\kernel32.dll
0x000007fefe040000 - 0x000007fefe0ac000 C:\Windows\system32\KERNELBASE.dll
0x000007fefe840000 - 0x000007fefe91b000 C:\Windows\system32\ADVAPI32.dll
0x000007fefe170000 - 0x000007fefe20f000 C:\Windows\system32\msvcrt.dll
0x000007fefe150000 - 0x000007fefe16f000 C:\Windows\SYSTEM32\sechost.dll
0x000007fefe210000 - 0x000007fefe33d000 C:\Windows\system32\RPCRT4.dll
0x0000000077780000 - 0x000000007787a000 C:\Windows\system32\USER32.dll
0x000007fefe550000 - 0x000007fefe5b7000 C:\Windows\system32\GDI32.dll
0x000007fefe340000 - 0x000007fefe34e000 C:\Windows\system32\LPK.dll
0x000007feffac0000 - 0x000007feffb89000 C:\Windows\system32\USP10.dll
0x000007fefe920000 - 0x000007fefe991000 C:\Windows\system32\SHLWAPI.dll
0x000007fefed30000 - 0x000007feffab8000 C:\Windows\system32\SHELL32.dll
0x000007fefe9a0000 - 0x000007fefeba3000 C:\Windows\system32\ole32.dll
0x00000000771a0000 - 0x00000000772ed000 C:\Windows\system32\urlmon.dll
0x000007fefebb0000 - 0x000007fefec87000 C:\Windows\system32\OLEAUT32.dll
0x0000000077570000 - 0x000000007777f000 C:\Windows\system32\iertutil.dll
0x00000000772f0000 - 0x000000007744a000 C:\Windows\system32\WININET.dll
0x0000000077a40000 - 0x0000000077a43000 C:\Windows\system32\Normaliz.dll
0x000007fefe7f0000 - 0x000007fefe81e000 C:\Windows\system32\IMM32.DLL
0x000007fefe440000 - 0x000007fefe549000 C:\Windows\system32\MSCTF.dll
0x000007fef5150000 - 0x000007fef5bb8000 C:\Windows\system32\IEFRAME.dll
0x0000000077a50000 - 0x0000000077a57000 C:\Windows\system32\PSAPI.DLL
0x000007fefb790000 - 0x000007fefb7e4000 C:\Windows\system32\OLEACC.dll
0x000007fefc530000 - 0x000007fefc724000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
0x000007fefe0b0000 - 0x000007fefe147000 C:\Windows\system32\comdlg32.dll
0x000007feef1f0000 - 0x000007feef23f000 C:\Program Files\Internet Explorer\IEShims.dll
0x000007fefdc10000 - 0x000007fefdc1f000 C:\Windows\system32\CRYPTBASE.dll
0x000007fefc350000 - 0x000007fefc3a6000 C:\Windows\system32\uxtheme.dll
0x000007fefdb40000 - 0x000007fefdb4b000 C:\Windows\system32\Secur32.dll
0x000007fefdb80000 - 0x000007fefdba5000 C:\Windows\system32\SSPICLI.DLL
0x000007fefdce0000 - 0x000007fefdcef000 C:\Windows\system32\profapi.dll
0x000007fefe7a0000 - 0x000007fefe7ed000 C:\Windows\system32\WS2_32.dll
0x000007fefe350000 - 0x000007fefe358000 C:\Windows\system32\NSI.dll
0x000007fefd3d0000 - 0x000007fefd42b000 C:\Windows\system32\dnsapi.DLL
0x000007fefb3d0000 - 0x000007fefb3f7000 C:\Windows\system32\iphlpapi.DLL
0x000007fefb3c0000 - 0x000007fefb3cb000 C:\Windows\system32\WINNSI.DLL
0x000007fefd550000 - 0x000007fefd5a5000 C:\Windows\system32\mswsock.dll
0x000007fefbf70000 - 0x000007fefbf88000 C:\Windows\system32\dwmapi.dll
0x000007fefcec0000 - 0x000007fefcec7000 C:\Windows\System32\wshtcpip.dll
0x000007fefd540000 - 0x000007fefd547000 C:\Windows\System32\wship6.dll
0x000007fefcaf0000 - 0x000007fefcb1d000 C:\Windows\system32\ntmarta.dll
0x000007fefe3e0000 - 0x000007fefe432000 C:\Windows\system32\WLDAP32.dll
0x000007fefa4f0000 - 0x000007fefa51f000 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
0x0000000073c90000 - 0x0000000073cb6000 C:\Program Files\Bonjour\mdnsNSP.dll
0x000007fefdcc0000 - 0x000007fefdcd4000 C:\Windows\system32\RpcRtRemote.dll
0x000007fefa460000 - 0x000007fefa468000 C:\Windows\system32\rasadhlp.dll
0x000007fefd5b0000 - 0x000007fefd5c7000 C:\Windows\system32\CRYPTSP.dll
0x000007fefd2b0000 - 0x000007fefd2f7000 C:\Windows\system32\rsaenh.dll
0x000007fefec90000 - 0x000007fefed29000 C:\Windows\system32\CLBCatQ.DLL
0x000007feef830000 - 0x000007feef8b9000 C:\Program Files\Internet Explorer\ieproxy.dll
0x000007fefdbb0000 - 0x000007fefdc07000 C:\Windows\system32\apphelp.dll
0x000007fefbaa0000 - 0x000007fefbb02000 C:\Windows\system32\RASAPI32.dll
0x000007fefbc60000 - 0x000007fefbc7c000 C:\Windows\system32\rasman.dll
0x000007fef1550000 - 0x000007fef1561000 C:\Windows\system32\rtutils.dll
0x000007fefab50000 - 0x000007fefaba3000 C:\Windows\System32\fwpuclnt.dll
0x000007fef1b90000 - 0x000007fef1b99000 C:\Windows\system32\sensapi.dll
0x000007feef250000 - 0x000007feef290000 C:\Windows\system32\IEUI.dll
0x000007fef5ce0000 - 0x000007fef5ce7000 C:\Windows\system32\MSIMG32.dll
0x0000000010000000 - 0x0000000010065000 C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll
0x000007fefc400000 - 0x000007fefc52c000 C:\Windows\system32\PROPSYS.dll
0x000007fef0780000 - 0x000007fef079d000 C:\Windows\system32\mssprxy.dll
0x000007fefbf30000 - 0x000007fefbf65000 C:\Windows\system32\xmllite.dll
0x000007fef9dc0000 - 0x000007fef9f8a000 C:\Windows\system32\explorerframe.dll
0x000007fefbfe0000 - 0x000007fefc023000 C:\Windows\system32\DUser.dll
0x000007fefc030000 - 0x000007fefc122000 C:\Windows\system32\DUI70.dll
0x0000000065e40000 - 0x0000000066f3c000 C:\Windows\system32\MSHTML.dll
0x000007fefcdf0000 - 0x000007fefcdfc000 C:\Windows\system32\VERSION.dll
0x000007fefe5c0000 - 0x000007fefe797000 C:\Windows\system32\setupapi.dll
0x000007fefdfc0000 - 0x000007fefdff6000 C:\Windows\system32\CFGMGR32.dll
0x000007fefdfa0000 - 0x000007fefdfba000 C:\Windows\system32\DEVOBJ.dll
0x000007feef100000 - 0x000007feef1e2000 C:\Windows\system32\d2d1.dll
0x000007feeef80000 - 0x000007feef0fe000 C:\Windows\system32\DWrite.dll
0x000007fefa050000 - 0x000007fefa0f7000 C:\Windows\system32\dxgi.dll
0x000007fefe000000 - 0x000007fefe03a000 C:\Windows\system32\WINTRUST.dll
0x000007fefdd90000 - 0x000007fefdef7000 C:\Windows\system32\CRYPT32.dll
0x000007fefdd80000 - 0x000007fefdd8f000 C:\Windows\system32\MSASN1.dll
0x000007fefa160000 - 0x000007fefa194000 C:\Windows\system32\d3d10_1.dll
0x000007fefa100000 - 0x000007fefa155000 C:\Windows\system32\d3d10_1core.dll
0x0000000073b10000 - 0x0000000073b87000 C:\Windows\system32\aticfx64.dll
0x000007fef9ff0000 - 0x000007fef9ffc000 C:\Windows\system32\atiuxp64.dll
0x0000000073780000 - 0x0000000073b0a000 C:\Windows\system32\atidxx64.dll
0x000007fef5cf0000 - 0x000007fef5d2b000 C:\Windows\system32\MLANG.dll
0x000007fefb680000 - 0x000007fefb695000 C:\Windows\system32\NLAapi.dll
0x000007fefdc20000 - 0x000007fefdcb1000 C:\Windows\system32\SXS.DLL
0x0000000067fb0000 - 0x0000000068037000 C:\Windows\System32\ieapfltr.dll
0x000007feed770000 - 0x000007feed9a8000 C:\Windows\System32\jscript9.dll
0x000007feef7d0000 - 0x000007feef7de000 C:\Windows\system32\msimtf.dll
0x000007fefbe00000 - 0x000007fefbf2a000 C:\Windows\system32\windowscodecs.dll
0x000007feeeee0000 - 0x000007feeef24000 C:\Windows\system32\windowscodecsext.dll
0x00000000673d0000 - 0x0000000067faf000 C:\Windows\system32\Macromed\Flash\Flash64_11_1_102.ocx
0x000007fefa000000 - 0x000007fefa03b000 C:\Windows\system32\WINMM.dll
0x000007feeee50000 - 0x000007feeeed8000 C:\Windows\system32\DSOUND.dll
0x000007fefcda0000 - 0x000007fefcdcc000 C:\Windows\system32\POWRPROF.dll
0x000007feed9f0000 - 0x000007feedbef000 C:\Windows\system32\d3d9.dll
0x000007feef6c0000 - 0x000007feef6c7000 C:\Windows\system32\d3d8thk.dll
0x000007feeedb0000 - 0x000007feeee4c000 C:\Windows\system32\mscms.dll
0x000007fefcfe0000 - 0x000007fefcffe000 C:\Windows\system32\USERENV.dll
0x000007feface0000 - 0x000007fefaed2000 C:\Windows\System32\msxml6.dll
0x000007feef240000 - 0x000007feef24b000 C:\Windows\system32\atiu9p64.dll
0x0000000066f40000 - 0x00000000673cb000 C:\Windows\system32\atiumd64.dll
0x0000000065900000 - 0x0000000065b9f000 C:\Windows\system32\atiumd6a.dll
0x000007fefca20000 - 0x000007fefca6b000 C:\Windows\System32\MMDevApi.dll
0x000007feed630000 - 0x000007feed76d000 C:\Windows\system32\d3d10.dll
0x000007feeed60000 - 0x000007feeedab000 C:\Windows\system32\d3d10core.dll
0x000007fef5c40000 - 0x000007fef5c7a000 C:\Windows\system32\msls31.dll
0x000007feeebb0000 - 0x000007feeec47000 C:\Windows\system32\vbscript.dll
0x000007fefd130000 - 0x000007fefd13a000 C:\Windows\system32\credssp.dll
0x000007fefd340000 - 0x000007fefd398000 C:\Windows\system32\schannel.DLL
0x000007feeeab0000 - 0x000007feeebad000 C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
0x000007fefb620000 - 0x000007fefb639000 C:\Windows\system32\ATL.DLL
0x000007fefc130000 - 0x000007fefc345000 C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\gdiplus.dll
0x000007fef4e20000 - 0x000007fef4e5b000 C:\Windows\system32\wdmaud.drv
0x0000000072be0000 - 0x0000000072be6000 C:\Windows\system32\ksuser.dll
0x000007fefcb20000 - 0x000007fefcb29000 C:\Windows\system32\AVRT.dll
0x000007fef5020000 - 0x000007fef506f000 C:\Windows\system32\AUDIOSES.DLL
0x000007fef4e10000 - 0x000007fef4e1a000 C:\Windows\system32\msacm32.drv
0x000007fef4df0000 - 0x000007fef4e08000 C:\Windows\system32\MSACM32.dll
0x000007fef4de0000 - 0x000007fef4de9000 C:\Windows\system32\midimap.dll
0x000007feef810000 - 0x000007feef821000 C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
0x0000000073520000 - 0x00000000735c3000 C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll
0x000000000fd20000 - 0x000000000fd51000 C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
0x000007feed4e0000 - 0x000007feed628000 C:\Windows\System32\NaturalLanguage6.dll
0x000007fef0eb0000 - 0x000007fef10ea000 C:\Windows\system32\tquery.dll
0x000007feece60000 - 0x000007feecedb000 C:\Windows\System32\StructuredQuery.dll
0x000007fefd730000 - 0x000007fefd77e000 C:\Windows\system32\ncrypt.dll
0x000007fefd700000 - 0x000007fefd722000 C:\Windows\system32\bcrypt.dll
VM Arguments:
jvm_args: -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar -Xmx32m -Djava.awt.headless=true -Dkernel.background.download=false -Dkernel.download.dialog=false -XX:MaxDirectMemorySize=64m
java_command: <unknown>
Launcher Type: generic
Environment Variables:
CLASSPATH=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
PATH=C:\Program Files (x86)\Internet Explorer;;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\ThinkPad\Bluetooth Software\;C:\Program Files\ThinkPad\Bluetooth Software\syswow64;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Common Files\Lenovo;C:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Lenovo\Access Connections\;C:\Program Files\Common Files\Lenovo;C:\Program Files (x86)\Lenovo\Client Security Solution;C:\Program Files\Lenovo\Client Security Solution;c:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\
USERNAME=Nikolina
OS=Windows_NT
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
--------------- S Y S T E M ---------------
OS: Windows 7 Build 7601 Service Pack 1
CPU:total 4 (8 cores per cpu, 2 threads per core) family 6 model 37 stepping 2, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3, sse4.1, sse4.2, ht
Memory: 4k page, physical 4051508k(2257964k free), swap 8101164k(5977824k free)
vm_info: Java HotSpot™ 64-Bit Server VM (14.3-b01) for windows-amd64 JRE (1.6.0_17-b04), built on Oct 11 2009 00:46:08 by "java_re" with MS VC++ 8.0
time: Mon May 07 23:56:58 2012
elapsed time: 4 seconds
#41
Posted 09 May 2012 - 02:57 PM
Nikolina
- Topic Starter
-
- Member
-
- 22 posts
Member
Thanks for that! The link worked fine.
Think i'm all up to date now :-) with Filehippo and Malwarebytes!
24 hours later and everything is still working
A massive THANK YOU!
Think i'm all up to date now :-) with Filehippo and Malwarebytes!
24 hours later and everything is still working
A massive THANK YOU!
#42
Posted 09 May 2012 - 03:34 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
