Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Bundled.Toolbar.Ask application found

Started by misshot , Aug 23 2013 03:19 AM

Please log in to reply

#1
misshot

Posted 23 August 2013 - 03:19 AM

Member

Member
55 posts

Hi,

This computer seems laggier than before so i thought to do a ESET scan.

And this is the result of the ESET online scan for another computer.

Please help.

ESET online scan result.

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0f591243ca3921498dec86328180205d
# engine=14872
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-23 09:12:27
# local_time=2013-08-23 05:12:27 (+0800, Malay Peninsula Standard Time)
# country="Singapore"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 0 153959019 0 0
# compatibility_mode=5893 16776573 100 94 0 128878997 0 0
# scanned=239902
# found=10
# cleaned=0
# scan_time=9783
sh=FBCFBF5A01B323927739DD65602EC59AEA76D8EA ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BL application" ac=I fn="C:\Programs Backup\A ACAD (2011)x64.iso"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\JC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\64L5DIRA\ApnIC[1].0"
sh=EEAA8E7CBF57449AB12AB62B19A60C7ECE9C975B ft=1 fh=8f8f2608bfa07014 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\JC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY1W6HYG\ApnIC[1].0"
sh=9D730A0B6235C8599C076B277AD8754247587E6A ft=1 fh=399d76fdebda03ad vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\JC\AppData\Local\Temp\APNStub.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\JC\AppData\Local\Temp\AskSLib.dll"
sh=1E6492DC34B2374E4673733D8E91A5C8C24734D4 ft=1 fh=c4641876c01c22e8 vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="C:\Users\JC\AppData\Local\Temp\foxEB78.tmp\Foxit Reader Setup.exe"
sh=4D6C52988F059C951307DEE8FF161C4E9EF9C984 ft=1 fh=8f9abcbcf294a203 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\JC\AppData\Local\Temp\foxF26A.tmp\Foxit Reader en5.3.1.606(toolbar) Setup.exe"
sh=EEAA8E7CBF57449AB12AB62B19A60C7ECE9C975B ft=1 fh=8f8f2608bfa07014 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"
sh=EEAA8E7CBF57449AB12AB62B19A60C7ECE9C975B ft=1 fh=8f8f2608bfa07014 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"
sh=EEAA8E7CBF57449AB12AB62B19A60C7ECE9C975B ft=1 fh=8f8f2608bfa07014 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows\Temp\AskSLib.dll"

C:\Programs Backup\A ACAD (2011)x64.iso a variant of Win32/Keygen.BL application
C:\Users\JC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\64L5DIRA\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\JC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY1W6HYG\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\JC\AppData\Local\Temp\APNStub.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\JC\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\JC\AppData\Local\Temp\foxEB78.tmp\Foxit Reader Setup.exe a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Users\JC\AppData\Local\Temp\foxF26A.tmp\Foxit Reader en5.3.1.606(toolbar) Setup.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application
C:\Windows\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application

#2
RKinner

Posted 24 August 2013 - 11:11 AM

Malware Expert

Expert
24,625 posts

The Ask Toolbard is just adware and a nuisance. Doubt it's causing the slowdowns.

Appears it was bundled with Foxit Reader. Look and see if there is a Foxit Toolbar in your Uninstall list.

AdwCleaner used to remove it but I have heard they stopped. Let's try it and JRT both anyway:

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.

Pause your anti-virus. Close all browsers.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

There is a new version of Zero Access malware which is hard to detect. Let's run aswMBR to see if that is what is slowing you down:

Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

VEW may not work if your PC is set to use a language other than English. Just skip to the next step if that is the case.

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron

#3
misshot

Posted 25 August 2013 - 10:14 AM

Member

Topic Starter
Member
55 posts

Hi Ron.

Thanks for the help here.

Btw, i can do sfc /scannow in command prompt and it reported there everything is intact?. Sorry i did not take note of the exact words.

Here's the logs you requested.

AdwCleaner[S0].txt

--------

# AdwCleaner v3.001 - Report created 25/08/2013 at 21:15:42
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : JC - LENOVOY470
# Running from : C:\Users\JC\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Wondershare
Folder Deleted : C:\Program Files (x86)\Common Files\Wondershare
Folder Deleted : C:\Users\JC\AppData\Local\Conduit
Folder Deleted : C:\Users\JC\AppData\Local\Wondershare
Folder Deleted : C:\Users\JC\AppData\Local\Temp\apn
Folder Deleted : C:\Users\JC\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\n0v78fbv.default\ConduitCommon

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\n0v78fbv.default\prefs.js ]

Line Deleted : user_pref("CT2786678..clientLogIsEnabled", true);
Line Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Tue Dec 27 2011 15:04:46 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Line Deleted : user_pref("CT2786678.CTID", "CT2786678");
Line Deleted : user_pref("CT2786678.CurrentServerDate", "28-1-2012");
Line Deleted : user_pref("CT2786678.DSInstall", false);
Line Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Sat Jan 28 2012 07:56:12 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Tue Dec 27 2011 15:01:23 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 128);
Line Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Tue Dec 27 2011 15:01:24 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Tue Dec 27 2011 15:01:24 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Tue Dec 27 2011 15:01:23 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Tue Dec 27 2011 15:01:23 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Tue Dec 27 2011 15:01:24 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Tue Dec 27 2011 15:01:24 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Tue Dec 27 2011 15:01:23 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Tue Dec 27 2011 15:01:24 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Tue Dec 27 2011 15:01:24 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Tue Dec 27 2011 15:01:24 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Tue Dec 27 2011 15:01:24 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Line Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Line Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Line Deleted : user_pref("CT2786678.FirstServerDate", "27-12-2011");
Line Deleted : user_pref("CT2786678.FirstTime", true);
Line Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Line Deleted : user_pref("CT2786678.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2786678.HPInstall", false);
Line Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT2786678.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Line Deleted : user_pref("CT2786678.Initialize", true);
Line Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2786678.InstallationId", "ConduitXPEIntegration");
Line Deleted : user_pref("CT2786678.InstallationType", "ConduitXPEIntegration");
Line Deleted : user_pref("CT2786678.InstalledDate", "Tue Dec 27 2011 15:01:23 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.IsGrouping", false);
Line Deleted : user_pref("CT2786678.IsInitSetupIni", true);
Line Deleted : user_pref("CT2786678.IsMulticommunity", false);
Line Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Sat Jan 28 2012 07:56:10 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2786678.LastLogin_3.8.1.0", "Tue Dec 27 2011 15:01:26 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.LastLogin_3.9.0.3", "Sat Jan 28 2012 07:56:10 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.LatestVersion", "3.9.0.3");
Line Deleted : user_pref("CT2786678.Locale", "en");
Line Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2786678.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2786678.OriginalFirstVersion", "3.8.1.0");
Line Deleted : user_pref("CT2786678.SearchBoxWidth", 146);
Line Deleted : user_pref("CT2786678.SearchCaption", "uTorrentBar Customized Web Search");
Line Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
Line Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Sat Jan 28 2012 07:56:10 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT2786678.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Sat Jan 28 2012 07:56:09 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Sat Jan 28 2012 07:56:08 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.SettingsLastUpdate", "1326994324");
Line Deleted : user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sat Jan 28 2012 07:56:08 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Line Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Line Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT2786678.Uninstall", true);
Line Deleted : user_pref("CT2786678.UserID", "UN74675063916793365");
Line Deleted : user_pref("CT2786678.ValidationData_Search", 0);
Line Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2786678.WeatherNetwork", "");
Line Deleted : user_pref("CT2786678.WeatherPollDate", "Tue Dec 27 2011 15:01:24 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.WeatherUnit", "C");
Line Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Line Deleted : user_pref("CT2786678.approveUntrustedApps", false);
Line Deleted : user_pref("CT2786678.autoDisableScopes", -1);
Line Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "5475652044656320323720323031312031353A30313A323820474D542B3038303020284D616C61792050656E696E73756C61205374616E646172642054696D6529");
Line Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F7777772E676F6F676C652E636F6D2F61636C6B3F73613D6C2661693D436A5F506C6232333554714533686158514159536D6F4C7742697066726F414C617A4F4F544A4C3[...]
Line Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333234393639333239373837");
Line Deleted : user_pref("CT2786678.components.1000034", false);
Line Deleted : user_pref("CT2786678.components.1000080", false);
Line Deleted : user_pref("CT2786678.components.1000234", false);
Line Deleted : user_pref("CT2786678.components.129295698017012804", false);
Line Deleted : user_pref("CT2786678.components.129309485163350924", false);
Line Deleted : user_pref("CT2786678.components.129309489763975460", false);
Line Deleted : user_pref("CT2786678.components.129315411424256896", false);
Line Deleted : user_pref("CT2786678.components.129526967958500204", false);
Line Deleted : user_pref("CT2786678.components.129579220236217502", false);
Line Deleted : user_pref("CT2786678.components.5690698542593514850", false);
Line Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Sat Jan 28 2012 07:56:10 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2786678.initDone", true);
Line Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2786678.myStuffEnabled", true);
Line Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804,1000034,129526967958500204,129309489763975460,5690698542593514850,129309485163350924,12931541142425[...]
Line Deleted : user_pref("CT2786678.revertSettingsEnabled", true);
Line Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2786678.testingCtid", "");
Line Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Sat Jan 28 2012 07:56:10 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Sat Jan 28 2012 07:56:09 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2786678.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"1326994325\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/SG", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1313448428\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:127c\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"6a637346d78ccc1:127c\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"6a637346d78ccc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678", "\"13a760730d9291f1df061003ecf304ce\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"cde759bd30c070995eab32eddc00c079\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\JC\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\n0v78fbv.default\\conduitCommon\\modules\\3.8.1.0");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Dec 27 2011 15:01:41 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "67e705be-3571-473b-8532-48fdf8b4049e");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Dec 27 2011 15:01:29 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Dec 27 2011 15:01:37 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Dec 27 2011 15:01:21 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "50cc22bc-d9a3-4865-b25e-2f07f836c07e");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");

-\\ Google Chrome v

[ File : C:\Users\JC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [18975 octets] - [25/08/2013 21:14:50]
AdwCleaner[S0].txt - [19305 octets] - [25/08/2013 21:15:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19366 octets] ##########

-------

JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by JC on Sun 25/08/2013 at 21:21:33.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wondershare
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2786678

~~~ Files

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\JC\appdata\local\{03094E56-1150-4259-8AC1-CF5B6F5412E6}
Successfully deleted: [Empty Folder] C:\Users\JC\appdata\local\{1185A629-6E77-4D9F-B016-BB98EE7C0967}
Successfully deleted: [Empty Folder] C:\Users\JC\appdata\local\{44EC807F-C756-4D6A-905A-37C48757920B}
Successfully deleted: [Empty Folder] C:\Users\JC\appdata\local\{50E63800-8F80-4265-A2C7-1B46B34E5674}
Successfully deleted: [Empty Folder] C:\Users\JC\appdata\local\{5DDCE545-8D5B-4E33-9201-20B1A3407442}
Successfully deleted: [Empty Folder] C:\Users\JC\appdata\local\{76743153-B5D9-4433-AABD-081A29265FB9}
Successfully deleted: [Empty Folder] C:\Users\JC\appdata\local\{778CAFA6-0D03-4216-A31C-412FE7F1F81F}
Successfully deleted: [Empty Folder] C:\Users\JC\appdata\local\{90C7196F-F409-4979-A253-816C4D5ACBD0}
Successfully deleted: [Empty Folder] C:\Users\JC\appdata\local\{B37B1E06-A9FD-43E4-A596-04FF36A0EEA4}
Successfully deleted: [Empty Folder] C:\Users\JC\appdata\local\{C0EB6756-70DB-4AD0-8DD1-67BB379B88CB}
Successfully deleted: [Empty Folder] C:\Users\JC\appdata\local\{DD0A3586-5B90-446A-A352-F14B4F57014F}
Successfully deleted: [Empty Folder] C:\Users\JC\appdata\local\{F2CF7C89-A651-49B8-8D21-99A8DA8004EA}
Successfully deleted: [Empty Folder] C:\Users\JC\appdata\local\{F9D89952-11FA-4E99-BB10-08A12424E3E7}

~~~ FireFox

Successfully deleted the following from C:\Users\JC\AppData\Roaming\mozilla\firefox\profiles\n0v78fbv.default\prefs.js

user_pref("extensions.personas.current", "{\"id\":\"379214\",\"name\":\"Giz gaz\",\"category\":null,\"description\":\"Send a picture!\\r\\n\\r\\n111094971910993102233.BatjaBat
user_pref("extensions.personas.lastselected0", "{\"id\":\"379214\",\"name\":\"Giz gaz\",\"category\":null,\"description\":\"Send a picture!\\r\\n\\r\\n111094971910993102233.Ba
Emptied folder: C:\Users\JC\AppData\Roaming\mozilla\firefox\profiles\n0v78fbv.default\minidumps [61 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 25/08/2013 at 21:31:00.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

----------

aswMBR.txt

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-25 21:37:21
-----------------------------
21:37:21.809 OS Version: Windows x64 6.1.7601 Service Pack 1
21:37:21.809 Number of processors: 4 586 0x2A07
21:37:21.809 ComputerName: LENOVOY470 UserName: JC
21:37:23.309 Initialize success
21:37:23.489 AVAST engine defs: 13082500
21:37:25.490 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:37:25.490 Disk 0 Vendor: WDC_WD75 03.0 Size: 715404MB BusType: 3
21:37:25.700 Disk 0 MBR read successfully
21:37:25.700 Disk 0 MBR scan
21:37:25.710 Disk 0 Windows 7 default MBR code
21:37:25.720 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
21:37:25.740 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 670402 MB offset 411648
21:37:25.740 Disk 0 Partition - 00 0F Extended LBA 29693 MB offset 1373394944
21:37:25.790 Disk 0 Partition 3 00 12 Compaq diag NTFS 15108 MB offset 1434206208
21:37:25.830 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29692 MB offset 1373396992
21:37:26.030 Disk 0 scanning C:\windows\system32\drivers
21:37:35.973 Service scanning
21:38:04.619 Modules scanning
21:38:07.009 AVAST engine scan C:\windows
21:38:11.400 AVAST engine scan C:\windows\system32
21:41:31.964 AVAST engine scan C:\windows\system32\drivers
21:41:45.507 AVAST engine scan C:\Users\JC
22:35:02.583 AVAST engine scan C:\ProgramData
22:37:18.884 Scan finished successfully
22:37:32.207 Disk 0 MBR has been saved successfully to "C:\Users\JC\Desktop\MBR.dat"
22:37:32.237 The log file has been saved successfully to "C:\Users\JC\Desktop\aswMBR.txt"

----------

procexp64.txt

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 91.94 0 K 24 K 0
procexp64.exe 2.27 36,356 K 57,572 K 5928 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
audiodg.exe 1.98 25,792 K 26,672 K 1124 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
pcdrcui.exe 1.22 94,884 K 64,160 K 4536 Lenovo ThinkVantage Toolbox PC-Doctor, Inc. (Verified) PC-Doctor
Interrupts 0.66 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 0.43 42,140 K 47,248 K 2312 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
System 0.35 168 K 972 K 4
LenovoR.I.C.Tray.exe 0.27 18,508 K 22,500 K 2980 Lenovo RIC Lenovo (Verified) Lenovo (Beijing) Limited
csrss.exe 0.25 3,488 K 26,476 K 668 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
Kies.exe 0.10 24,628 K 29,980 K 2144 Kies Samsung (Verified) Samsung Electronics CO.
svchost.exe 0.07 9,624 K 17,224 K 4064 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.07 21,320 K 25,600 K 588 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.06 34,972 K 48,240 K 1040 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.05 5,264 K 10,376 K 888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
LMS.exe 0.04 2,756 K 5,268 K 5104 Local Manageability Service Intel Corporation (Verified) Intel Corporation
IAStorDataMgrSvc.exe 0.04 20,804 K 18,020 K 2380 IAStorDataSvc Intel Corporation (Verified) Intel Corporation
SearchIndexer.exe 0.03 33,428 K 16,508 K 3264 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.03 55,656 K 72,736 K 5712 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
AvastSvc.exe 0.02 28,504 K 14,788 K 1380 avast! Service AVAST Software (Verified) AVAST Software
svchost.exe 0.01 8,868 K 11,884 K 1476 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 163,808 K 174,760 K 436 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 44,052 K 27,500 K 4928 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
PresentationFontCache.exe 0.01 29,432 K 21,400 K 5328 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 0.01 14,576 K 15,012 K 2228 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SynTPEnh.exe 0.01 13,140 K 18,788 K 2824 Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
iPodService.exe 0.01 3,292 K 7,520 K 576 iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
AvastUI.exe 0.01 10,592 K 11,824 K 3040 avast! Antivirus AVAST Software (Verified) AVAST Software
AppleMobileDeviceService.exe < 0.01 3,368 K 9,772 K 1940 MobileDeviceService Apple Inc. (Verified) Apple Inc.
RAVCpl64.exe < 0.01 12,020 K 14,316 K 2816 Realtek HD Audio Manager Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe < 0.01 13,392 K 21,536 K 988 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 2,288 K 4,496 K 584 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 13,584 K 17,032 K 4168 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 23,196 K 24,260 K 1256 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE < 0.01 5,692 K 13,232 K 4508 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
YCMMirage.exe < 0.01 2,208 K 6,420 K 3672 YouCam Mirage CyberLink (Verified) CyberLink
IAStorIcon.exe < 0.01 29,060 K 25,632 K 3536 IAStorIcon Intel Corporation (Verified) Intel Corporation
iTunesHelper.exe < 0.01 4,572 K 12,536 K 3940 iTunesHelper Apple Inc. (Verified) Apple Inc.
nvvsvc.exe < 0.01 6,956 K 15,936 K 1640 NVIDIA Driver Helper Service, Version 320.49 NVIDIA Corporation (Verified) NVIDIA Corporation
wmpnetwk.exe < 0.01 20,452 K 25,568 K 3820 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe < 0.01 11,248 K 17,416 K 1820 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,936 K 6,220 K 1372 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3,352 K 7,016 K 5036 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 1,840 K 4,020 K 2920 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 3,408 K 7,768 K 792 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,748 K 4,836 K 648 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
utility.exe 11,796 K 15,888 K 2880 Lenovo Battery Management Software Ver 6.0 Lenovo(beijing) Limited (Verified) Lenovo (Beijing) Limited
UNS.exe 3,300 K 7,524 K 5208 User Notification Service Intel Corporation (Verified) Intel Corporation
taskeng.exe 3,700 K 7,812 K 4964 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 2,912 K 5,616 K 2192 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 13,616 K 17,056 K 1860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,704 K 10,536 K 992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,024 K 6,532 K 2588 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,772 K 5,908 K 1152 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
smss.exe 556 K 1,196 K 388 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
SetPoint.exe 11,056 K 21,584 K 2888 Logitech SetPoint Event Manager (UNICODE) Logitech, Inc. (Verified) Logitech
services.exe 7,136 K 10,832 K 712 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 3,800 K 8,408 K 1240 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PManage.exe 2,972 K 8,076 K 3832 VeriFace Tray Icon Manager Lenovo (Verified) Lenovo (Beijing) Limited
OnekeySupport.exe 1,956 K 5,740 K 4024 (Verified) Lenovo (Beijing) Limited
OnekeyStudio.exe 16,252 K 14,608 K 2832 Lenovo Onekey Theater Application Lenovo (Verified) Lenovo (Beijing) Limited
NvXDSync.exe 10,668 K 21,992 K 1632 NVIDIA User Experience Driver Component NVIDIA Corporation (Verified) NVIDIA Corporation
nvvsvc.exe 3,108 K 7,788 K 964 NVIDIA Driver Helper Service, Version 320.49 NVIDIA Corporation (Verified) NVIDIA Corporation
nvtray.exe 20,720 K 28,152 K 3568 NVIDIA Settings NVIDIA Corporation (Verified) NVIDIA Corporation
nusb3mon.exe 2,272 K 6,012 K 3552 USB 3.0 Monitor Renesas Electronics Corporation (Verified) Renesas Electronics Corporation
notepad.exe 2,348 K 7,360 K 5792 Notepad Microsoft Corporation (Verified) Microsoft Windows
notepad.exe 4,376 K 9,232 K 3104 Notepad Microsoft Corporation (Verified) Microsoft Windows
mDNSResponder.exe 3,060 K 6,656 K 1112 Bonjour Service Apple Inc. (Verified) Apple Inc.
lsm.exe 3,036 K 4,628 K 752 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 6,452 K 14,916 K 744 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
KiesTrayAgent.exe 6,632 K 15,264 K 3896 Kies TrayAgent Application Samsung Electronics Co., Ltd. (Verified) Samsung Electronics CO.
KiesAirMessage.exe 12,816 K 22,252 K 2848 Samsung Electronics (No signature was present in the subject) Samsung Electronics
KHALMNPR.exe 9,244 K 15,876 K 3356 Logitech KHAL Main Process Logitech, Inc. (Verified) Logitech
jusched.exe 1,756 K 5,332 K 3956 Java™ Update Scheduler Oracle Corporation (Verified) Oracle America
igfxtray.exe 3,640 K 8,120 K 2908 igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 6,220 K 12,808 K 2948 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
hkcmd.exe 4,296 K 8,816 K 2940 hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
Energy Management.exe 8,612 K 14,088 K 2852 Lenovo Energy Management Software 6.0 Lenovo (Beijing) Limited (Verified) Lenovo (Beijing) Limited
dllhost.exe 3,860 K 9,132 K 4932 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
ctfmon.exe 2,764 K 5,628 K 3480 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
btwdins.exe 2,940 K 6,564 K 1244 Bluetooth Support Server Broadcom Corporation. (Verified) Broadcom Corporation
BrMfcWnd.exe 3,336 K 9,612 K 3876 Brother Status Monitor Application Brother Industries, Ltd. (No signature was present in the subject) Brother Industries, Ltd.
aswMBR.exe 18,396 K 117,284 K 6016 avast! Antirootkit AVAST Software (No signature was present in the subject) AVAST Software

---------

VEW txt

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 25/08/2013 11:50:17 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/08/2013 3:33:38 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 25/08/2013 3:33:38 PM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 25/08/2013 3:32:48 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 25/08/2013 3:29:40 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 25/08/2013 11:50:55 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/08/2013 3:50:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
STMON BrtSTMON: [2013/08/25 23:50:33.323]: [00003384]: Don't Create FileMapping!!!!

Log: 'Application' Date/Time: 25/08/2013 3:50:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
STMON BrtSTMON: [2013/08/25 23:50:33.323]: [00003384]: FrendlyName : Brother MFC-6490CW Printer

Log: 'Application' Date/Time: 25/08/2013 3:50:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
STMON BrtSTMON: [2013/08/25 23:50:33.323]: [00003384]: Error : ExecMonitor()

Log: 'Application' Date/Time: 25/08/2013 3:48:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
STMON BrtSTMON: [2013/08/25 23:48:33.320]: [00003384]: Don't Create FileMapping!!!!

Log: 'Application' Date/Time: 25/08/2013 3:48:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
STMON BrtSTMON: [2013/08/25 23:48:33.320]: [00003384]: FrendlyName : Brother MFC-6490CW Printer

Log: 'Application' Date/Time: 25/08/2013 3:48:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
STMON BrtSTMON: [2013/08/25 23:48:33.320]: [00003384]: Error : ExecMonitor()

Log: 'Application' Date/Time: 25/08/2013 3:46:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
STMON BrtSTMON: [2013/08/25 23:46:33.304]: [00003384]: Don't Create FileMapping!!!!

Log: 'Application' Date/Time: 25/08/2013 3:46:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
STMON BrtSTMON: [2013/08/25 23:46:33.304]: [00003384]: FrendlyName : Brother MFC-6490CW Printer

Log: 'Application' Date/Time: 25/08/2013 3:46:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
STMON BrtSTMON: [2013/08/25 23:46:33.304]: [00003384]: Error : ExecMonitor()

Log: 'Application' Date/Time: 25/08/2013 3:44:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
STMON BrtSTMON: [2013/08/25 23:44:33.294]: [00003384]: Don't Create FileMapping!!!!

Log: 'Application' Date/Time: 25/08/2013 3:44:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
STMON BrtSTMON: [2013/08/25 23:44:33.294]: [00003384]: FrendlyName : Brother MFC-6490CW Printer

Log: 'Application' Date/Time: 25/08/2013 3:44:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
STMON BrtSTMON: [2013/08/25 23:44:33.294]: [00003384]: Error : ExecMonitor()

Log: 'Application' Date/Time: 25/08/2013 3:42:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
STMON BrtSTMON: [2013/08/25 23:42:33.277]: [00003384]: Don't Create FileMapping!!!!

Log: 'Application' Date/Time: 25/08/2013 3:42:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
STMON BrtSTMON: [2013/08/25 23:42:33.277]: [00003384]: FrendlyName : Brother MFC-6490CW Printer

Log: 'Application' Date/Time: 25/08/2013 3:42:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
STMON BrtSTMON: [2013/08/25 23:42:33.277]: [00003384]: Error : ExecMonitor()

Log: 'Application' Date/Time: 25/08/2013 3:40:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
STMON BrtSTMON: [2013/08/25 23:40:33.273]: [00003384]: Don't Create FileMapping!!!!

Log: 'Application' Date/Time: 25/08/2013 3:40:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
STMON BrtSTMON: [2013/08/25 23:40:33.273]: [00003384]: FrendlyName : Brother MFC-6490CW Printer

Log: 'Application' Date/Time: 25/08/2013 3:40:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
STMON BrtSTMON: [2013/08/25 23:40:33.273]: [00003384]: Error : ExecMonitor()

Log: 'Application' Date/Time: 25/08/2013 3:38:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
STMON BrtSTMON: [2013/08/25 23:38:33.255]: [00003384]: Don't Create FileMapping!!!!

Log: 'Application' Date/Time: 25/08/2013 3:38:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
STMON BrtSTMON: [2013/08/25 23:38:33.255]: [00003384]: FrendlyName : Brother MFC-6490CW Printer

---------

OTL log

OTL logfile created on: 25/8/2013 11:52:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.95 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 50.05% Memory free
7.89 Gb Paging File | 5.86 Gb Available in Paging File | 74.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654.69 Gb Total Space | 296.45 Gb Free Space | 45.28% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.33 Gb Free Space | 90.82% Space Free | Partition Type: NTFS

Computer Name: LENOVOY470 | User Name: JC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/25 08:53:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JC\Desktop\OTL.exe
PRC - [2013/08/23 16:32:19 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/07/26 20:43:52 | 000,844,656 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013/07/26 20:43:46 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/07/26 20:43:44 | 001,564,016 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013/05/09 16:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 16:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/18 18:10:38 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
PRC - [2011/11/12 10:07:24 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011/11/12 10:06:58 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2011/11/12 10:05:03 | 002,569,568 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\LenovoR.I.C.Tray.exe
PRC - [2011/01/29 07:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2011/01/13 02:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/13 02:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/21 10:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/21 10:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

========== Modules (No Company Name) ==========

MOD - [2013/08/23 16:32:19 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/08/16 20:45:32 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0ed20380a9548fa4162df6aed47c97c6\IAStorUtil.ni.dll
MOD - [2013/08/15 15:55:46 | 011,914,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\90f6d6f0e7424c9693b7c3ae1b7db9b5\System.Web.ni.dll
MOD - [2013/08/15 15:55:42 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\294a1aa4b856e10b5a715f5a19c30a29\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 15:55:20 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\869523b43080bd707966444972bc8eef\System.Windows.Forms.ni.dll
MOD - [2013/08/15 15:55:16 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ef9c62e7806b5f461a762709e3f531e\System.Drawing.ni.dll
MOD - [2013/08/15 15:55:12 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\20e3bd99d0fc9364e2a3a091d48786cd\System.Xml.ni.dll
MOD - [2013/08/15 15:55:09 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5ff08b75e9d6b5a898c6fe35bba608fb\System.Configuration.ni.dll
MOD - [2013/08/15 15:54:59 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\0d9832db41355f50218a725bb28a1540\WindowsBase.ni.dll
MOD - [2013/08/15 15:54:52 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\98707c4b7b8ecf87ae85618de04564c9\System.ni.dll
MOD - [2013/08/15 15:24:26 | 018,545,152 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\775d60de39c6f0b49f1640c4e6c8de09\PresentationFramework.ni.dll
MOD - [2013/08/15 15:24:09 | 010,926,592 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8e3d6080e8eaaaf28389f3742ff9acdd\PresentationCore.ni.dll
MOD - [2013/08/15 15:24:01 | 000,786,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\639cec73538f6ad7130372259464cc57\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 15:24:00 | 000,964,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2fd755147672c80dd4b13978933f8a3d\System.Configuration.ni.dll
MOD - [2013/08/15 15:23:53 | 007,566,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\82d58d49946f82eb56bae40f3b097784\System.Xml.ni.dll
MOD - [2013/08/15 15:23:53 | 006,998,016 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\a35e871c52b7a7aee64c969c02acfaa0\System.Core.ni.dll
MOD - [2013/08/15 15:23:51 | 003,910,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\782db4c31adf3046c62e43b8f11453c1\WindowsBase.ni.dll
MOD - [2013/08/15 15:23:45 | 001,880,576 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f4fff5d6e716c439b944025d3994170d\System.Xaml.ni.dll
MOD - [2013/08/15 15:23:42 | 009,937,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\ac79b74f022d9a096de2b884f4249543\System.ni.dll
MOD - [2013/07/11 01:05:21 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1f50a463103bc26a9b501a444a85d7c2\IAStorCommon.ni.dll
MOD - [2013/07/11 00:23:28 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\bb95b73d99bc2f61c750b3fa46f4f5a1\mscorlib.ni.dll
MOD - [2013/07/10 23:20:44 | 000,220,160 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\1c2c7074f15ce2472a1dac64931cbfcc\System.ServiceProcess.ni.dll
MOD - [2013/07/10 23:20:23 | 016,547,328 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\bf2ecabcd96ec8238dc385b0a3ffa084\mscorlib.ni.dll
MOD - [2011/11/12 10:07:24 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2011/11/12 10:06:58 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2011/11/12 10:05:04 | 000,083,296 | ---- | M] () -- C:\Windows\SysWOW64\GetASData.dll
MOD - [2011/11/12 10:05:03 | 001,771,872 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\ColorBlindnessDLL.dll
MOD - [2011/11/12 10:05:03 | 001,635,168 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\RapIdentify.dll
MOD - [2011/11/12 10:05:03 | 000,337,248 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\RICPlayerInterface.dll
MOD - [2011/11/12 10:05:03 | 000,275,808 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\guisys.dll
MOD - [2011/11/12 10:05:03 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\lua5.1.dll
MOD - [2011/11/12 10:05:03 | 000,087,392 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\LenovoRIC.interface.dll
MOD - [2011/11/12 10:05:03 | 000,071,008 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\LangHlpr.dll
MOD - [2011/11/12 10:05:03 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\ShowGuiMessageBox.dll
MOD - [2011/11/12 10:05:03 | 000,016,736 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\assistant.dll
MOD - [2011/11/12 10:05:03 | 000,015,200 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\SimpRes.dll
MOD - [2011/11/12 10:05:03 | 000,013,152 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\BusyTimer.dll
MOD - [2011/11/12 10:05:03 | 000,012,128 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\LidMsg.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/10 12:00:16 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2011/02/17 01:53:14 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2011/02/17 01:51:10 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 13:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/09 16:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/12/29 13:55:06 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/09/28 03:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011/05/13 00:01:46 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/08/23 16:32:19 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/10 22:57:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/11 15:30:30 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2012/12/14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/10/25 20:02:18 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/01/13 02:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/21 10:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/21 10:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/23 14:00:46 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/23 14:00:46 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/23 14:00:46 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/06/21 20:06:36 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013/06/21 08:07:52 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/06/21 08:07:52 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/05/09 16:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 16:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 16:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 16:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 16:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/04/03 15:58:08 | 000,188,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2013/04/03 15:58:08 | 000,169,288 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2013/04/03 15:58:08 | 000,038,080 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2013/04/03 15:58:08 | 000,021,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2012/12/14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/10 01:29:14 | 000,047,200 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusbK.sys -- (libusbK)
DRV:64bit: - [2012/08/23 22:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 22:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 22:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/27 09:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011/11/12 10:17:42 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011/11/12 10:17:40 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011/11/12 10:15:20 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011/11/12 10:15:20 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011/11/12 10:05:04 | 000,020,064 | ---- | M] (Ensurebit Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\delayman.sys -- (DelayMan)
DRV:64bit: - [2011/11/12 10:05:04 | 000,015,456 | ---- | M] (Ensurebit Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\winioex.sys -- (winioex)
DRV:64bit: - [2011/11/12 00:59:01 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/12 00:59:01 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/09/02 14:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 14:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/08/02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/13 08:01:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/05/13 08:01:34 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/05/13 08:01:24 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/05/13 08:01:24 | 000,150,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/05/13 08:01:24 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/05/13 08:01:24 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/05/10 04:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011/03/23 22:13:58 | 008,199,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
DRV:64bit: - [2011/03/21 13:42:52 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/29 07:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/01/13 01:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/13 11:31:00 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/11/21 11:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/19 10:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/11/19 10:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/06 01:03:08 | 002,637,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/10/20 08:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 16:28:17 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/07 14:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PcaSp60.sys -- (PcaSp60)
DRV:64bit: - [2009/07/21 22:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 08:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 08:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/11 04:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/04/18 18:09:20 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/09/07 14:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PcaSp60.sys -- (PcaSp60)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{3E29EFCF-C0B5-4CE5-BC05-A7D13CA2AD70}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Ask Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7Be36db930-f18d-4449-b45f-e286cfb9e03a%7D:4.0.11120600
FF - prefs.js..extensions.enabledAddons: %7Bec268e28-22c6-4a6c-ac22-635cabee283c%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7Bf01f4cbe-b8a8-4c37-94b3-119d8779e7e0%7D:2.0
FF - prefs.js..extensions.enabledAddons: status4evar%40caligonstudios.com:2013.02.16.23
FF - prefs.js..extensions.enabledAddons: %7BAA052FD6-366A-4771-A591-0D8DC551585D%7D:1.1.28
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.2.1
FF - prefs.js..extensions.enabledAddons: %7Be1aaa9f8-4500-47f1-9a0a-b02bd60e4076%7D:3.8
FF - prefs.js..extensions.enabledAddons: %7Bb749fc7c-e949-447f-926c-3f4eed6accfe%7D:0.7.1.1
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.5
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.1.2
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:19.3
FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.1.9
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.11
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.7.1
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/08/23 14:00:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/25 23:11:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/25 23:11:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/12/27 14:53:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JC\AppData\Roaming\Mozilla\Extensions
[2013/08/23 13:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\n0v78fbv.default\extensions
[2013/07/26 23:53:27 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\n0v78fbv.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2013/08/15 14:48:57 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\n0v78fbv.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013/07/09 19:01:07 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\n0v78fbv.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2013/06/07 23:09:35 | 000,000,000 | ---D | M] (Youtube Video Replay) -- C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\n0v78fbv.default\extensions\{e1aaa9f8-4500-47f1-9a0a-b02bd60e4076}
[2011/12/29 10:53:39 | 000,000,000 | ---D | M] (Wired-Marker) -- C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\n0v78fbv.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2013/04/27 18:04:30 | 000,346,768 | ---- | M] () (No name found) -- C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\n0v78fbv.default\extensions\[email protected]
[2013/07/26 23:53:27 | 000,353,425 | ---- | M] () (No name found) -- C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\n0v78fbv.default\extensions\[email protected]
[2013/02/26 22:31:13 | 000,151,803 | ---- | M] () (No name found) -- C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\n0v78fbv.default\extensions\[email protected]
[2013/06/16 10:28:35 | 000,350,663 | ---- | M] () (No name found) -- C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\n0v78fbv.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013/08/15 14:53:49 | 000,534,203 | ---- | M] () (No name found) -- C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\n0v78fbv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/02/26 22:31:12 | 000,201,966 | ---- | M] () (No name found) -- C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\n0v78fbv.default\extensions\{AA052FD6-366A-4771-A591-0D8DC551585D}.xpi
[2013/06/08 23:08:40 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\n0v78fbv.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2013/07/31 19:20:57 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\n0v78fbv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/12/29 10:53:35 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\n0v78fbv.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2011/12/29 10:53:35 | 000,004,139 | ---- | M] () (No name found) -- C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\n0v78fbv.default\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}.xpi
[2011/12/29 10:53:35 | 000,008,977 | ---- | M] () (No name found) -- C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\n0v78fbv.default\extensions\{f01f4cbe-b8a8-4c37-94b3-119d8779e7e0}.xpi
[2013/08/23 16:32:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/23 16:32:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/08/23 14:00:13 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

O1 HOSTS File: ([2012/01/18 19:39:20 | 000,610,008 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16254 more lines...
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [LenovoR.I.C.Tray] C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\LenovoR.I.C.Tray.exe (Lenovo)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [Power2GoExpress] NA File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenov...AutoDetect2.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F5D8D62-DB8D-46D7-82D7-824C468D20BF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11F0DC11-2202-491C-81F2-B3FC0E2F4DEE}: DhcpNameServer = 203.116.254.150 203.116.1.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6830061B-0E79-45DD-A872-6BE3A0BFCCDA}: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{77b04568-0ccc-11e1-b0ce-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{77b04568-0ccc-11e1-b0ce-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {23A29A2F-FFBC-C331-A45E-D3354728699C} - Microsoft Windows Media Player
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {2E1E8086-3468-A17C-D39B-B1E3C7FA83CC} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {348178F8-5165-C14C-FEBD-91DEA752A339} - Themes Setup
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6830948C-ED25-5422-C3AB-DBA5C34F5846} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F8A18CE6-615A-6A47-BACB-3C59537E5500} - Microsoft Windows Media Player
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.clmp3enc - C:\Program Files (x86)\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/08/25 23:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013/08/25 22:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2013/08/25 22:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/08/25 21:21:30 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/08/25 08:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013/08/25 08:55:04 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/25 08:53:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JC\Desktop\OTL.exe
[2013/08/25 08:52:19 | 005,126,104 | ---- | C] (Piriform Ltd) -- C:\Users\JC\Desktop\spsetup122.exe
[2013/08/25 08:51:49 | 002,799,296 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\JC\Desktop\procexp.exe
[2013/08/25 08:51:40 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\JC\Desktop\aswMBR.exe
[2013/08/25 08:51:09 | 001,021,434 | ---- | C] (Thisisu) -- C:\Users\JC\Desktop\JRT.exe
[2013/08/23 16:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/08/23 14:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/08/23 14:00:34 | 000,378,944 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/08/23 14:00:34 | 000,072,016 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2013/08/23 14:00:34 | 000,033,400 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2013/08/23 14:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/08/23 14:00:33 | 001,030,952 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/08/23 14:00:33 | 000,064,288 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2013/08/23 14:00:30 | 000,080,816 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/08/23 14:00:29 | 000,287,840 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2013/08/23 13:59:51 | 000,041,664 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2013/08/23 13:59:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/08/23 13:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/08/16 15:38:12 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\NV
[2013/08/16 15:38:12 | 000,000,000 | ---D | C] -- C:\windows\SysNative\NV
[2013/08/16 15:35:00 | 027,781,920 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvoglv64.dll
[2013/08/16 15:35:00 | 021,102,368 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvoglv32.dll
[2013/08/16 15:35:00 | 015,920,536 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvwgf2umx.dll
[2013/08/16 15:35:00 | 013,411,896 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvwgf2um.dll
[2013/08/16 15:35:00 | 007,641,832 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvopencl.dll
[2013/08/16 15:35:00 | 006,324,360 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvopencl.dll
[2013/08/16 15:35:00 | 000,572,704 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\NvFBC64.dll
[2013/08/16 15:35:00 | 000,570,656 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\NvIFR64.dll
[2013/08/16 15:35:00 | 000,467,232 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\NvIFR.dll
[2013/08/16 15:35:00 | 000,465,184 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\NvFBC.dll
[2013/08/16 15:35:00 | 000,218,592 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvoglshim64.dll
[2013/08/16 15:35:00 | 000,181,488 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvoglshim32.dll
[2013/08/16 15:35:00 | 000,030,496 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\drivers\nvpciflt.sys
[2013/08/16 15:34:59 | 009,239,344 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuda.dll
[2013/08/16 15:34:59 | 007,687,592 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuda.dll
[2013/08/16 15:34:59 | 002,953,504 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvid.dll
[2013/08/16 15:34:59 | 002,777,888 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvid.dll
[2013/08/16 15:34:59 | 002,363,680 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvenc.dll
[2013/08/16 15:34:59 | 002,002,720 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvenc.dll
[2013/08/16 15:34:59 | 001,832,224 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvdispco6432049.dll
[2013/08/16 15:34:59 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvdispgenco6432049.dll
[2013/08/16 15:34:57 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcompiler.dll
[2013/08/16 15:34:57 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcompiler.dll
[2013/08/16 15:32:54 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013/08/15 23:01:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/08/15 22:37:17 | 000,000,000 | ---D | C] -- C:\Users\JC\Documents\SelfMV
[2013/08/15 15:24:55 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/08/15 15:24:55 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/08/15 15:24:54 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/08/15 15:24:54 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/08/15 15:24:54 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/08/15 15:24:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/15 15:24:54 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/08/15 15:24:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/08/15 15:24:54 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/08/15 15:24:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/08/15 15:24:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/08/15 15:24:52 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/08/15 15:24:51 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/08/15 15:24:51 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/08/15 15:24:51 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/08/15 15:04:28 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2013/08/15 15:04:24 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/08/15 15:04:24 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2013/08/15 15:04:24 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/08/15 15:04:01 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/08/15 15:04:00 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/08/15 15:04:00 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/08/15 15:04:00 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/08/15 15:03:59 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/08/15 15:03:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/08/15 15:03:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/08/15 15:03:59 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/08/15 15:03:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/08/15 15:03:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/08/15 14:59:27 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/08/15 14:59:27 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL

========== Files - Modified Within 30 Days ==========

[2013/08/25 23:40:30 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/25 23:40:30 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/25 23:32:23 | 000,297,282 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2013/08/25 23:30:31 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/08/25 23:30:22 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/25 23:14:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/08/25 22:58:30 | 000,000,466 | ---- | M] () -- C:\windows\tasks\SystemToolsDailyTest.job
[2013/08/25 22:42:07 | 000,000,796 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/08/25 22:37:32 | 000,000,512 | ---- | M] () -- C:\Users\JC\Desktop\MBR.dat
[2013/08/25 10:00:48 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\JC\Desktop\aswMBR.exe
[2013/08/25 08:59:01 | 000,002,074 | ---- | M] () -- C:\Users\JC\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/08/25 08:59:01 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/08/25 08:53:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JC\Desktop\OTL.exe
[2013/08/25 08:52:40 | 005,126,104 | ---- | M] (Piriform Ltd) -- C:\Users\JC\Desktop\spsetup122.exe
[2013/08/25 08:52:34 | 000,061,440 | ---- | M] ( ) -- C:\Users\JC\Desktop\VEW.exe
[2013/08/25 08:51:58 | 002,799,296 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\JC\Desktop\procexp.exe
[2013/08/25 08:51:16 | 001,021,434 | ---- | M] (Thisisu) -- C:\Users\JC\Desktop\JRT.exe
[2013/08/25 08:51:11 | 000,994,642 | ---- | M] () -- C:\Users\JC\Desktop\AdwCleaner.exe
[2013/08/23 14:03:51 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2013/08/23 14:00:46 | 001,030,952 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/08/23 14:00:46 | 000,378,944 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/08/23 14:00:46 | 000,189,936 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/08/23 14:00:46 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys.sum
[2013/08/23 14:00:46 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswSP.sys.sum
[2013/08/23 14:00:46 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswSnx.sys.sum
[2013/08/23 14:00:35 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/08/15 22:34:59 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013/08/15 17:15:34 | 000,000,528 | ---- | M] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013/07/30 00:31:31 | 000,003,072 | ---- | M] () -- C:\Users\JC\AppData\Roaming\Photobook Designer Prefsv3
[2013/07/27 00:14:26 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf

========== Files Created - No Company Name ==========

[2013/08/25 22:42:07 | 000,000,796 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/08/25 22:37:32 | 000,000,512 | ---- | C] () -- C:\Users\JC\Desktop\MBR.dat
[2013/08/25 08:59:01 | 000,002,074 | ---- | C] () -- C:\Users\JC\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/08/25 08:59:01 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/08/25 08:59:00 | 000,216,064 | ---- | C] () -- C:\windows\SysWow64\gcapi_dll.dll
[2013/08/25 08:52:34 | 000,061,440 | ---- | C] ( ) -- C:\Users\JC\Desktop\VEW.exe
[2013/08/25 08:50:43 | 000,994,642 | ---- | C] () -- C:\Users\JC\Desktop\AdwCleaner.exe
[2013/08/23 14:00:46 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys.sum
[2013/08/23 14:00:46 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswSP.sys.sum
[2013/08/23 14:00:46 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswSnx.sys.sum
[2013/08/23 14:00:35 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/08/23 14:00:33 | 000,189,936 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/08/23 14:00:32 | 000,065,336 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2013/08/23 14:00:29 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2013/07/27 00:14:26 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2013/07/05 18:32:53 | 000,003,072 | ---- | C] () -- C:\Users\JC\AppData\Roaming\Photobook Designer Prefsv3
[2013/06/10 12:06:53 | 000,000,132 | ---- | C] () -- C:\Users\JC\AppData\Roaming\Adobe AIFF Format CS5 Prefs
[2013/05/11 21:49:00 | 000,110,592 | ---- | C] () -- C:\windows\SysWow64\FsUsbExDevice.Dll
[2013/05/11 21:49:00 | 000,037,344 | ---- | C] () -- C:\windows\SysWow64\FsUsbExDisk.Sys
[2013/02/26 23:45:53 | 000,003,584 | ---- | C] () -- C:\Users\JC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/14 02:42:30 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/11/10 01:29:16 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/10/10 02:22:28 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012/10/10 02:22:20 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012/08/28 10:04:34 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2012/08/28 10:04:34 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2012/08/28 10:04:34 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2012/08/28 10:04:34 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2012/08/28 10:04:32 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2012/02/14 18:47:06 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/12/29 17:13:31 | 000,000,000 | ---- | C] () -- C:\windows\brmx2001.ini
[2011/12/29 17:12:51 | 000,000,080 | ---- | C] () -- C:\windows\Brownie.ini
[2011/12/29 12:16:41 | 000,159,836 | ---- | C] () -- C:\windows\_isusr32.dll
[2011/12/29 12:16:41 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\_isusr2k.dll
[2011/12/29 11:53:24 | 000,000,257 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2011/12/29 11:53:24 | 000,000,094 | ---- | C] () -- C:\windows\brpcfx.ini
[2011/12/29 11:53:04 | 000,000,419 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011/12/29 11:53:04 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2011/12/29 11:52:30 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\BrMuSNMP.dll
[2011/12/29 11:52:30 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini
[2011/12/29 11:52:30 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat
[2011/11/12 10:23:41 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011/11/12 10:23:41 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2011/11/12 10:07:27 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011/11/12 10:07:27 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/11/12 10:07:27 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/11/12 10:07:27 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011/11/12 10:07:23 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/11/12 10:05:04 | 001,771,872 | ---- | C] () -- C:\windows\SysWow64\ColorBlindnessDLL.dll
[2011/11/12 10:05:04 | 000,087,392 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.interface.dll
[2011/11/12 10:05:04 | 000,083,296 | ---- | C] () -- C:\windows\SysWow64\GetASData.dll
[2011/11/12 10:05:04 | 000,080,480 | ---- | C] () -- C:\windows\SysWow64\WinIoEx.dll
[2011/11/12 10:05:04 | 000,058,720 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.stub.dll
[2011/11/12 09:53:41 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011/11/12 09:51:37 | 000,766,952 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/11/12 09:21:26 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

========== ZeroAccess Check ==========

[2012/07/14 19:11:12 | 000,000,596 | ---- | M] () -- C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\n0v78fbv.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 13:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 12:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD7500BPVT-24HXZT3
Partitions: 4
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 200.00MB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 655.00GB
Starting Offset: 210763776
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 29.00GB
Starting Offset: 703178211328
Hidden sectors: 0

DeviceID: Disk #0, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 734313578496
Hidden sectors: 0

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2013/06/10 10:07:22 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Adobe
[2013/07/06 01:04:47 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Aimersoft Video Converter Ultimate
[2013/01/03 23:01:57 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Apple Computer
[2011/12/29 14:17:38 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Autodesk
[2011/12/29 17:15:00 | 000,000,000 | R--D | M] -- C:\Users\JC\AppData\Roaming\Brother
[2012/06/28 22:00:43 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\CyberLink
[2012/11/10 00:26:02 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Digiarty
[2012/06/28 17:06:55 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\EasyCapture
[2013/08/25 08:59:22 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Foxit Software
[2011/12/27 14:04:57 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Identities
[2011/12/29 11:38:52 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\InstallShield
[2011/12/27 14:05:58 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Intel Corporation
[2011/12/28 15:04:15 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Leadertech
[2011/12/28 15:01:08 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Logishrd
[2011/12/28 15:06:23 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Logitech
[2011/12/27 15:56:29 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Macromedia
[2011/12/28 15:50:46 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Malwarebytes
[2011/02/22 19:42:06 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Media Center Programs
[2013/03/25 13:25:16 | 000,000,000 | --SD | M] -- C:\Users\JC\AppData\Roaming\Microsoft
[2011/12/27 14:53:50 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Mozilla
[2012/11/05 18:08:45 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\NVIDIA
[2013/06/28 11:29:48 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Oracle
[2012/01/25 23:24:01 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\PCDr
[2013/07/05 18:28:32 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Photobook Designer
[2012/10/21 17:54:47 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Samsung
[2012/01/03 15:27:53 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Sharp
[2012/11/11 16:01:48 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Sony
[2011/12/27 15:02:58 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Thunderbird
[2012/01/25 23:03:02 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\Update
[2013/08/23 17:20:02 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\uTorrent
[2013/07/29 12:40:20 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\vlc
[2011/12/27 15:52:05 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\WinRAR
[2013/08/09 21:55:26 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\XBMC
[2013/07/06 01:04:19 | 000,000,000 | ---D | M] -- C:\Users\JC\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}

< MD5 for: ATAPI.SYS >
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/14 09:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\windows\SysNative\csrss.exe
[2009/07/14 09:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/11/12 00:55:01 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/11/12 00:55:01 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/11/12 00:55:01 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/11/12 00:55:01 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 11:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/11/12 00:55:01 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/11/12 00:55:01 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 11:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2010/11/21 11:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\windows\SysNative\mswsock.dll
[2010/11/21 11:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/21 11:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/21 11:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/14 09:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/14 09:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/14 09:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\windows\SysNative\NapiNSP.dll
[2009/07/14 09:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2012/01/13 15:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
[2012/01/13 15:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
[2010/11/21 11:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2012/10/04 00:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
[2010/11/21 11:23:54 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2012/10/04 01:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\windows\SysNative\nlaapi.dll
[2012/10/04 01:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
[2012/10/04 01:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/14 09:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/14 09:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/14 09:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\windows\SysNative\pnrpnsp.dll
[2009/07/14 09:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/14 09:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\windows\SysNative\PrintIsolationHost.exe
[2009/07/14 09:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/14 09:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/14 09:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USER32.DLL >
[2010/11/21 11:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/21 11:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/21 11:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010/11/21 11:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/21 11:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 11:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 11:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/21 11:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 11:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/21 11:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/14 09:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\windows\SysNative\winrnr.dll
[2009/07/14 09:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/14 09:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/14 09:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/14 09:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/14 09:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/14 09:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\windows\SysNative\wshelper.dll
[2009/07/14 09:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 56EE-8D40
Directory of C:\
14/07/2009 01:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14/07/2009 01:08 PM <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 01:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 01:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 01:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 01:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 01:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14/07/2009 01:08 PM <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 01:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 01:08 PM <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 01:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 01:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 01:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 01:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 01:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 01:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 01:08 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 01:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 01:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 01:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 01:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 01:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 01:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 01:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 01:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 01:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 01:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 01:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 01:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 01:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 01:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\JC
27/12/2011 02:04 PM <JUNCTION> Application Data [C:\Users\JC\AppData\Roaming]
27/12/2011 02:04 PM <JUNCTION> Cookies [C:\Users\JC\AppData\Roaming\Microsoft\Windows\Cookies]
27/12/2011 02:04 PM <JUNCTION> Local Settings [C:\Users\JC\AppData\Local]
27/12/2011 02:04 PM <JUNCTION> My Documents [C:\Users\JC\Documents]
27/12/2011 02:04 PM <JUNCTION> NetHood [C:\Users\JC\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
27/12/2011 02:04 PM <JUNCTION> PrintHood [C:\Users\JC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
27/12/2011 02:04 PM <JUNCTION> Recent [C:\Users\JC\AppData\Roaming\Microsoft\Windows\Recent]
27/12/2011 02:04 PM <JUNCTION> SendTo [C:\Users\JC\AppData\Roaming\Microsoft\Windows\SendTo]
27/12/2011 02:04 PM <JUNCTION> Start Menu [C:\Users\JC\AppData\Roaming\Microsoft\Windows\Start Menu]
27/12/2011 02:04 PM <JUNCTION> Templates [C:\Users\JC\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\JC\AppData\Local
27/12/2011 02:04 PM <JUNCTION> Application Data [C:\Users\JC\AppData\Local]
27/12/2011 02:04 PM <JUNCTION> History [C:\Users\JC\AppData\Local\Microsoft\Windows\History]
27/12/2011 02:04 PM <JUNCTION> Temporary Internet Files [C:\Users\JC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\JC\Documents
27/12/2011 02:04 PM <JUNCTION> My Music [C:\Users\JC\Music]
27/12/2011 02:04 PM <JUNCTION> My Pictures [C:\Users\JC\Pictures]
27/12/2011 02:04 PM <JUNCTION> My Videos [C:\Users\JC\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 01:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 01:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 01:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser
12/11/2011 09:25 AM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
12/11/2011 09:25 AM <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
12/11/2011 09:25 AM <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
12/11/2011 09:25 AM <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
12/11/2011 09:25 AM <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/11/2011 09:25 AM <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/11/2011 09:25 AM <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
12/11/2011 09:25 AM <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
12/11/2011 09:25 AM <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
12/11/2011 09:25 AM <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\AppData\Local
12/11/2011 09:25 AM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
12/11/2011 09:25 AM <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
12/11/2011 09:25 AM <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\Documents
12/11/2011 09:25 AM <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
12/11/2011 09:25 AM <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
12/11/2011 09:25 AM <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
66 Dir(s) 318,227,173,376 bytes free

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/08/23 16:32:18 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/08/23 16:32:18 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/08/23 16:32:18 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2013/08/23 16:32:19 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013/08/23 16:32:19 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013/08/23 16:32:19 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/07/26 14:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/07/26 14:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013/08/23 16:32:18 | 000,869,656 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013/08/23 16:32:18 | 000,869,656 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013/08/23 16:32:18 | 000,869,656 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" [2013/08/23 16:32:19 | 000,276,376 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2013/08/23 16:32:19 | 000,276,376 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2013/08/23 16:32:19 | 000,276,376 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/07/26 13:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/07/26 13:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/07/26 13:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/07/26 14:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2013/07/26 14:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/11/21 11:24:51 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
[2009/07/14 09:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\WordpadFilter.dll
[2010/11/21 15:06:24 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/07/14 09:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
[2009/06/11 05:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/06/11 05:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/06/11 05:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/06/11 05:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/06/11 05:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/06/11 05:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2009/06/11 05:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2010/11/21 15:06:18 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

Extra.txt

OTL Extras logfile created on: 25/8/2013 11:52:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.95 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 50.05% Memory free
7.89 Gb Paging File | 5.86 Gb Available in Paging File | 74.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654.69 Gb Total Space | 296.45 Gb Free Space | 45.28% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.33 Gb Free Space | 90.82% Space Free | Partition Type: NTFS

Computer Name: LENOVOY470 | User Name: JC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.inf[@ = inffile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = AutoCADScriptFile] -- C:\windows\SysWow64\notepad.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A710B0-0794-4D02-B0CD-46CAE024C915}" = lport=137 | protocol=17 | dir=in | app=system |
"{12130759-DBC7-46DB-9D57-03C919B9147F}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{24934A60-0A83-4EC2-BA68-92EB9A163304}" = rport=138 | protocol=17 | dir=out | app=system |
"{2714F514-7486-4B39-8C97-ECC7D7826EB7}" = lport=139 | protocol=6 | dir=in | app=system |
"{288D360B-02D0-44BA-B66E-F581F716D73C}" = rport=139 | protocol=6 | dir=out | app=system |
"{3F973057-F990-45BA-A307-C507E75077D6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{433EC84B-2572-4D3D-A262-93B098BA9E21}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{47E0C836-2254-4823-8FFB-033493B93039}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4FD73557-EEBE-4E7D-A459-18BAACDE2207}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{574A22DB-652D-4909-919C-9F00B586C0F6}" = lport=445 | protocol=6 | dir=in | app=system |
"{5E52DB51-707F-4747-9160-D71DC80A5B8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A5F079A-46DB-4AA6-A61E-E513E179F372}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7FF00FD7-C1B2-40D9-917A-2816DEB9942B}" = rport=445 | protocol=6 | dir=out | app=system |
"{86C9C425-5E06-4FF8-B5D2-6421EE9B03E2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8C661AA6-C054-4F51-97F9-6F4EBD428054}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{922486B6-E1CA-4A6D-826F-2C5DFBB43988}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9C7D0751-63F3-424D-B0DD-4B675D06BDD3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A26037A0-56E6-4B17-B111-91885BB108D6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AB86DEB8-9F2D-4E3B-986D-FE43C477663C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B857535E-FC27-4024-BA55-F9269F9E7E1F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE20384D-59D1-4518-99BC-3651532AAD04}" = lport=138 | protocol=17 | dir=in | app=system |
"{BEABFEF8-0A29-49B9-BF43-E90B1D3AC986}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{CF33C715-4D38-4D87-9A7D-0050EDA4F1B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D9FBD0A3-634A-4E1A-A3A3-E7B8230261A5}" = rport=137 | protocol=17 | dir=out | app=system |
"{F0D53679-DDD6-427C-A440-DDAB083513E2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FAF0E7BA-3153-4AE0-96A1-66E2B45B8E95}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A405CE-4ECC-4481-B1DC-4ECF5C7F25B5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0ADF30C4-F9A3-4CA0-841F-05EA726AD46F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{10C020B4-1219-4926-B7BD-F7CD775A01EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{11E38A2C-BE75-46F4-8EF7-18F09365220D}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\checkers.exe |
"{18AC380D-4494-466D-ACA2-454D5AB90E6B}" = protocol=58 | dir=in | [email protected],-28545 |
"{1AD8FD0B-3948-4879-8447-A955E06AB688}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{1EA4400F-5AEA-4044-A16D-A00E08A72D25}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1F14F4F0-0A95-49D8-A84D-A1429E8CA4A7}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\backgammon.exe |
"{2584F1AF-8BD9-4D2F-8335-C655B95C027D}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{2C21D389-F968-4809-A31E-7580024ABF36}" = protocol=58 | dir=out | [email protected],-28546 |
"{2F104DB3-27C0-4269-81FB-39C7F3A42EBB}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{2F3DE866-3F05-4081-869C-68AE4ECEAA8D}" = protocol=1 | dir=in | [email protected],-28543 |
"{3A1B0F59-2A1A-4811-A597-AFE3527DE229}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{3C7557FA-A484-4316-846C-CBAE0692207E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{450971A8-0596-4BD5-9369-8CA2FAF98758}" = protocol=17 | dir=in | app=f:\routersetup\qiswizard.exe |
"{474824AB-8C4F-49C6-80E6-8A0101F5BF68}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{478C0332-9AD1-41D5-AF1A-A2EE42400DC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{508BB3BF-0BDB-43EA-A842-91F20C83C32B}" = protocol=6 | dir=out | app=system |
"{562F61DC-AB02-470E-ABC4-5F40485A4E30}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{588D71AD-18CB-45F7-B335-0F62AFD3FDAD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{65CB3EEA-162D-4228-AAB4-1F5B6A289152}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{672E8A32-8257-4025-8FBA-352E1DB4058B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{678B808D-96D0-4D5D-AFC2-C607526B8964}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{696248E6-3B74-4DB3-9A61-EB4EC041F55E}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{697B8C8B-2BB4-4DB6-B36C-B1ECA67B2B83}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{701C1C43-B425-4FF2-B36D-D0E6FB54C98E}" = protocol=6 | dir=in | app=f:\routersetup\qiswizard.exe |
"{71C4F7AC-9D62-41E5-9585-71B4106BB644}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{72959433-76BA-48EC-9405-7BB8684CE56F}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-n56u wireless router utilities\discovery.exe |
"{7FCA1447-4376-4707-ADD0-0A4F0D5C79B9}" = protocol=1 | dir=out | [email protected],-28544 |
"{84137761-7F3E-4179-AE87-1DC0FE4DEA84}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{92BB8F9A-7ECA-4945-9D43-B3F397A2BCAD}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-n56u wireless router utilities\qiswizard.exe |
"{A0BF44CC-1FC6-4FA3-95B0-4CD2B3F3D9C5}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-n56u wireless router utilities\liveupdate.exe |
"{A459FBDA-BAA8-4F0F-8C8A-7B1C30E8288C}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\seabattle.exe |
"{A47535A2-8D28-4A81-9E8C-A34CA2B3810A}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{A6554ECA-A4CB-4682-A101-0C74EBF38E9B}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-n56u wireless router utilities\liveupdate.exe |
"{A67F5D4C-48DF-4287-8B10-C83AE5235E89}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-n56u wireless router utilities\qiswizard.exe |
"{A6D950A8-EB9A-4BDD-BC81-CD21600A6A09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A818C7BD-8780-4261-A329-EDE2D46DC8D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AA612329-774C-4972-BACA-C4EC3E1F508A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AFF593D4-FF53-449E-86EF-17232B6931D4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BA3C89CC-E279-41E7-B6F9-C61F97E1D256}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C097EC22-23B7-4722-8263-1B67AFFB534E}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-n56u wireless router utilities\download.exe |
"{C0F34A90-A9BD-4F16-9DD4-C91805617FD6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C78EF14D-5BD0-47D3-BB97-CC7317DE77FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C7D53493-D300-4665-A0A4-1E68E3AE8590}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-n56u wireless router utilities\rescue.exe |
"{D05E4A6C-03AB-469B-859F-595312FEA2E5}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08y\faxrx.exe |
"{D4914F50-BB5B-4A5A-8698-EFD12058277B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D5435B13-095A-4C05-95AE-61B55A169604}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D77D81F8-D782-4485-9D1E-FC651A87A6BA}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-n56u wireless router utilities\download.exe |
"{D88A3ADF-2044-4416-8FD2-D297A11CF388}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-n56u wireless router utilities\discovery.exe |
"{D945171F-C057-427B-989F-A68E15539505}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-n56u wireless router utilities\rescue.exe |
"{D9995087-137B-476B-A4E2-1F71F750DB7E}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\chess.exe |
"{DA6515CD-F28D-45B6-BB4F-8568669715F4}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\easychat.exe |
"{DC38C286-0611-4F9E-856F-812DD8FD6D35}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E0175932-874C-46A8-98E4-F4F8AB3E831E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E454F2A3-5E47-4655-B723-0CE03A754B2F}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08y\faxrx.exe |
"{E8FFA633-B9BA-4E40-9981-D2F61B388F39}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F4880D9E-2CA1-48D9-9840-13BDEA3CD566}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\tictactoe.exe |
"TCP Query User{A1427B16-4CC9-4E03-854B-90909B808D23}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"TCP Query User{ABC1FFB9-BB5F-4B86-9A9A-328A91F37276}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"UDP Query User{5E9EC378-1DCC-4D08-8734-51D31E2C6031}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"UDP Query User{AB1F38FE-9284-41DA-9648-B930677D2BB5}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{57019733-78E6-43DE-8E6D-55349F0FDE6F}" = inSSIDer 2.0
"{5783F2D7-9001-0409-0102-0060B0CE6BBA}" = AutoCAD 2011 - English
"{5783F2D7-9001-0409-1102-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - English
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}" = SRS Control Panel
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"AutoCAD 2011 - English" = AutoCAD 2011 - English
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"CutePDF Writer Installation" = CutePDF Writer 2.8
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Lenovo R.I.C. (Robust Intelligent Companion)" = Lenovo R.I.C. (Robust Intelligent Companion)
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"sp6" = Logitech SetPoint 6.32
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20E970DF-A7B2-4345-9DEB-72213A29645E}" = Brother MFL-Pro Suite MFC-6490CW
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"{DBF51C81-1CD2-11E2-8E6C-F04DA23A5C58}" = Movie Studio Platinum 12.0
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera
"{E12ED970-1CD2-11E2-93BD-F04DA23A5C58}" = MSVCRT Redists
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBAF6262-DB81-4933-AB23-3C1EF27A7BA6}" = Brother MFC-6490CW
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.22beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader_is1" = Foxit Reader
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"Mozilla Thunderbird 17.0.8 (x86 en-US)" = Mozilla Thunderbird 17.0.8 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"SHARP AR-M160 M205 5220 Series T2 MFP Driver" = SHARP AR-M160/M205/5220 Series T2 MFP Driver
"uTorrent" = µTorrent
"VeriFace" = VeriFace
"VLC media player" = VLC media player 2.0.7
"WinLiveSuite" = Windows Live 程式集
"WinX HD Video Converter Deluxe_is1" = WinX HD Video Converter Deluxe 3.12.4
"Wondershare Video Editor_is1" = Wondershare Video Editor(Build 3.1.1)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"pdfsam" = pdfsam
"Photobook Designer" = Photobook Designer
"XBMC" = XBMC

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 25/8/2013 12:06:33 PM | Computer Name = LenovoY470 | Source = Brother BrLog | ID = 1001
Description = STMON BrtSTMON: [2013/08/26 00:06:33.421]: [00003384]: Don't Create
FileMapping!!!!

Error - 25/8/2013 12:08:33 PM | Computer Name = LenovoY470 | Source = Brother BrLog | ID = 1001
Description = STMON BrtSTMON: [2013/08/26 00:08:33.450]: [00003384]: Error :
ExecMonitor()

Error - 25/8/2013 12:08:33 PM | Computer Name = LenovoY470 | Source = Brother BrLog | ID = 1001
Description = STMON BrtSTMON: [2013/08/26 00:08:33.450]: [00003384]: FrendlyName
: Brother MFC-6490CW Printer

Error - 25/8/2013 12:08:33 PM | Computer Name = LenovoY470 | Source = Brother BrLog | ID = 1001
Description = STMON BrtSTMON: [2013/08/26 00:08:33.450]: [00003384]: Don't Create
FileMapping!!!!

Error - 25/8/2013 12:10:33 PM | Computer Name = LenovoY470 | Source = Brother BrLog | ID = 1001
Description = STMON BrtSTMON: [2013/08/26 00:10:33.445]: [00003384]: Error :
ExecMonitor()

Error - 25/8/2013 12:10:33 PM | Computer Name = LenovoY470 | Source = Brother BrLog | ID = 1001
Description = STMON BrtSTMON: [2013/08/26 00:10:33.445]: [00003384]: FrendlyName
: Brother MFC-6490CW Printer

Error - 25/8/2013 12:10:33 PM | Computer Name = LenovoY470 | Source = Brother BrLog | ID = 1001
Description = STMON BrtSTMON: [2013/08/26 00:10:33.445]: [00003384]: Don't Create
FileMapping!!!!

Error - 25/8/2013 12:12:33 PM | Computer Name = LenovoY470 | Source = Brother BrLog | ID = 1001
Description = STMON BrtSTMON: [2013/08/26 00:12:33.458]: [00003384]: Error :
ExecMonitor()

Error - 25/8/2013 12:12:33 PM | Computer Name = LenovoY470 | Source = Brother BrLog | ID = 1001
Description = STMON BrtSTMON: [2013/08/26 00:12:33.458]: [00003384]: FrendlyName
: Brother MFC-6490CW Printer

Error - 25/8/2013 12:12:33 PM | Computer Name = LenovoY470 | Source = Brother BrLog | ID = 1001
Description = STMON BrtSTMON: [2013/08/26 00:12:33.458]: [00003384]: Don't Create
FileMapping!!!!

[ System Events ]
Error - 25/8/2013 11:29:40 AM | Computer Name = LenovoY470 | Source = DCOM | ID = 10010
Description =

Error - 25/8/2013 11:32:48 AM | Computer Name = LenovoY470 | Source = DCOM | ID = 10016
Description =

Error - 25/8/2013 11:33:38 AM | Computer Name = LenovoY470 | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 25/8/2013 11:33:38 AM | Computer Name = LenovoY470 | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

< End of report >

#4
RKinner

Posted 25 August 2013 - 11:09 AM

Malware Expert

Expert
24,625 posts

Uninstall
JavaFX 2.1.0
Brother MFC-6490CW - download a new copy and reinstall (assuming you still have the printer). It is causing a lot of errors.

Copy the text in the code box by highlighting and Ctrl + c

:OTL
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
FF - prefs.js..browser.search.order.1: "Ask Search"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [Power2GoExpress] NA File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O33 - MountPoints2\{77b04568-0ccc-11e1-b0ce-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{77b04568-0ccc-11e1-b0ce-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\08252013-some number.log so look there if you don't see it.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
I need to see the log when it is done.
A copy of the log file will be created at => C:\Combofix.txt or C:\Combofix\combofix.txt so look there if you miss it.

You are having the usual Nvidia error. I would look and see if there is a new version yet. If not then you can fix the errors:

-Right click on Computer and select Manage:

-Go to Local Users and Groups -> Users
- Doubleclick UpdatusUser
- Click Member Of tab
- Click Add
- Type Administrators then Check Names
- Click OK, OK
- Start Services.msc
- Scroll down to "NVIDIA Update Service Daemon"
- Click Start.
- If all went well you will see a popup saying: The NVIDIA Update Service Daemon service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs.

If that doesn't work for you then as an alternative:

1) Type in services.msc in the search box. Wait until it finds it then right click and Run As Admin.
2) Scroll down to "NVIDIA Update Service Daemon"

3) Right-click it and select Properties

4) Click the Logon tab

5) Click the Log on as: Local System Account button ON

6) Click OK

7) Right click the "NVIDIA Update Service Daemon" and click Start

Hopefully it will Start then Stop.

#5
misshot

Posted 25 August 2013 - 10:49 PM

Member

Topic Starter
Member
55 posts

Hi,

Uninstalled both apps and i do not have access to Local Users and Groups. Using Win 7 Home Premium. But i did try to start the NVIDIA update services and it was started and stopped.

Below the log you requested.

OTL log

========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Prefs.js: "Ask Search" removed from browser.search.order.1
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Aimersoft Helper Compact.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MobileDocuments deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b04568-0ccc-11e1-b0ce-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77b04568-0ccc-11e1-b0ce-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b04568-0ccc-11e1-b0ce-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77b04568-0ccc-11e1-b0ce-806e6f6e6963}\ not found.
File F:\AUTORUN.EXE not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: JC
->Flash cache emptied: 523 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: JC
->Java cache emptied: 1923894 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 2.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 08262013_120959

--------------

Combofix log

ComboFix 13-08-25.01 - JC 26/08/2013 12:23:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.4040.2370 [GMT 8:00]
Running from: c:\users\JC\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Files Created from 2013-07-26 to 2013-08-26 )))))))))))))))))))))))))))))))
.
.
2013-08-26 04:32 . 2013-08-26 04:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-26 04:32 . 2013-08-26 04:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-26 04:09 . 2013-08-26 04:09 -------- d-----w- C:\_OTL
2013-08-25 15:11 . 2013-08-25 15:12 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-08-25 14:42 . 2013-08-25 14:42 -------- d-----w- c:\program files\Speccy
2013-08-25 13:21 . 2013-08-25 13:21 -------- d-----w- c:\windows\ERUNT
2013-08-25 00:59 . 2013-06-09 13:59 216064 ----a-w- c:\windows\SysWow64\gcapi_dll.dll
2013-08-25 00:55 . 2013-08-25 13:16 -------- d-----w- C:\AdwCleaner
2013-08-23 06:27 . 2013-08-23 06:27 -------- d-----w- c:\program files (x86)\ESET
2013-08-23 06:00 . 2013-08-23 06:00 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-23 06:00 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-23 06:00 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-23 06:00 . 2013-08-23 06:00 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-23 06:00 . 2013-08-23 06:00 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-23 06:00 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-23 06:00 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-23 06:00 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-23 06:00 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-23 05:59 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-08-23 05:59 . 2013-08-23 05:59 -------- d-----w- c:\program files\AVAST Software
2013-08-23 05:58 . 2013-08-23 05:59 -------- d-----w- c:\programdata\AVAST Software
2013-08-23 05:44 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF30BDDF-AAFB-41D2-98A0-2F799152FECB}\mpengine.dll
2013-08-16 07:38 . 2013-08-16 07:38 -------- d-----w- c:\windows\SysWow64\NV
2013-08-16 07:38 . 2013-08-16 07:38 -------- d-----w- c:\windows\system32\NV
2013-08-16 07:34 . 2013-06-21 12:06 9239344 ----a-w- c:\windows\system32\nvcuda.dll
2013-08-16 07:34 . 2013-06-21 12:06 7687592 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-08-16 07:34 . 2013-06-21 12:06 2953504 ----a-w- c:\windows\system32\nvcuvid.dll
2013-08-16 07:34 . 2013-06-21 12:06 2777888 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-08-16 07:34 . 2013-06-21 12:06 2363680 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-08-16 07:34 . 2013-06-21 12:06 2002720 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-08-16 07:34 . 2013-06-21 12:06 1832224 ----a-w- c:\windows\system32\nvdispco6432049.dll
2013-08-16 07:34 . 2013-06-21 12:06 1511712 ----a-w- c:\windows\system32\nvdispgenco6432049.dll
2013-08-16 07:34 . 2013-06-21 12:06 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-08-16 07:34 . 2013-06-21 12:06 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-08-16 07:32 . 2013-08-16 07:32 -------- d-----w- C:\NVIDIA
2013-08-15 07:04 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-15 07:03 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-15 07:03 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-15 07:03 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-15 07:03 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-15 07:03 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-15 07:03 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-15 07:03 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 07:03 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-15 06:59 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-15 06:59 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-15 06:58 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-15 06:58 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-15 07:17 . 2011-12-27 08:35 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-21 01:05 . 2012-01-25 00:45 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-07-10 16:27 . 2013-07-10 16:27 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-07-10 14:57 . 2012-04-21 07:36 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-10 14:57 . 2011-12-27 07:54 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-09 04:45 . 2013-08-15 07:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-28 03:28 . 2013-06-28 03:28 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-28 03:28 . 2012-05-29 12:44 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-28 03:28 . 2011-12-30 09:04 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-21 12:06 . 2012-10-25 12:02 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-06-21 12:06 . 2012-10-25 12:02 925648 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-06-21 12:06 . 2012-10-25 12:02 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2012-10-25 12:02 15144928 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-06-21 12:06 . 2011-11-12 01:24 2936208 ----a-w- c:\windows\system32\nvapi64.dll
2013-06-21 12:06 . 2011-11-12 01:24 266448 ----a-w- c:\windows\system32\nvinitx.dll
2013-06-21 12:06 . 2011-11-12 01:24 214448 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-06-21 12:06 . 2011-11-12 01:24 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-06-21 10:23 . 2011-05-02 19:35 6496544 ----a-w- c:\windows\system32\nvcpl.dll
2013-06-21 10:23 . 2011-05-02 19:35 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-06-21 10:23 . 2011-05-02 19:36 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-06-21 10:23 . 2011-05-02 19:36 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-06-21 10:23 . 2011-05-02 19:36 575264 ----a-w- c:\windows\SysWow64\oemdspif.dll
2013-06-21 10:23 . 2011-05-02 19:36 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-06-21 10:23 . 2011-05-02 19:36 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-06-21 10:23 . 2011-05-02 19:36 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-06-21 10:23 . 2011-05-02 19:36 1025312 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-06-21 00:07 . 2013-07-26 15:08 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2013-06-21 00:07 . 2013-07-26 15:08 203672 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-06-21 00:07 . 2013-07-26 15:08 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-06-21 00:07 . 2013-07-26 15:08 103448 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-06-20 04:17 . 2011-05-02 19:36 3253909 ----a-w- c:\windows\system32\nvcoproc.bin
2013-06-05 03:34 . 2013-07-10 15:07 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 15:07 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 15:07 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LenovoR.I.C.Tray"="c:\program files (x86)\Lenovo\RobustIntelligentCompanion\LenovoR.I.C.Tray.exe" [2011-11-12 2569568]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-07-26 1564016]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2013-04-18 578560]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-07-26 844656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-11-12 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-07-26 311152]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cpuz136;cpuz136;c:\users\JC\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\JC\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 libusbK;libusbK USB Driver 10/03/2011 - 3.0.4.0;c:\windows\system32\DRIVERS\libusbK.sys;c:\windows\SYSNATIVE\DRIVERS\libusbK.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 winioex;winioex;c:\windows\system32\drivers\winioex.sys;c:\windows\SYSNATIVE\drivers\winioex.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 DelayMan;ACPI DelayMan Filter Service;c:\windows\system32\DRIVERS\delayman.sys;c:\windows\SYSNATIVE\DRIVERS\delayman.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 14:57]
.
2013-08-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2013-08-25 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-11-12 02:07 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-11-12 789920]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-11-12 206176]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-11-12 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-11-12 5908928]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-13 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-13 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-13 441968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sg.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\n0v78fbv.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-08-23 14:00; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-BrMfcWnd - c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
Wow6432Node-HKLM-Run-Wondershare Helper Compact.exe - c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Wondershare Video Editor_is1 - c:\program files (x86)\Wondershare\Video Editor\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-26 12:35:00
ComboFix-quarantined-files.txt 2013-08-26 04:35
.
Pre-Run: 317,738,586,112 bytes free
Post-Run: 321,503,916,032 bytes free
.
- - End Of File - - 93DB9BA9B81F7F95E12D3422CA88F720

---------

#6
RKinner

Posted 25 August 2013 - 11:44 PM

Malware Expert

Expert
24,625 posts

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

#7
misshot

Posted 26 August 2013 - 02:56 AM

Member

Topic Starter
Member
55 posts

Ran and completed the sfc/ scannow and the result is "Windows Resource Protection did not find any integrity violations".

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 26/08/2013 4:53:27 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/08/2013 8:24:25 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/08/2013 4:32:22 AM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 26/08/2013 4:31:24 AM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 26/08/2013 4:28:01 AM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 26/08/2013 4:15:47 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 26/08/2013 4:15:47 AM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 26/08/2013 4:12:30 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/08/2013 4:10:30 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel® Management and Security Application User Notification Service service failed to start due to the following error: The pipe has been ended.

Log: 'System' Date/Time: 26/08/2013 4:10:03 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 26/08/2013 4:10:03 AM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 26/08/2013 4:08:45 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/08/2013 4:00:43 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 26/08/2013 4:00:43 AM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 26/08/2013 3:58:55 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 25/08/2013 3:33:38 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 25/08/2013 3:33:38 PM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 25/08/2013 3:32:48 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 25/08/2013 3:29:40 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/08/2013 8:22:41 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 26/08/2013 8:22:41 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 26/08/2013 8:22:41 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 26/08/2013 8:22:41 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 26/08/2013 8:21:32 AM
Type: Warning Category: 0
Event: 4 Source: k57nd60a
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 26/08/2013 4:50:36 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 26/08/2013 4:11:21 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 26/08/2013 4:11:10 AM
Type: Warning Category: 0
Event: 4 Source: k57nd60a
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 26/08/2013 4:10:31 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 26/08/2013 4:07:01 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 26/08/2013 4:06:50 AM
Type: Warning Category: 0
Event: 4 Source: k57nd60a
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 26/08/2013 4:06:16 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 26/08/2013 3:58:41 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 26/08/2013 3:58:41 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 26/08/2013 3:58:41 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 26/08/2013 3:58:41 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 26/08/2013 3:57:43 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 26/08/2013 3:57:32 AM
Type: Warning Category: 0
Event: 4 Source: k57nd60a
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 25/08/2013 4:15:51 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 25/08/2013 3:30:40 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

--------

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 26/08/2013 4:54:52 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/08/2013 8:23:17 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 26/08/2013 4:13:04 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 26/08/2013 4:08:38 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 26/08/2013 4:02:53 AM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
The event description cannot be found.

Log: 'Application' Date/Time: 26/08/2013 4:02:53 AM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
The event description cannot be found.

Log: 'Application' Date/Time: 26/08/2013 4:02:53 AM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
The event description cannot be found.

Log: 'Application' Date/Time: 26/08/2013 4:00:53 AM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
The event description cannot be found.

Log: 'Application' Date/Time: 26/08/2013 4:00:53 AM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
The event description cannot be found.

Log: 'Application' Date/Time: 26/08/2013 4:00:53 AM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
The event description cannot be found.

Log: 'Application' Date/Time: 26/08/2013 3:59:20 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 26/08/2013 3:58:53 AM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
The event description cannot be found.

Log: 'Application' Date/Time: 26/08/2013 3:58:53 AM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
The event description cannot be found.

Log: 'Application' Date/Time: 26/08/2013 3:58:53 AM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
The event description cannot be found.

Log: 'Application' Date/Time: 25/08/2013 4:14:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
The event description cannot be found.

Log: 'Application' Date/Time: 25/08/2013 4:14:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
The event description cannot be found.

Log: 'Application' Date/Time: 25/08/2013 4:14:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
The event description cannot be found.

Log: 'Application' Date/Time: 25/08/2013 4:12:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
The event description cannot be found.

Log: 'Application' Date/Time: 25/08/2013 4:12:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
The event description cannot be found.

Log: 'Application' Date/Time: 25/08/2013 4:12:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
The event description cannot be found.

Log: 'Application' Date/Time: 25/08/2013 4:10:33 PM
Type: Error Category: 0
Event: 1001 Source: Brother BrLog
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

----------

Seems like it is running more smoother now.

#8
RKinner

Posted 26 August 2013 - 10:08 AM

Malware Expert

Expert
24,625 posts

Log: 'System' Date/Time: 26/08/2013 8:22:41 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 26/08/2013 8:22:41 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 26/08/2013 8:22:41 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 26/08/2013 8:22:41 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

I think we have found the source of the slowdown. This is usually a sign of overheating. The CPU will slow down to keep from melting down. Make sure you are not running the PC on a soft surface. It must be on a hard surface or the airvents get blocked. Get Speedfan:
http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps. If they seem hot (over 50) then check Automatic Fan Speed.
Leave it running and see if the temps drop. Sometimes helps on a laptop to prop up the back with a book (don't block the air vents) - heat rises and the vents are usually in the back. Check the airvents for dust. If a desktop, open it up and clean out the dust from the heatsink and the vents on the front and back. (Leave it plugged in but off.) Turn it on and verify that the fan starts immediately.

For your other errors:

Log: 'System' Date/Time: 26/08/2013 4:15:47 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 26/08/2013 4:15:47 AM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

1) Type in services.msc in the search box. Wait until it finds it then right click and Run As Admin.
2) Scroll down to "NVIDIA Update Service Daemon"

3) Right-click it and select Properties

4) Click the Logon tab

5) Click the Log on as: Local System Account button ON

6) Click OK

Log: 'System' Date/Time: 26/08/2013 8:24:25 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Follow the procedure here:
http://www.itexperie...8-a06ad6d8b4d1/

Sometimes overheating is made worse by some process hogging the CPU.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

#9
misshot

Posted 27 August 2013 - 10:26 AM

Member

Topic Starter
Member
55 posts

Hi,

Thanks for the explanation. Didn't know that the laptop is running so hot - it doesn't feel that hot. Fanspeed shows the temp is around 50C constantly.

1) Type in services.msc in the search box. Wait until it finds it then right click and Run As Admin.
2) Scroll down to "NVIDIA Update Service Daemon"

3) Right-click it and select Properties

4) Click the Logon tab

5) Click the Log on as: Local System Account button ON

6) Click OK

Done. Change from "This Account" to "Local System Account".

-----

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 89.07 0 K 24 K 0
firefox.exe 2.62 299,024 K 324,100 K 5336 Firefox Mozilla Corporation (Verified) Mozilla Corporation
procexp64.exe 2.51 32,424 K 53,800 K 5172 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
audiodg.exe 1.82 26,928 K 27,852 K 1128 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
System 1.15 352 K 10,956 K 4
Interrupts 0.74 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 0.54 43,056 K 49,976 K 1488 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.43 3,356 K 26,660 K 684 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
nvtray.exe 0.20 31,440 K 38,592 K 3580 NVIDIA Settings NVIDIA Corporation (Verified) NVIDIA Corporation
speedfan.exe 0.18 8,860 K 18,184 K 5876 Almico Software (www.almico.com) (Verified) SOKNO S.R.L.
LenovoR.I.C.Tray.exe 0.12 18,736 K 22,984 K 3508 Lenovo RIC Lenovo (Verified) Lenovo (Beijing) Limited
Kies.exe 0.09 24,896 K 30,540 K 3792 Kies Samsung (Verified) Samsung Electronics CO.
explorer.exe 0.06 62,596 K 90,424 K 2300 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.05 42,504 K 54,560 K 1048 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 0.05 5,500 K 13,200 K 740 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.05 4,972 K 10,420 K 888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
LMS.exe 0.04 2,716 K 5,404 K 4632 Local Manageability Service Intel Corporation (Verified) Intel Corporation
svchost.exe 0.03 138,496 K 147,596 K 440 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
NvXDSync.exe 0.03 9,252 K 20,432 K 1580 NVIDIA User Experience Driver Component NVIDIA Corporation (Verified) NVIDIA Corporation
svchost.exe 0.03 30,892 K 33,812 K 1272 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
nvvsvc.exe 0.03 6,376 K 14,808 K 1588 NVIDIA Driver Helper Service, Version 320.49 NVIDIA Corporation (Verified) NVIDIA Corporation
IAStorDataMgrSvc.exe 0.03 20,044 K 17,352 K 692 IAStorDataSvc Intel Corporation (Verified) Intel Corporation
AppleMobileDeviceService.exe 0.03 3,356 K 9,764 K 1904 MobileDeviceService Apple Inc. (Verified) Apple Inc.
dllhost.exe 0.02 6,460 K 14,344 K 6556 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
AvastUI.exe 0.01 16,848 K 17,212 K 4448 avast! Antivirus AVAST Software (Verified) AVAST Software
AvastSvc.exe 0.01 37,600 K 4,016 K 1364 avast! Service AVAST Software (Verified) AVAST Software
svchost.exe 0.01 10,488 K 18,004 K 2864 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iPodService.exe 0.01 3,496 K 8,068 K 4940 iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
msdtc.exe < 0.01 4,536 K 9,148 K 6644 Microsoft Distributed Transaction Coordinator Service Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe < 0.01 21,656 K 41,172 K 3688 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 15,364 K 25,184 K 116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 2,476 K 4,840 K 584 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 12,244 K 15,568 K 4192 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe < 0.01 15,096 K 16,284 K 2996 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SynTPEnh.exe < 0.01 13,412 K 20,360 K 3228 Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
WLIDSVC.EXE < 0.01 7,900 K 15,852 K 5404 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
svchost.exe < 0.01 41,396 K 48,332 K 2028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
YCMMirage.exe < 0.01 2,800 K 636 K 3920 YouCam Mirage CyberLink (Verified) CyberLink
SearchIndexer.exe < 0.01 46,272 K 26,672 K 3484 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
IAStorIcon.exe < 0.01 27,672 K 27,376 K 4176 IAStorIcon Intel Corporation (Verified) Intel Corporation
nusb3mon.exe < 0.01 2,960 K 7,000 K 4372 USB 3.0 Monitor Renesas Electronics Corporation (Verified) Renesas Electronics Corporation
iTunesHelper.exe < 0.01 5,856 K 13,960 K 4788 iTunesHelper Apple Inc. (Verified) Apple Inc.
WmiPrvSE.exe 3,700 K 7,472 K 5252 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 2,204 K 4,360 K 5480 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 3,380 K 7,804 K 804 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,744 K 4,612 K 660 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
utility.exe 11,308 K 15,804 K 3584 Lenovo Battery Management Software Ver 6.0 Lenovo(beijing) Limited (Verified) Lenovo (Beijing) Limited
UNS.exe 3,560 K 7,940 K 5864 User Notification Service Intel Corporation (Verified) Intel Corporation
taskeng.exe 4,300 K 8,852 K 3844 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 2,268 K 4,520 K 3568 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 28,012 K 24,996 K 572 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,564 K 9,856 K 1008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 12,420 K 15,436 K 1784 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,604 K 5,584 K 1144 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,480 K 6,152 K 3576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,064 K 5,508 K 2024 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,616 K 5,940 K 2384 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 8,540 K 14,388 K 1736 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 552 K 1,196 K 388 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
SetPoint.exe 10,572 K 20,232 K 3604 Logitech SetPoint Event Manager (UNICODE) Logitech, Inc. (Verified) Logitech
services.exe 6,408 K 9,832 K 716 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
RAVCpl64.exe 10,576 K 12,940 K 3172 Realtek HD Audio Manager Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
procexp.exe 3,640 K 8,504 K 1576 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 28,676 K 22,428 K 3316 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Windows
PManage.exe 3,244 K 8,500 K 4580 VeriFace Tray Icon Manager Lenovo (Verified) Lenovo (Beijing) Limited
OnekeySupport.exe 2,232 K 6,160 K 3612 (Verified) Lenovo (Beijing) Limited
OnekeyStudio.exe 15,884 K 14,360 K 3332 Lenovo Onekey Theater Application Lenovo (Verified) Lenovo (Beijing) Limited
nvvsvc.exe 3,216 K 7,736 K 968 NVIDIA Driver Helper Service, Version 320.49 NVIDIA Corporation (Verified) NVIDIA Corporation
mDNSResponder.exe 2,452 K 5,836 K 1748 Bonjour Service Apple Inc. (Verified) Apple Inc.
lsm.exe 2,980 K 4,572 K 748 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
KiesTrayAgent.exe 6,360 K 15,464 K 4724 Kies TrayAgent Application Samsung Electronics Co., Ltd. (Verified) Samsung Electronics CO.
KiesAirMessage.exe 13,044 K 22,820 K 608 Samsung Electronics (No signature was present in the subject) Samsung Electronics
KHALMNPR.exe 8,032 K 14,376 K 3996 Logitech KHAL Main Process Logitech, Inc. (Verified) Logitech
jusched.exe 2,344 K 6,300 K 2368 Java™ Update Scheduler Oracle Corporation (Verified) Oracle America
igfxtray.exe 4,868 K 9,496 K 3748 igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 5,540 K 12,196 K 3300 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
hkcmd.exe 4,796 K 9,488 K 3880 hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
Energy Management.exe 8,132 K 13,600 K 3476 Lenovo Energy Management Software 6.0 Lenovo (Beijing) Limited (Verified) Lenovo (Beijing) Limited
dllhost.exe 3,420 K 8,464 K 4832 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
btwdins.exe 2,480 K 5,988 K 1928 Bluetooth Support Server Broadcom Corporation. (Verified) Broadcom Corporation

#10
RKinner

Posted 27 August 2013 - 11:01 AM

Malware Expert

Expert
24,625 posts

50 is OK for a laptop. If it starts climbing then we need to do something to cool it. Another possible reason for it running slow is that the laptop is running on batteries in power saver mode. Go into Control Panel. Power Options and see if it is set for balanced or high performance. I like High Performance when it is plugged in.

Process Explorer is not showing anything wrong.

Let's see if we have any new slowdowns reported since you have installed Speedfan.

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#11
misshot

Posted 28 August 2013 - 09:25 AM

Member

Topic Starter
Member
55 posts

The temp seems to be more stable now. Used to reach 60C sometimes the last time i switch on the laptop.

Below's the log.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 28/08/2013 11:17:49 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 28/08/2013 3:17:12 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

----------

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 28/08/2013 11:22:08 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/08/2013 3:28:34 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 28/08/2013 3:28:34 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 28/08/2013 3:28:34 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 28/08/2013 3:28:34 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 28/08/2013 3:15:25 PM
Type: Warning Category: 0
Event: 4 Source: k57nd60a
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 28/08/2013 3:14:54 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Edited by misshot, 28 August 2013 - 09:45 AM.

#12
RKinner

Posted 28 August 2013 - 09:57 AM

Malware Expert

Expert
24,625 posts

Log: 'System' Date/Time: 28/08/2013 3:28:34 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 28/08/2013 3:28:34 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 28/08/2013 3:28:34 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 28/08/2013 3:28:34 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Still looks like it thinks it is hot but 60 should not be enough to trigger this. Another possibility is this is an HP Laptop and the center pin on the connector is defective. You are plugged into AC right? Did you check the power options to make sure you are not set to power saver?

Go into the BIOS set up and see if you have Intel® SpeedStep Technology enabled. Turn it off if you do.

#13
misshot

Posted 28 August 2013 - 10:38 AM

Member

Topic Starter
Member
55 posts

Nope, using Levono laptop. The energy performance was set to "High performance".

BIOS do not have that option. xD

Here's the spec of the laptop.

-------

Summary
Operating System
Windows 7 Home Premium 64-bit SP1
CPU
Intel Core i5 2430M @ 2.40GHz 63 °C
Sandy Bridge 32nm Technology
RAM
4.00GB Single-Channel DDR3 @ 665MHz (9-9-9-24)
Motherboard
LENOVO Base Board Product Name (CPU1) 63 °C
Graphics
Generic PnP Monitor (1366x768@40Hz)
Intel HD Graphics 3000 (Lenovo)
1024MB NVIDIA GeForce GT 550M (Lenovo) 46 °C
Hard Drives
699GB Western Digital WDC WD7500BPVT-24HXZT3 (SATA) 46 °C
Optical Drives
MATSHITA DVD-RAM UJ8B1AS
Audio
Realtek High Definition Audio
Operating System
Windows 7 Home Premium 64-bit SP1
Computer type: Notebook
Installation Date: 27/12/2011 2:04:18 PM
Windows Security Center
User Account Control (UAC) Enabled
Notify level 2 - Default
Firewall Enabled
Windows Update
AutoUpdate Not configured
Windows Defender
Windows Defender Enabled
Antivirus
Antivirus Enabled
Company Name AVAST Software
Display Name avast! Antivirus
Product Version 8.0.1489.0
Virus Signature Database Up to date
.NET Frameworks installed
v4.5 Full
v4.5 Client
v3.5 SP1
v3.0 SP2
v2.0 SP2
Internet Explorer
Version 10.0.9200.16660
PowerShell
Version 2.0
Java
Java Runtime Environment
Path C:\Program Files (x86)\Java\jre7\bin\java.exe
Version 7.0
Update 25
Build 17
Environment Variables
USERPROFILE C:\Users\JC
SystemRoot C:\windows
User Variables
TEMP C:\Users\JC\AppData\Local\Temp
TMP C:\Users\JC\AppData\Local\Temp
MOZ_PLUGIN_PATH C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\
Machine Variables
ComSpec C:\windows\system32\cmd.exe
FP_NO_HOST_CHECK NO
OS Windows_NT
Path C:\windows\system32
C:\windows
C:\windows\system32\wbem
C:\Program Files\Common Files\Microsoft Shared\Windows Live
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live
%SYSTEMROOT%\System32\WindowsPowerShell\v1.0
C:\Program Files\Lenovo\Bluetooth Software
C:\Program Files\Lenovo\Bluetooth Software\syswow64
C:\Program Files\Broadcom\WHL
C:\Program Files\Broadcom\WHL\syswow64
C:\Program Files\Broadcom\WHL\SysWow64
C:\Program Files\Broadcom\WHL\SysWow64\syswow64
C:\Program Files (x86)\Windows Live\Shared
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE AMD64
TEMP C:\windows\TEMP
TMP C:\windows\TEMP
USERNAME SYSTEM
windir C:\windows
PSModulePath C:\windows\system32\WindowsPowerShell\v1.0\Modules\
NUMBER_OF_PROCESSORS 4
PROCESSOR_LEVEL 6
PROCESSOR_IDENTIFIER Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
PROCESSOR_REVISION 2a07
windows_tracing_logfile C:\BVTBin\Tests\installpackage\csilogfile.log
windows_tracing_flags 3
configsetroot C:\windows\ConfigSetRoot
LenovoTestLogFile preload.log
LenovoTestPath C:\prdv10\
asl.log Destination=file
TVT C:\Program Files (x86)\Lenovo
Battery
AC Line Online
Battery Charge % 46 %
Battery State Unknown status
Remaining Battery Time Unknown
Power Profile
Active power scheme High performance
Hibernation Enabled
Turn Off Monitor after: (On AC Power) 15 min
Turn Off Monitor after: (On Battery Power) 10 min
Turn Off Hard Disk after: (On AC Power) 20 min
Turn Off Hard Disk after: (On Battery Power) 20 min
Suspend after: (On AC Power) Never
Suspend after: (On Battery Power) Never
Screen saver Disabled
Uptime
Current Session
Current Time 29/8/2013 12:34:47 AM
Current Uptime 312 sec (0 d, 00 h, 05 m, 12 s)
Last Boot Time 29/8/2013 12:29:35 AM
TimeZone
TimeZone GMT +8:00 Hours
Language English (Singapore)
Location Singapore
Format English (Singapore)
Currency $
Date Format d/M/yyyy
Time Format h:mm:ss tt
Process List
AppleMobileDeviceService.exe
Process ID 1892
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Memory Usage 9.45 MB
Peak Memory Usage 9.45 MB
audiodg.exe
Process ID 1136
AvastSvc.exe
Process ID 1352
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\AVAST Software\Avast\AvastSvc.exe
Memory Usage 51 MB
Peak Memory Usage 70 MB
AvastUI.exe
Process ID 3756
User JC
Domain LENOVOY470
Path C:\Program Files\AVAST Software\Avast\AvastUI.exe
Memory Usage 6.25 MB
Peak Memory Usage 21 MB
btwdins.exe
Process ID 1988
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
Memory Usage 5.94 MB
Peak Memory Usage 6.64 MB
csrss.exe
Process ID 588
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\csrss.exe
Memory Usage 4.57 MB
Peak Memory Usage 4.57 MB
csrss.exe
Process ID 676
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\csrss.exe
Memory Usage 21 MB
Peak Memory Usage 29 MB
dllhost.exe
Process ID 5536
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\DllHost.exe
Memory Usage 8.32 MB
Peak Memory Usage 8.34 MB
dwm.exe
Process ID 2796
User JC
Domain LENOVOY470
Path C:\windows\system32\Dwm.exe
Memory Usage 47 MB
Peak Memory Usage 53 MB
Energy Management.exe
Process ID 3488
User JC
Domain LENOVOY470
Path C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
Memory Usage 12 MB
Peak Memory Usage 12 MB
explorer.exe
Process ID 3052
User JC
Domain LENOVOY470
Path C:\windows\Explorer.EXE
Memory Usage 59 MB
Peak Memory Usage 59 MB
firefox.exe
Process ID 256
User JC
Domain LENOVOY470
Path C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Memory Usage 301 MB
Peak Memory Usage 316 MB
FlashPlayerPlugin_11_3_300_271.exe
Process ID 5212
User JC
Domain LENOVOY470
Path C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Memory Usage 12 MB
Peak Memory Usage 12 MB
FlashPlayerPlugin_11_3_300_271.exe
Process ID 5236
User JC
Domain LENOVOY470
Path C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Memory Usage 9.21 MB
Peak Memory Usage 9.21 MB
FlashPlayerPlugin_11_8_800_94.exe
Process ID 3432
User JC
Domain LENOVOY470
Path C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
Memory Usage 12 MB
Peak Memory Usage 12 MB
FlashPlayerPlugin_11_8_800_94.exe
Process ID 4824
User JC
Domain LENOVOY470
Path C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
Memory Usage 11 MB
Peak Memory Usage 11 MB
hkcmd.exe
Process ID 3644
User JC
Domain LENOVOY470
Path C:\Windows\System32\hkcmd.exe
Memory Usage 7.56 MB
Peak Memory Usage 7.64 MB
IAStorDataMgrSvc.exe
Process ID 6044
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Intel\Intel Rapid Storage Technology\IAStorDataMgrSvc.exe
Memory Usage 17 MB
Peak Memory Usage 17 MB
IAStorIcon.exe
Process ID 1552
User JC
Domain LENOVOY470
Path C:\Program Files (x86)\Intel\Intel Rapid Storage Technology\IAStorIcon.exe
Memory Usage 24 MB
Peak Memory Usage 24 MB
igfxpers.exe
Process ID 3668
User JC
Domain LENOVOY470
Path C:\Windows\System32\igfxpers.exe
Memory Usage 10 MB
Peak Memory Usage 11 MB
igfxtray.exe
Process ID 3636
User JC
Domain LENOVOY470
Path C:\Windows\System32\igfxtray.exe
Memory Usage 7.79 MB
Peak Memory Usage 7.85 MB
iPodService.exe
Process ID 4024
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\iPod\bin\iPodService.exe
Memory Usage 7.79 MB
Peak Memory Usage 7.82 MB
iTunesHelper.exe
Process ID 3596
User JC
Domain LENOVOY470
Path C:\Program Files (x86)\iTunes\iTunesHelper.exe
Memory Usage 12 MB
Peak Memory Usage 12 MB
jusched.exe
Process ID 3716
User JC
Domain LENOVOY470
Path C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Memory Usage 5.65 MB
Peak Memory Usage 5.65 MB
KHALMNPR.exe
Process ID 3852
User JC
Domain LENOVOY470
Path C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
Memory Usage 13 MB
Peak Memory Usage 13 MB
Kies.exe
Process ID 3772
User JC
Domain LENOVOY470
Path C:\Program Files (x86)\Samsung\Kies\Kies.exe
Memory Usage 29 MB
Peak Memory Usage 29 MB
KiesAirMessage.exe
Process ID 3780
User JC
Domain LENOVOY470
Path C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
Memory Usage 22 MB
Peak Memory Usage 22 MB
KiesPDLR.exe
Process ID 3800
User JC
Domain LENOVOY470
Path C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
Memory Usage 26 MB
Peak Memory Usage 26 MB
KiesTrayAgent.exe
Process ID 3372
User JC
Domain LENOVOY470
Path C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
Memory Usage 13 MB
Peak Memory Usage 13 MB
LenovoR.I.C.Tray.exe
Process ID 3700
User JC
Domain LENOVOY470
Path C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\LenovoR.I.C.Tray.exe
Memory Usage 22 MB
Peak Memory Usage 24 MB
LMS.exe
Process ID 5892
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Intel\Intel Management Engine Components\LMS\LMS.exe
Memory Usage 5.24 MB
Peak Memory Usage 5.24 MB
lsass.exe
Process ID 736
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\lsass.exe
Memory Usage 13 MB
Peak Memory Usage 13 MB
lsm.exe
Process ID 744
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\lsm.exe
Memory Usage 4.43 MB
Peak Memory Usage 4.44 MB
mDNSResponder.exe
Process ID 1104
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Bonjour\mDNSResponder.exe
Memory Usage 5.61 MB
Peak Memory Usage 5.61 MB
nusb3mon.exe
Process ID 3200
User JC
Domain LENOVOY470
Path C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
Memory Usage 6.41 MB
Peak Memory Usage 6.41 MB
nvtray.exe
Process ID 3560
User JC
Domain LENOVOY470
Path C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Memory Usage 15 MB
Peak Memory Usage 15 MB
nvvsvc.exe
Process ID 1576
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\nvvsvc.exe
Memory Usage 14 MB
Peak Memory Usage 14 MB
nvvsvc.exe
Process ID 964
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\nvvsvc.exe
Memory Usage 7.39 MB
Peak Memory Usage 7.41 MB
NvXDSync.exe
Process ID 1568
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
Memory Usage 20 MB
Peak Memory Usage 20 MB
OnekeyStudio.exe
Process ID 3420
User JC
Domain LENOVOY470
Path C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
Memory Usage 14 MB
Peak Memory Usage 14 MB
OnekeySupport.exe
Process ID 4176
User JC
Domain LENOVOY470
Path C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
Memory Usage 6.07 MB
Peak Memory Usage 6.07 MB
plugin-container.exe
Process ID 5148
User JC
Domain LENOVOY470
Path C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Memory Usage 16 MB
Peak Memory Usage 16 MB
plugin-container.exe
Process ID 3364
User JC
Domain LENOVOY470
Path C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Memory Usage 18 MB
Peak Memory Usage 18 MB
PManage.exe
Process ID 3452
User JC
Domain LENOVOY470
Path C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
Memory Usage 7.86 MB
Peak Memory Usage 7.91 MB
PrintIsolationHost.exe
Process ID 5432
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\PrintIsolationHost.exe
Memory Usage 5.24 MB
Peak Memory Usage 5.24 MB
RAVCpl64.exe
Process ID 3304
User JC
Domain LENOVOY470
Path C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
Memory Usage 13 MB
Peak Memory Usage 13 MB
SearchFilterHost.exe
Process ID 4184
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\SearchFilterHost.exe
Memory Usage 6.19 MB
Peak Memory Usage 6.19 MB
SearchIndexer.exe
Process ID 3540
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\SearchIndexer.exe
Memory Usage 8.85 MB
Peak Memory Usage 20 MB
SearchProtocolHost.exe
Process ID 2020
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\SearchProtocolHost.exe
Memory Usage 6.16 MB
Peak Memory Usage 6.16 MB
services.exe
Process ID 716
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\services.exe
Memory Usage 9.63 MB
Peak Memory Usage 15 MB
SetPoint.exe
Process ID 3628
User JC
Domain LENOVOY470
Path C:\Program Files\Logitech\SetPointP\SetPoint.exe
Memory Usage 20 MB
Peak Memory Usage 20 MB
smss.exe
Process ID 388
User SYSTEM
Domain NT AUTHORITY
Path \SystemRoot\System32\smss.exe
Memory Usage 1.18 MB
Peak Memory Usage 1.20 MB
Speccy64.exe
Process ID 6032
User JC
Domain LENOVOY470
Path C:\Program Files\Speccy\Speccy64.exe
Memory Usage 30 MB
Peak Memory Usage 30 MB
spoolsv.exe
Process ID 1724
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\System32\spoolsv.exe
Memory Usage 15 MB
Peak Memory Usage 15 MB
sppsvc.exe
Process ID 5456
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\sppsvc.exe
Memory Usage 4.82 MB
Peak Memory Usage 4.82 MB
svchost.exe
Process ID 1048
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 39 MB
Peak Memory Usage 39 MB
svchost.exe
Process ID 596
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 19 MB
Peak Memory Usage 19 MB
svchost.exe
Process ID 436
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\System32\svchost.exe
Memory Usage 126 MB
Peak Memory Usage 127 MB
svchost.exe
Process ID 604
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\windows\System32\svchost.exe
Memory Usage 21 MB
Peak Memory Usage 21 MB
svchost.exe
Process ID 1004
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 8.62 MB
Peak Memory Usage 8.64 MB
svchost.exe
Process ID 3148
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\windows\System32\svchost.exe
Memory Usage 14 MB
Peak Memory Usage 15 MB
svchost.exe
Process ID 2096
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 6.85 MB
Peak Memory Usage 7.14 MB
svchost.exe
Process ID 888
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 9.75 MB
Peak Memory Usage 10 MB
svchost.exe
Process ID 2944
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 17 MB
Peak Memory Usage 17 MB
svchost.exe
Process ID 1884
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\System32\svchost.exe
Memory Usage 27 MB
Peak Memory Usage 43 MB
svchost.exe
Process ID 1240
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 5.38 MB
Peak Memory Usage 5.43 MB
svchost.exe
Process ID 1760
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 16 MB
Peak Memory Usage 51 MB
svchost.exe
Process ID 1868
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\System32\svchost.exe
Memory Usage 3.57 MB
Peak Memory Usage 3.59 MB
svchost.exe
Process ID 1256
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 18 MB
Peak Memory Usage 18 MB
svchost.exe
Process ID 1160
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 5.23 MB
Peak Memory Usage 5.23 MB
SynTPEnh.exe
Process ID 3412
User JC
Domain LENOVOY470
Path C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Memory Usage 8.84 MB
Peak Memory Usage 8.89 MB
System
Process ID 4
System Idle Process
Process ID 0
taskeng.exe
Process ID 3240
User JC
Domain LENOVOY470
Path C:\windows\system32\taskeng.exe
Memory Usage 6.93 MB
Peak Memory Usage 7.00 MB
taskhost.exe
Process ID 2364
User JC
Domain LENOVOY470
Path C:\windows\system32\taskhost.exe
Memory Usage 13 MB
Peak Memory Usage 13 MB
utility.exe
Process ID 3552
User JC
Domain LENOVOY470
Path C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
Memory Usage 15 MB
Peak Memory Usage 15 MB
wininit.exe
Process ID 652
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\wininit.exe
Memory Usage 4.54 MB
Peak Memory Usage 4.61 MB
winlogon.exe
Process ID 796
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\winlogon.exe
Memory Usage 7.61 MB
Peak Memory Usage 8.46 MB
WmiPrvSE.exe
Process ID 4936
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\wbem\wmiprvse.exe
Memory Usage 13 MB
Peak Memory Usage 13 MB
WmiPrvSE.exe
Process ID 3656
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\wbem\wmiprvse.exe
Memory Usage 16 MB
Peak Memory Usage 17 MB
wmpnetwk.exe
Process ID 4244
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Program Files\Windows Media Player\wmpnetwk.exe
Memory Usage 40 MB
Peak Memory Usage 40 MB
YCMMirage.exe
Process ID 3280
User JC
Domain LENOVOY470
Path C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
Memory Usage 3.11 MB
Peak Memory Usage 6.67 MB
Scheduler
29/8/2013 1:14 AM; Adobe Flash Player Updater
29/8/2013 2:00 PM; SystemToolsDailyTest
1/9/2013 9:00 PM; PCDoctorBackgroundMonitorTask
PCDEventLauncher
Hotfixes
27/8/2013 Definition Update for Windows Defender - KB915597 (Definition 1.157.478.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
23/8/2013 Definition Update for Windows Defender - KB915597 (Definition 1.157.217.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
16/8/2013 Definition Update for Windows Defender - KB915597 (Definition 1.155.2386.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
15/8/2013 Security Update for Windows 7 for x64-based Systems (KB2862966)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
15/8/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2844286)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
15/8/2013 Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2862772)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
15/8/2013 Update for Windows 7 for x64-based Systems (KB2863058)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
15/8/2013 Security Update for Microsoft .NET Framework 4.5 on Windows 7, Vista, Windows Server 2008, Windows Server 2008 R2 for x64 (KB2840642)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
15/8/2013 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
15/8/2013 Security Update for Windows 7 for x64-based Systems (KB2803821)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
15/8/2013 Update for Microsoft Office 2007 suites (KB2767849)
Microsoft has released an update for Microsoft Office 2007 suites
. This update provides the latest fixes to Microsoft Office 2007
suites . Additionally, this update contains stability and performance
improvements.
15/8/2013 Security Update for Windows 7 for x64-based Systems (KB2849470)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
15/8/2013 Windows Malicious Software Removal Tool x64 - August 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
15/8/2013 Update for Microsoft Office Outlook 2007 (KB2768023)
Microsoft has released an update for Microsoft Office Outlook
2007 . This update provides the latest fixes to Microsoft Office
Outlook 2007 . Additionally, this update contains stability and
performance improvements.
15/8/2013 Security Update for Windows 7 for x64-based Systems (KB2859537)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
15/8/2013 Security Update for Windows 7 for x64-based Systems (KB2861855)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
15/8/2013 Security Update for Windows 7 for x64-based Systems (KB2868623)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
15/8/2013 Security Update for Windows 7 for x64-based Systems (KB2849470)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
15/8/2013 Windows Malicious Software Removal Tool x64 - August 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
15/8/2013 Update for Microsoft Office Outlook 2007 (KB2768023)
Microsoft has released an update for Microsoft Office Outlook
2007 . This update provides the latest fixes to Microsoft Office
Outlook 2007 . Additionally, this update contains stability and
performance improvements.
15/8/2013 Security Update for Windows 7 for x64-based Systems (KB2859537)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
15/8/2013 Definition Update for Windows Defender - KB915597 (Definition 1.155.2116.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
9/8/2013 Definition Update for Windows Defender - KB915597 (Definition 1.155.1346.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
31/7/2013 Definition Update for Windows Defender - KB915597 (Definition 1.155.1072.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
26/7/2013 Definition Update for Windows Defender - KB915597 (Definition 1.155.831.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
25/7/2013 Definition Update for Windows Defender - KB915597 (Definition 1.155.565.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
19/7/2013 Definition Update for Windows Defender - KB915597 (Definition 1.155.311.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
16/7/2013 Definition Update for Windows Defender - KB915597 (Definition 1.155.29.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
15/7/2013 Windows Malicious Software Removal Tool x64 - July 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
15/7/2013 Definition Update for Windows Defender - KB915597 (Definition 1.153.1833.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
10/7/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2840631)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/7/2013 Windows Malicious Software Removal Tool x64 - July 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
10/7/2013 Security Update for Windows 7 for x64-based Systems (KB2847927)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/7/2013 Security Update for Microsoft .NET Framework 4.5 on Windows 7, Vista, Windows Server 2008, Windows Server 2008 R2 for x64 (KB2833957)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/7/2013 Security Update for Windows 7 for x64-based Systems (KB2845187)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/7/2013 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
10/7/2013 Security Update for Windows 7 for x64-based Systems (KB2803821)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/7/2013 Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2846071)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/7/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2833946)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/7/2013 Security Update for Microsoft Office 2007 suites (KB2687309)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/7/2013 Security Update for Windows 7 for x64-based Systems (KB2850851)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/7/2013 Security Update for Microsoft .NET Framework 4.5 on Windows 7, Vista, Windows Server 2008, Windows Server 2008 R2 for x64 (KB2840642)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/7/2013 Security Update for Windows 7 for x64-based Systems (KB2835364)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/7/2013 Security Update for Microsoft Silverlight (KB2847559)
This security update to Silverlight includes fixes outlined in
KB 2847559. This update is backward compatible with web applications
built using previous versions of Silverlight.
10/7/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2844286)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/7/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2832414)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/7/2013 Security Update for Windows 7 for x64-based Systems (KB2834886)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
10/7/2013 Security Update for Windows 7 for x64-based Systems (KB2835361)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
9/7/2013 Definition Update for Windows Defender - KB915597 (Definition 1.153.1573.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
5/7/2013 Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2836942)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
5/7/2013 Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2836943)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
5/7/2013 Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2836942)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
5/7/2013 Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2836943)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
5/7/2013 Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2836943)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
5/7/2013 Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2836942)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
5/7/2013 Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2836942)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
5/7/2013 Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2836943)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
5/7/2013 Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2836942)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
5/7/2013 Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2836943)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
5/7/2013 Definition Update for Windows Defender - KB915597 (Definition 1.153.1309.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2/7/2013 Definition Update for Windows Defender - KB915597 (Definition 1.153.1042.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
28/6/2013 Definition Update for Windows Defender - KB915597 (Definition 1.153.790.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
27/6/2013 Definition Update for Windows Defender - KB915597 (Definition 1.153.562.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
18/6/2013 Definition Update for Windows Defender - KB915597 (Definition 1.153.22.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
15/6/2013 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
15/6/2013 Security Update for Windows 7 for x64-based Systems (KB2845690)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
15/6/2013 Windows Malicious Software Removal Tool x64 - June 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
15/6/2013 Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2838727)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
15/6/2013 Security Update for Windows 7 for x64-based Systems (KB2839894)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
15/6/2013 Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2859903)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
15/6/2013 Update for Windows 7 for x64-based Systems (KB2808679)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
15/6/2013 Update for Windows 7 for x64-based Systems (KB2836502)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
15/6/2013 Security Update for Windows 7 for x64-based Systems (KB2813430)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
15/6/2013 Update for Windows 7 for x64-based Systems (KB2834140)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
15/6/2013 Definition Update for Windows Defender - KB915597 (Definition 1.151.2213.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
11/6/2013 Definition Update for Windows Defender - KB915597 (Definition 1.151.1977.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
8/6/2013 Definition Update for Windows Defender - KB915597 (Definition 1.151.1787.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
6/6/2013 Update for Microsoft .NET Framework 4.5 on Windows 7, Vista, Windows Server 2008 and Windows Server 2008 R2 for x64 (KB2805221)
This update addresses reliability, stability, compatibility and
performance issues in Microsoft .NET Framework 4.5. After you
install this item, you may have to restart your computer.
6/6/2013 Update for Microsoft .NET Framework 4.5 on Windows 7, Vista, Windows Server 2008 and Windows Server 2008 R2 for x64 (KB2805226)
This update addresses reliability, stability, compatibility and
performance issues in Microsoft .NET Framework 4.5. After you
install this item, you may have to restart your computer.
5/6/2013 Definition Update for Windows Defender - KB915597 (Definition 1.151.1542.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
23/5/2013 Definition Update for Windows Defender - KB915597 (Definition 1.151.543.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
18/5/2013 Definition Update for Windows Defender - KB915597 (Definition 1.151.280.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
16/5/2013 Definition Update for Windows Defender - KB915597 (Definition 1.151.173.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
15/5/2013 Security Update for Windows 7 for x64-based Systems (KB2830290)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
15/5/2013 Update for Windows 7 for x64-based Systems (KB2820331)
Install this update to resolve a set of known application compatibility
issues with Windows. For a complete listing of the issues that
are included in this update, see the associated Microsoft Knowledge
Base article for more information. After you install this item,
you may have to restart your computer.
15/5/2013 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
15/5/2013 Update for Windows 7 for x64-based Systems (KB2798162)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
15/5/2013 Update for Windows 7 for x64-based Systems (KB2813956)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
15/5/2013 Security Update for Microsoft .NET Framework 4.5 on Windows 7, Vista, Server 2008, and Server 2008 R2 for x64 (KB2804582)
A security issue has been identified that could allow an attacker
to misrepresent a system action or behavior without the knowledge
of the user. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
15/5/2013 Security Update for Windows 7 for x64-based Systems (KB2829361)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
15/5/2013 Windows Malicious Software Removal Tool x64 - May 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
15/5/2013 Security Update for Microsoft Office Publisher 2007 (KB2597971)
A security vulnerability exists in Microsoft Office Publisher
2007 that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
15/5/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2804579)
A security issue has been identified that could allow an attacker
to misrepresent a system action or behavior without the knowledge
of the user. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
15/5/2013 Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2829530)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
15/5/2013 Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB2820197)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
15/5/2013 Definition Update for Windows Defender - KB915597 (Definition 1.151.12.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
14/5/2013 Definition Update for Windows Defender - KB915597 (Definition 1.149.1902.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
11/5/2013 Definition Update for Windows Defender - KB915597 (Definition 1.149.1652.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
8/5/2013 Definition Update for Windows Defender - KB915597 (Definition 1.149.1380.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
3/5/2013 Definition Update for Windows Defender - KB915597 (Definition 1.149.1143.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
30/4/2013 Definition Update for Windows Defender - KB915597 (Definition 1.149.884.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
26/4/2013 Definition Update for Windows Defender - KB915597 (Definition 1.149.649.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
24/4/2013 Security Update for Windows 7 for x64-based Systems (KB2840149)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
23/4/2013 Definition Update for Windows Defender - KB915597 (Definition 1.149.350.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
20/4/2013 Definition Update for Windows Defender - KB915597 (Definition 1.149.131.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
13/4/2013 Security Update for Windows 7 for x64-based Systems (KB2813347)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
13/4/2013 Windows Malicious Software Removal Tool x64 - April 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
13/4/2013 Security Update for Windows 7 for x64-based Systems (KB2808735)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
13/4/2013 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
13/4/2013 Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2817183)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
13/4/2013 Update for Windows 7 for x64-based Systems (KB2799926)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
13/4/2013 Security Update for Windows 7 for x64-based Systems (KB2813170)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
12/4/2013 Definition Update for Windows Defender - KB915597 (Definition 1.147.1685.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
9/4/2013 Definition Update for Windows Defender - KB915597 (Definition 1.147.1392.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
8/4/2013 Definition Update for Windows Defender - KB915597 (Definition 1.147.1105.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2/4/2013 Definition Update for Windows Defender - KB915597 (Definition 1.147.868.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
30/3/2013 Definition Update for Windows Defender - KB915597 (Definition 1.147.700.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
27/3/2013 Definition Update for Windows Defender - KB915597 (Definition 1.147.471.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
22/3/2013 Definition Update for Windows Defender - KB915597 (Definition 1.147.212.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
20/3/2013 Internet Explorer 10 for Windows 7 for x64-based Systems
Internet Explorer 10 is fast and fluid, and lets your websites
shine and perform just like native apps on your PC.
Internet
Explorer 10. Fast and fluid for Windows 7.
• Fast. Internet
Explorer 10 harnesses the untapped power of your PC, delivering
pages full of vivid graphics, smoother video, and interactive
content.
• Easy. Experience the web the way you want to with
pinned sites, built-in Spellcheck, and seamless integration with
your PC running Windows 7.
• Safer. Improved features like SmartScreen
Filter and Tracking Protection let you be more aware of threats
to your PC and your privacy.
20/3/2013 Security Update for Windows 7 for x64-based Systems (KB2807986)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
20/3/2013 Platform Update for Windows 7 x64-Edition (KB2670838)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
19/3/2013 Definition Update for Windows Defender - KB915597 (Definition 1.145.2105.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
15/3/2013 Definition Update for Windows Defender - KB915597 (Definition 1.145.1873.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
14/3/2013 Windows Malicious Software Removal Tool x64 - March 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
14/3/2013 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
14/3/2013 Update for Microsoft Office 2007 suites (KB2687493)
Microsoft has released an update for Microsoft Office 2007 suites
. This update provides the latest fixes to Microsoft Office 2007
suites . Additionally, this update contains stability and performance
improvements.
14/3/2013 Update for Windows 7 for x64-based Systems (KB2791765)
Install this update to resolve a set of known application compatibility
issues with Windows. For a complete listing of the issues that
are included in this update, see the associated Microsoft Knowledge
Base article for more information. After you install this item,
you may have to restart your computer.
14/3/2013 Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2809289)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
14/3/2013 Security Update for Microsoft Silverlight (KB2814124)
This security update to Silverlight includes fixes outlined in
KB 2814124. This update is backward compatible with web applications
built using previous versions of Silverlight.
12/3/2013 Definition Update for Windows Defender - KB915597 (Definition 1.145.1584.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
10/3/2013 Definition Update for Windows Defender - KB915597 (Definition 1.145.1381.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
8/3/2013 Definition Update for Windows Defender - KB915597 (Definition 1.145.1352.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
5/3/2013 Definition Update for Windows Defender - KB915597 (Definition 1.145.1035.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
26/2/2013 Definition Update for Windows Defender - KB915597 (Definition 1.145.509.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
25/2/2013 Definition Update for Windows Defender - KB915597 (Definition 1.145.236.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
20/2/2013 Definition Update for Windows Defender - KB915597 (Definition 1.143.2586.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
15/2/2013 Definition Update for Windows Defender - KB915597 (Definition 1.143.2336.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
15/2/2013 Security Update for Windows 7 for x64-based Systems (KB2799494)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
15/2/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2789645)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
15/2/2013 Update for Microsoft Office 2007 suites (KB2596620)
Microsoft has released an update for Microsoft Office 2007 suites
. This update provides the latest fixes to Microsoft Office 2007
suites . Additionally, this update contains stability and performance
improvements.
15/2/2013 Security Update for Windows 7 for x64-based Systems (KB2778344)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
15/2/2013 Update for Microsoft Office 2007 suites (KB2596802)
Microsoft has released an update for Microsoft Office 2007 suites
. This update provides the latest fixes to Microsoft Office 2007
suites . Additionally, this update contains stability and performance
improvements.
15/2/2013 Windows Malicious Software Removal Tool x64 - February 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
15/2/2013 Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2797052)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
15/2/2013 Security Update for Windows 7 for x64-based Systems (KB2790113)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
15/2/2013 Security Update for Windows 7 for x64-based Systems (KB2790655)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected system to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
15/2/2013 Security Update for Microsoft .NET Framework 4.5 on Windows 7, Vista, Windows Server 2008, Windows Server 2008 R2 for x64 (KB2789648)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
15/2/2013 Update for Microsoft Office 2007 suites (KB2767916)
Microsoft has released an update for Microsoft Office 2007 suites
. This update provides the latest fixes to Microsoft Office 2007
suites . Additionally, this update contains stability and performance
improvements.
15/2/2013 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
15/2/2013 Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2792100)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
14/2/2013 Definition Update for Windows Defender - KB915597 (Definition 1.143.2086.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
8/2/2013 Definition Update for Windows Defender - KB915597 (Definition 1.143.1848.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
8/2/2013 Intel Corporation - Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2 - Intel® HD Graphics 3000
Intel Corporation Graphics Adapter WDDM1.1, Graphics Adapter
WDDM1.2 software update released in December, 2012
5/2/2013 Definition Update for Windows Defender - KB915597 (Definition 1.143.1556.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
1/2/2013 Definition Update for Windows Defender - KB915597 (Definition 1.143.1318.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
30/1/2013 Definition Update for Windows Defender - KB915597 (Definition 1.143.1033.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
25/1/2013 Definition Update for Windows Defender - KB915597 (Definition 1.143.765.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
23/1/2013 Definition Update for Windows Defender - KB915597 (Definition 1.143.502.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
18/1/2013 Definition Update for Windows Defender - KB915597 (Definition 1.143.193.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
13/1/2013 Update for Microsoft .NET Framework 4.5 on Windows 7, Vista, Windows Server 2008 and Windows Server 2008 R2 for x64 (KB2750147)
This update addresses compatibility, stability, reliability,
and performance issues in Microsoft .NET Framework 4.5. After
you install this item, you may have to restart your computer.
12/1/2013 Definition Update for Windows Defender - KB915597 (Definition 1.141.3676.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
10/1/2013 Security Update for Windows 7 for x64-based Systems (KB2769369)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/1/2013 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
10/1/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2756921)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/1/2013 Security Update for Microsoft .NET Framework 4.5 on Windows 7, Vista, Windows Server 2008, Windows Server 2008 R2 for x64 (KB2742613)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/1/2013 Security Update for Microsoft Office 2007 suites (KB2687499)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/1/2013 Windows Malicious Software Removal Tool x64 - January 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
10/1/2013 Security Update for Windows 7 for x64-based Systems (KB2757638)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/1/2013 Security Update for Windows 7 for x64-based Systems (KB2785220)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain access to
information. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
10/1/2013 Update for Windows 7 for x64-based Systems (KB2786400)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/1/2013 Update for Windows 7 for x64-based Systems (KB2773072)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/1/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2742599)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/1/2013 Update for Windows 7 for x64-based Systems (KB2726535)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/1/2013 Update for Windows 7 for x64-based Systems (KB2786081)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/1/2013 Security Update for Windows 7 for x64-based Systems (KB2778930)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/1/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2736422)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected application to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
8/1/2013 Definition Update for Windows Defender - KB915597 (Definition 1.141.3362.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
4/1/2013 Definition Update for Windows Defender - KB915597 (Definition 1.141.3106.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
3/1/2013 Security Update for Windows 7 for x64-based Systems (KB2753842)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
3/1/2013 Definition Update for Windows Defender - KB915597 (Definition 1.141.2892.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
18/12/2012 Definition Update for Windows Defender - KB915597 (Definition 1.141.2103.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
14/12/2012 Definition Update for Windows Defender - KB915597 (Definition 1.141.1830.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
14/12/2012 Update for Windows 7 for x64-based Systems (KB2779562)
Install this update to resolve issues caused by revised daylight
saving time and time zone laws in several countries. This update
enables your computer to automatically adjust the computer clock
on the correct date in 2012. After you install this item, you
may have to restart your computer.
14/12/2012 Security Update for Windows 7 for x64-based Systems (KB2779030)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
14/12/2012 Windows Malicious Software Removal Tool x64 - December 2012 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
14/12/2012 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
14/12/2012 Security Update for Windows 7 for x64-based Systems (KB2753842)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
14/12/2012 Security Update for Windows 7 for x64-based Systems (KB2758857)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
14/12/2012 Security Update for Windows 7 for x64-based Systems (KB2770660)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
14/12/2012 Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2761465)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
14/12/2012 Security Update for Microsoft Office 2007 suites (KB2760416)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
14/12/2012 Security Update for Microsoft Office Word 2007 (KB2760421)
A security vulnerability exists in Microsoft Office Word 2007
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
13/12/2012 Definition Update for Windows Defender - KB915597 (Definition 1.141.1573.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
13/12/2012 Definition Update for Windows Defender - KB915597 (Definition 1.141.1573.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
10/12/2012 Definition Update for Windows Defender - KB915597 (Definition 1.141.1308.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
5/12/2012 Definition Update for Windows Defender - KB915597 (Definition 1.141.1048.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
3/12/2012 Update for Windows 7 for x64-based Systems (KB2762895)
Install this update to resolve a set of known application compatibility
issues with Windows. For a complete listing of the issues that
are included in this update, see the associated Microsoft Knowledge
Base article for more information. After you install this item,
you may have to restart your computer.
3/12/2012 Definition Update for Windows Defender - KB915597 (Definition 1.141.795.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
29/11/2012 Update for Windows 7 for x64-based Systems (KB2762895)
Install this update to resolve a set of known application compatibility
issues with Windows. For a complete listing of the issues that
are included in this update, see the associated Microsoft Knowledge
Base article for more information. After you install this item,
you may have to restart your computer.
28/11/2012 Definition Update for Windows Defender - KB915597 (Definition 1.141.523.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
23/11/2012 Definition Update for Windows Defender - KB915597 (Definition 1.141.288.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
21/11/2012 Definition Update for Windows Defender - KB915597 (Definition 1.141.28.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
16/11/2012 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
16/11/2012 Update for Windows 7 for x64-based Systems (KB2763523)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
16/11/2012 Security Update for Windows 7 for x64-based Systems (KB2761226)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
16/11/2012 Security Update for Microsoft .NET Framework 4.5 on Windows 7, Vista, Server 2008, and Server 2008 R2 for x64 (KB2729460)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
16/11/2012 Update for Kernel-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685811)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
16/11/2012 Security Update for Microsoft Office 2007 suites (KB2687311)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
16/11/2012 Update for Windows 7 for x64-based Systems (KB2750841)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
16/11/2012 Update for Microsoft Office 2007 suites (KB2596660)
Microsoft has released an update for Microsoft Office 2007 suites
. This update provides the latest fixes to Microsoft Office 2007
suites . Additionally, this update contains stability and performance
improvements.
16/11/2012 Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2761451)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
16/11/2012 Update for Microsoft Office 2007 suites (KB2596848)
Microsoft has released an update for Microsoft Office 2007 suites
. This update provides the latest fixes to Microsoft Office 2007
suites . Additionally, this update contains stability and performance
improvements.
16/11/2012 Security Update for Microsoft .NET Framework 4.5 on Windows 7, Vista, Server 2008, and Server 2008 R2 for x64 (KB2737083)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
16/11/2012 Security Update for Microsoft Office Excel 2007 (KB2687307)
A security vulnerability exists in Microsoft Office Excel 2007
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
16/11/2012 Windows Malicious Software Removal Tool x64 - November 2012 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
16/11/2012 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2729452)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
16/11/2012 Update for User-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685813)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
16/11/2012 Security Update for Windows 7 for x64-based Systems (KB2727528)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
16/11/2012 Update for Windows 7 for x64-based Systems (KB2761217)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
16/11/2012 Update for Microsoft Office Outlook 2007 (KB2687404)
Microsoft has released an update for Microsoft Office Outlook
2007 . This update provides the latest fixes to Microsoft Office
Outlook 2007 . Additionally, this update contains stability and
performance improvements.
16/11/2012 Definition Update for Windows Defender - KB915597 (Definition 1.139.2212.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
13/11/2012 Definition Update for Windows Defender - KB915597 (Definition 1.139.1946.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
9/11/2012 Definition Update for Windows Defender - KB915597 (Definition 1.139.1681.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
7/11/2012 Definition Update for Windows Defender - KB915597 (Definition 1.139.1429.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
4/11/2012 nVidia - Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Other hardware - NVIDIA GeForce GT 550M
nVidia Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Other
hardware software update released in October, 2012
4/11/2012 Update for Windows 7 for x64-based Systems (KB2574819)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
4/11/2012 Update for Windows 7 for x64-based Systems (KB2592687)
The Remote Desktop Protocol 8.0 update enables you to use the
new Remote Desktop Services features. These features are introduced
in Windows 8 and in Windows Server 2012 and are available for
computers that are running Windows 7 Service Pack 1 or Windows
Server 2008 R2 Service Pack 1. After you install this item, you
may have to restart your computer.
4/11/2012 Intel Corporation - Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2 - Intel® HD Graphics 3000
Intel Corporation Graphics Adapter WDDM1.1, Graphics Adapter
WDDM1.2 software update released in September, 2012
4/11/2012 Definition Update for Windows Defender - KB915597 (Definition 1.139.1150.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
30/10/2012 Definition Update for Windows Defender - KB915597 (Definition 1.139.936.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
26/10/2012 Definition Update for Windows Defender - KB915597 (Definition 1.139.634.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
21/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
21/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
20/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
20/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
20/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
19/10/2012 Definition Update for Windows Defender - KB915597 (Definition 1.139.124.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
19/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
19/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
19/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
19/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
19/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
19/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
19/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
19/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
19/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
19/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
19/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
19/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
18/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
18/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
18/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
18/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
18/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
18/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
18/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
18/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
18/10/2012 Definition Update for Windows Defender - KB915597 (Definition 1.139.0.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
18/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
18/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
17/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
17/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
17/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
17/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
17/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
17/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
17/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
17/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
16/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
16/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
16/10/2012 Definition Update for Windows Defender - KB915597 (Definition 1.137.1875.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
16/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
16/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
15/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
15/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
14/10/2012 Definition Update for Windows Defender - KB915597 (Definition 1.137.1642.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
14/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
14/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
11/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/10/2012 Update for Windows 7 for x64-based Systems (KB2739159)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/10/2012 Security Update for Windows 7 for x64-based Systems (KB2731847)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/10/2012 Windows Malicious Software Removal Tool x64 - October 2012 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
10/10/2012 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 Junk Email Filter with a more current definition
of which e-mail messages should be considered junk e-mail.
10/10/2012 Security Update for Windows 7 for x64-based Systems (KB2724197)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain access to information.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
10/10/2012 Update for Windows 7 for x64-based Systems (KB2731771)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/10/2012 Security Update for Microsoft Office 2007 suites (KB2687439)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/10/2012 Update for Windows 7 for x64-based Systems (KB2749655)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/10/2012 Update for Windows 7 for x64-based Systems (KB2756822)
Install this update to resolve issues caused by revised daylight
saving time and time zone laws in several countries. This update
enables your computer to automatically adjust the computer clock
on the correct date in 2012. After you install this item, you
may have to restart your computer.
10/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/10/2012 Security Update for Windows 7 for x64-based Systems (KB2743555)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected system to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
10/10/2012 Update for Windows 7 for x64-based Systems (KB2732487)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/10/2012 Security Update for Microsoft Office Word 2007 (KB2687315)
A security vulnerability exists in Microsoft Office Word 2007
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/10/2012 Security Update for Windows 7 for x64-based Systems (KB2705219)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
10/10/2012 Update for Windows 7 for x64-based Systems (KB2732500)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
10/10/2012 Update for Windows 7 for x64-based Systems (KB2729094)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/10/2012 Security Update for Microsoft Office InfoPath 2007 (KB2687440)
A security vulnerability exists in Microsoft Office InfoPath
2007 that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
10/10/2012 Update for Windows 7 for x64-based Systems (KB2647753)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
10/10/2012 Security Update for Microsoft Office 2007 suites (KB2687314)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
10/10/2012 Update for Windows 7 for x64-based Systems (KB2661254)
Install this update to keep your system up to date by increasing
the minimum level of encryption on Windows systems. After you
install this item, you may have to restart your system.
10/10/2012 Definition Update for Windows Defender - KB915597 (Definition 1.137.1371.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
8/10/2012 Update for Windows 7 for x64-based Systems (KB2732059)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
8/10/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
8/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
8/10/2012 Definition Update for Windows Defender - KB915597 (Definition 1.137.876.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
3/10/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
25/9/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
25/9/2012 Definition Update for Windows Defender - KB915597 (Definition 1.137.373.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
25/9/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
24/9/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
24/9/2012 Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2744842)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
24/9/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
21/9/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
21/9/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
21/9/2012 Definition Update for Windows Defender - KB915597 (Definition 1.137.142.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
20/9/2012 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
20/9/2012 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
System Folders
Path for burning CD C:\Users\JC\AppData\Local\Microsoft\Windows\Burn\Burn
Application Data C:\ProgramData
Public Desktop C:\Users\Public\Desktop
Documents C:\Users\Public\Documents
Global Favorites C:\Users\JC\Favorites
Music C:\Users\Public\Music
Pictures C:\Users\Public\Pictures
Start Menu Programs C:\ProgramData\Microsoft\Windows\Start Menu\Programs
Start Menu C:\ProgramData\Microsoft\Windows\Start Menu
Startup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Templates C:\ProgramData\Microsoft\Windows\Templates
Videos C:\Users\Public\Videos
Cookies C:\Users\JC\AppData\Roaming\Microsoft\Windows\Cookies
Desktop C:\Users\JC\Desktop
Physical Desktop C:\Users\JC\Desktop
User Favorites C:\Users\JC\Favorites
Fonts C:\windows\Fonts
Internet History C:\Users\JC\AppData\Local\Microsoft\Windows\History
Temporary Internet Files C:\Users\JC\AppData\Local\Microsoft\Windows\Temporary Internet Files
Local Application Data C:\Users\JC\AppData\Local
Windows Directory C:\windows
Windows/System C:\windows\system32
Program Files C:\Program Files
Services
Running Apple Mobile Device
Running Application Experience
Running Application Information
Running avast! Antivirus
Running Background Intelligent Transfer Service
Running Base Filtering Engine
Running Bluetooth Service
Running Bonjour Service
Running CNG Key Isolation
Running COM+ Event System
Running Computer Browser
Running Cryptographic Services
Running DCOM Server Process Launcher
Running Desktop Window Manager Session Manager
Running DHCP Client
Running Diagnostic Policy Service
Running Diagnostic Service Host
Running Diagnostic System Host
Running Distributed Link Tracking Client
Running DNS Client
Running Extensible Authentication Protocol
Running Function Discovery Provider Host
Running Function Discovery Resource Publication
Running Group Policy Client
Running HomeGroup Listener
Running HomeGroup Provider
Running IKE and AuthIP IPsec Keying Modules
Running Intel Management and Security Application Local Management Service
Running Intel Rapid Storage Technology
Running IP Helper
Running iPod Service
Running IPsec Policy Agent
Running Multimedia Class Scheduler
Running Network Connections
Running Network List Service
Running Network Location Awareness
Running Network Store Interface Service
Running NVIDIA Display Driver Service
Running Peer Name Resolution Protocol
Running Peer Networking Grouping
Running Peer Networking Identity Manager
Running Plug and Play
Running PnP-X IP Bus Enumerator
Running Power
Running Print Spooler
Running Program Compatibility Assistant Service
Running Remote Access Connection Manager
Running Remote Procedure Call (RPC)
Running RPC Endpoint Mapper
Running Secondary Logon
Running Secure Socket Tunneling Protocol Service
Running Security Accounts Manager
Running Server
Running Shell Hardware Detection
Running SSDP Discovery
Running Superfetch
Running System Event Notification Service
Running Task Scheduler
Running TCP/IP NetBIOS Helper
Running Telephony
Running Themes
Running UPnP Device Host
Running User Profile Service
Running Windows Audio
Running Windows Audio Endpoint Builder
Running Windows Defender
Running Windows Error Reporting Service
Running Windows Event Log
Running Windows Firewall
Running Windows Font Cache Service
Running Windows Image Acquisition (WIA)
Running Windows Management Instrumentation
Running Windows Media Player Network Sharing Service
Running Windows Search
Running Windows Update
Running WinHTTP Web Proxy Auto-Discovery Service
Running WLAN AutoConfig
Running WMI Performance Adapter
Running Workstation
Stopped ActiveX Installer (AxInstSV)
Stopped Adaptive Brightness
Stopped Adobe Flash Player Update Service
Stopped Application Identity
Stopped Application Layer Gateway Service
Stopped ASP.NET State Service
Stopped BitLocker Drive Encryption Service
Stopped Block Level Backup Engine Service
Stopped Bluetooth Support Service
Stopped Certificate Propagation
Stopped COM+ System Application
Stopped Credential Manager
Stopped Disk Defragmenter
Stopped Distributed Transaction Coordinator
Stopped Encrypting File System (EFS)
Stopped Fax
Stopped FLEXnet Licensing Service 64
Stopped Health Key and Certificate Management
Stopped Human Interface Device Access
Stopped Intel Content Protection HECI Service
Stopped Intel Management and Security Application User Notification Service
Stopped Interactive Services Detection
Stopped Internet Connection Sharing (ICS)
Stopped KtmRm for Distributed Transaction Coordinator
Stopped Link-Layer Topology Discovery Mapper
Stopped Logitech Bluetooth Service
Stopped Media Center Extender Service
Stopped Microsoft .NET Framework NGEN v2.0.50727_X64
Stopped Microsoft .NET Framework NGEN v2.0.50727_X86
Stopped Microsoft .NET Framework NGEN v4.0.30319_X64
Stopped Microsoft .NET Framework NGEN v4.0.30319_X86
Stopped Microsoft iSCSI Initiator Service
Stopped Microsoft Office Diagnostics Service
Stopped Microsoft Software Shadow Copy Provider
Stopped Mozilla Maintenance Service
Stopped Net.Msmq Listener Adapter
Stopped Net.Pipe Listener Adapter
Stopped Net.Tcp Listener Adapter
Stopped Net.Tcp Port Sharing Service
Stopped Netlogon
Stopped Network Access Protection Agent
Stopped NVIDIA Update Service Daemon
Stopped Office Source Engine
Stopped Parental Controls
Stopped Performance Counter DLL Host
Stopped Performance Logs & Alerts
Stopped PNRP Machine Name Publication Service
Stopped Portable Device Enumerator Service
Stopped Problem Reports and Solutions Control Panel Support
Stopped Protected Storage
Stopped Quality Windows Audio Video Experience
Stopped Remote Access Auto Connection Manager
Stopped Remote Desktop Configuration
Stopped Remote Desktop Services
Stopped Remote Procedure Call (RPC) Locator
Stopped Remote Registry
Stopped Routing and Remote Access
Stopped Security Center
Stopped Smart Card
Stopped Smart Card Removal Policy
Stopped SNMP Trap
Start pending Software Protection
Stopped SPP Notification Service
Stopped System Update
Stopped Tablet PC Input Service
Stopped Thread Ordering Server
Stopped TPM Base Services
Stopped Virtual Disk
Stopped Volume Shadow Copy
Stopped WebClient
Stopped Windows Activation Technologies Service
Stopped Windows Backup
Stopped Windows Biometric Service
Stopped Windows CardSpace
Stopped Windows Color System
Stopped Windows Connect Now - Config Registrar
Stopped Windows Driver Foundation - User-mode Driver Framework
Stopped Windows Event Collector
Stopped Windows Installer
Stopped Windows Live ID Sign-in Assistant
Stopped Windows Live Mesh remote connections service
Stopped Windows Media Center Receiver Service
Stopped Windows Media Center Scheduler Service
Stopped Windows Modules Installer
Stopped Windows Presentation Foundation Font Cache 3.0.0.0
Stopped Windows Remote Management (WS-Management)
Stopped Windows Time
Stopped Wired AutoConfig
Stopped WWAN AutoConfig
Security Options
Accounts: Administrator account status Disabled
Accounts: Guest account status Disabled
Accounts: Limit local account use of blank passwords to console logon only Enabled
Accounts: Rename administrator account Administrator
Accounts: Rename guest account Guest
Audit: Audit the access of global system objects Disabled
Audit: Audit the use of Backup and Restore privilege Disabled
Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings Not Defined
Audit: Shut down system immediately if unable to log security audits Disabled
DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax Not Defined
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax Not Defined
Devices: Allow undock without having to log on Enabled
Devices: Allowed to format and eject removable media Not Defined
Devices: Prevent users from installing printer drivers Disabled
Devices: Restrict CD-ROM access to locally logged-on user only Not Defined
Devices: Restrict floppy access to locally logged-on user only Not Defined
Domain controller: Allow server operators to schedule tasks Not Defined
Domain controller: LDAP server signing requirements Not Defined
Domain controller: Refuse machine account password changes Not Defined
Domain member: Digitally encrypt or sign secure channel data (always) Enabled
Domain member: Digitally encrypt secure channel data (when possible) Enabled
Domain member: Digitally sign secure channel data (when possible) Enabled
Domain member: Disable machine account password changes Disabled
Domain member: Maximum machine account password age 30 days
Domain member: Require strong (Windows 2000 or later) session key Enabled
Interactive logon: Display user information when the session is locked Not Defined
Interactive logon: Do not display last user name Disabled
Interactive logon: Do not require CTRL+ALT+DEL Not Defined
Interactive logon: Message text for users attempting to log on
Interactive logon: Message title for users attempting to log on
Interactive logon: Number of previous logons to cache (in case domain controller is not available) 10 logons
Interactive logon: Prompt user to change password before expiration 5 days
Interactive logon: Require Domain Controller authentication to unlock workstation Disabled
Interactive logon: Require smart card Disabled
Interactive logon: Smart card removal behavior No Action
Microsoft network client: Digitally sign communications (always) Disabled
Microsoft network client: Digitally sign communications (if server agrees) Enabled
Microsoft network client: Send unencrypted password to third-party SMB servers Disabled
Microsoft network server: Amount of idle time required before suspending session 15 minutes
Microsoft network server: Digitally sign communications (always) Disabled
Microsoft network server: Digitally sign communications (if client agrees) Disabled
Microsoft network server: Disconnect clients when logon hours expire Enabled
Microsoft network server: Server SPN target name validation level Not Defined
Network access: Allow anonymous SID/Name translation Disabled
Network access: Do not allow anonymous enumeration of SAM accounts Enabled
Network access: Do not allow anonymous enumeration of SAM accounts and shares Disabled
Network access: Do not allow storage of passwords and credentials for network authentication Disabled
Network access: Let Everyone permissions apply to anonymous users Disabled
Network access: Named Pipes that can be accessed anonymously
Network access: Remotely accessible registry paths System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion
Network access: Remotely accessible registry paths and sub-paths System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration,Software\Microsoft\Windows NT\CurrentVersion\Perflib,System\CurrentControlSet\Services\SysmonLog
Network access: Restrict anonymous access to Named Pipes and Shares Enabled
Network access: Shares that can be accessed anonymously Not Defined
Network access: Sharing and security model for local accounts Classic - local users authenticate as themselves
Network security: Allow Local System to use computer identity for NTLM Not Defined
Network security: Allow LocalSystem NULL session fallback Not Defined
Network Security: Allow PKU2U authentication requests to this computer to use online identities Not Defined
Network security: Configure encryption types allowed for Kerberos Not Defined
Network security: Do not store LAN Manager hash value on next password change Enabled
Network security: Force logoff when logon hours expire Disabled
Network security: LAN Manager authentication level Not Defined
Network security: LDAP client signing requirements Negotiate signing
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients Require 128-bit encryption
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers Require 128-bit encryption
Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication Not Defined
Network security: Restrict NTLM: Add server exceptions in this domain Not Defined
Network security: Restrict NTLM: Audit Incoming NTLM Traffic Not Defined
Network security: Restrict NTLM: Audit NTLM authentication in this domain Not Defined
Network security: Restrict NTLM: Incoming NTLM traffic Not Defined
Network security: Restrict NTLM: NTLM authentication in this domain Not Defined
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers Not Defined
Recovery console: Allow automatic administrative logon Disabled
Recovery console: Allow floppy copy and access to all drives and all folders Disabled
Shutdown: Allow system to be shut down without having to log on Enabled
Shutdown: Clear virtual memory pagefile Disabled
System cryptography: Force strong key protection for user keys stored on the computer Not Defined
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing Disabled
System objects: Require case insensitivity for non-Windows subsystems Enabled
System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) Enabled
System settings: Optional subsystems Posix
System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies Disabled
User Account Control: Admin Approval Mode for the Built-in Administrator account Disabled
User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop Disabled
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode Prompt for consent for non-Windows binaries
User Account Control: Behavior of the elevation prompt for standard users Prompt for credentials
User Account Control: Detect application installations and prompt for elevation Enabled
User Account Control: Only elevate executables that are signed and validated Disabled
User Account Control: Only elevate UIAccess applications that are installed in secure locations Enabled
User Account Control: Run all administrators in Admin Approval Mode Enabled
User Account Control: Switch to the secure desktop when prompting for elevation Enabled
User Account Control: Virtualize file and registry write failures to per-user locations Enabled
Device Tree
ACPI x64-based PC
Microsoft Watchdog Timer
Microsoft ACPI-Compliant System
Microsoft Windows Management Interface for ACPI
Intel Core i5-2430M CPU @ 2.40GHz
Intel Core i5-2430M CPU @ 2.40GHz
Intel Core i5-2430M CPU @ 2.40GHz
Intel Core i5-2430M CPU @ 2.40GHz
ACPI Fan
ACPI Fan
ACPI Thermal Zone
ACPI Lid
System board
Motherboard resources
ACPI Fixed Feature Button
PCI bus
2nd generation Intel Core processor family DRAM Controller - 0104
Intel Management Engine Interface
Intel 6 Series/C200 Series Chipset Family SMBus Controller - 1C22
Motherboard resources
Microsoft Windows Management Interface for ACPI
2nd generation Intel® Core™ processor family PCI Express Controller - 0101
NVIDIA GeForce GT 550M
Intel® HD Graphics 3000
Generic PnP Monitor
Intel® 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D
USB Root Hub
Generic USB Hub
Broadcom Bluetooth 2.1 USB
High Definition Audio Controller
Realtek High Definition Audio
Intel Display Audio
Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
Broadcom NetLink Gigabit Ethernet
Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12
Atheros AR9285 Wireless Network Adapter
Microsoft Virtual WiFi Miniport Adapter
Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16
Renesas Electronics USB 3.0 Host Controller
Renesas Electronics USB 3.0 Root Hub
Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 5 - 1C18
JMicron PCIe SD/MMC Host Controller
JMicron PCIe SD Host Controller
JMicron PCIe MS Host Controller
JMicron PCIe xD Host Controller
Intel® 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26
USB Root Hub
Generic USB Hub
USB Input Device
HID-compliant mouse
USB Composite Device
Lenovo EasyCamera
Intel® HM65 Express Chipset Family LPC Interface Controller - 1C49
Direct memory access controller
Intel 82802 Firmware Hub Device
High precision event timer
Programmable interrupt controller
Numeric data processor
Motherboard resources
System CMOS/real time clock
System timer
Motherboard resources
ACPI Power Button
ACPI Sleep Button
Microsoft ACPI-Compliant Control Method Battery
Microsoft AC Adapter
Standard PS/2 Keyboard
Synaptics PS/2 Port TouchPad
Microsoft ACPI-Compliant Embedded Controller
Lenovo ACPI-Compliant Virtual Power Controller
Intel® Mobile Express Chipset SATA AHCI Controller
MATSHITA DVD-RAM UJ8B1AS
WDC WD7500BPVT-24HXZT3
CPU
Intel Core i5 2430M
Cores 2
Threads 4
Name Intel Core i5 2430M
Code Name Sandy Bridge
Package Socket 988B rPGA
Technology 32nm
Specification Intel Core i5-2430M CPU @ 2.40GHz
Family 6
Extended Family 6
Model A
Extended Model 2A
Stepping 7
Revision D2
Instructions MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, Intel 64, NX, VMX, AES, AVX
Virtualization Supported, Disabled
Hyperthreading Supported, Enabled
Bus Speed 99.8 MHz
Stock Core Speed 2400 MHz
Stock Bus Speed 100 MHz
Average Temperature 63 °C
Caches
L1 Data Cache Size 2 x 32 KBytes
L1 Instructions Cache Size 2 x 32 KBytes
L2 Unified Cache Size 2 x 256 KBytes
L3 Unified Cache Size 3072 KBytes
Core 0
Core Speed 798.1 MHz
Multiplier x 8.0
Bus Speed 99.8 MHz
Temperature 59 °C
Thread 1
APIC ID 0
Thread 2
APIC ID 1
Core 1
Core Speed 2793.5 MHz
Multiplier x 28.0
Bus Speed 99.8 MHz
Temperature 66 °C
Thread 1
APIC ID 2
Thread 2
APIC ID 3
RAM
Memory slots
Total memory slots 2
Used memory slots 1
Free memory slots 1
Memory
Type DDR3
Size 4096 MBytes
Channels # Single
DRAM Frequency 665.2 MHz
CAS# Latency (CL) 9 clocks
RAS# to CAS# Delay (tRCD) 9 clocks
RAS# Precharge (tRP) 9 clocks
Cycle Time (tRAS) 24 clocks
Command Rate (CR) 1T
Physical Memory
Memory Usage 48 %
Total Physical 3.95 GB
Available Physical 2.02 GB
Total Virtual 7.89 GB
Available Virtual 5.93 GB
SPD
Number Of SPD Modules 1
Slot #1
Type DDR3
Size 4096 MBytes
Manufacturer Ramaxel Technology
Max Bandwidth PC3-10700 (667 MHz)
Part Number RMT3020EC58E9F1333
Serial Number 440E5002
Week/year 44 / 11
SPD Ext. EPP
JEDEC #6
Frequency 761.9 MHz
CAS# Latency 10.0
RAS# To CAS# 10
RAS# Precharge 10
tRAS 28
tRC 38
Voltage 1.500 V
JEDEC #5
Frequency 685.7 MHz
CAS# Latency 9.0
RAS# To CAS# 9
RAS# Precharge 9
tRAS 25
tRC 34
Voltage 1.500 V
JEDEC #4
Frequency 609.5 MHz
CAS# Latency 8.0
RAS# To CAS# 8
RAS# Precharge 8
tRAS 22
tRC 30
Voltage 1.500 V
JEDEC #3
Frequency 533.3 MHz
CAS# Latency 7.0
RAS# To CAS# 7
RAS# Precharge 7
tRAS 20
tRC 27
Voltage 1.500 V
JEDEC #2
Frequency 457.1 MHz
CAS# Latency 6.0
RAS# To CAS# 6
RAS# Precharge 6
tRAS 17
tRC 23
Voltage 1.500 V
JEDEC #1
Frequency 381.0 MHz
CAS# Latency 5.0
RAS# To CAS# 5
RAS# Precharge 5
tRAS 14
tRC 19
Voltage 1.500 V
Motherboard
Manufacturer LENOVO
Model Base Board Product Name (CPU1)
Version Lenovo IdeaPad Y470
Chipset Vendor Intel
Chipset Model Sandy Bridge
Chipset Revision 09
Southbridge Vendor Intel
Southbridge Model HM65
Southbridge Revision 05
System Temperature 63 °C
BIOS
Brand LENOVO
Version 47CN31WW(V2.09)
Date 28/10/2011
PCI Data
Slot Unknown
Slot Type Unknown
Slot Usage In Use
Bus Width Unknown
Slot Designation J5C1
Slot Number 0
Slot Unknown
Slot Type Unknown
Slot Usage In Use
Bus Width Unknown
Slot Designation J6C1
Slot Number 1
Slot Unknown
Slot Type Unknown
Slot Usage In Use
Bus Width Unknown
Slot Designation J6C2
Slot Number 2
Slot Unknown
Slot Type Unknown
Slot Usage In Use
Bus Width Unknown
Slot Designation J6D2
Slot Number 3
Slot Unknown
Slot Type Unknown
Slot Usage In Use
Bus Width Unknown
Slot Designation J7C1
Slot Number 4
Slot Unknown
Slot Type Unknown
Slot Usage In Use
Bus Width Unknown
Slot Designation J7D2
Slot Number 5
Slot Unknown
Slot Type Unknown
Slot Usage In Use
Bus Width Unknown
Slot Designation J8C2
Slot Number 6
Graphics
Monitor
Name Generic PnP Monitor on Intel HD Graphics 3000
Current Resolution 1366x768 pixels
Work Resolution 1366x768 pixels
State Enabled, Primary
Monitor Width 1366
Monitor Height 768
Monitor BPP 32 bits per pixel
Monitor Frequency 40 Hz
Device \\.\DISPLAY1\Monitor0
Intel HD Graphics 3000
Manufacturer Intel
Model HD Graphics 3000
Device ID 8086-0116
Revision A
Subvendor Lenovo (17AA)
Current Performance Level Level 0
Driver version 9.17.10.2932
Count of performance levels : 1
Level 1
NVIDIA GeForce GT 550M
Manufacturer NVIDIA
Model GeForce GT 550M
GPU GF108
Device ID 10DE-0DF6
Revision A2
Subvendor Lenovo (17AA)
Die Size 116 mm²
Release Date Jan 06, 2011
DirectX Support 11.0
OpenGL Support 5.0
Bus Interface PCI Express x16
Temperature 45 °C
Driver version 9.18.13.2049
BIOS Version 70.08.4b.00.fb
ROPs 16
Shaders 96 unified
Memory 1024 MB
Hard Drives
WDC WD7500BPVT-24HXZT3
Manufacturer Western Digital
Form Factor GB/2.5-inch
Heads 16
Cylinders 16,383
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA8-ACS
Serial Number WD-WX11E61F2648
LBA Size 48-bit LBA
Power On Count 757 times
Power On Time 37.4 days
Speed 5400 RPM
Features S.M.A.R.T., APM, NCQ
Transfer Mode SATA II
Interface SATA
Capacity 699 GB
Real size 750,156,374,016 bytes
RAID Type None
S.M.A.R.T
Status Good
Temperature 46 °C
Temperature Range OK (less than 50 °C)
01 Read Error Rate 200 (200) Data 0000000000
03 Spin-Up Time 180 (177) Data 00000007A6
04 Start/Stop Count 100 (100) Data 00000002FF
05 Reallocated Sectors Count 200 (200) Data 0000000000
07 Seek Error Rate 200 (200) Data 0000000000
09 Power-On Hours (POH) 099 (099) Data 0000000381
0A Spin Retry Count 100 (100) Data 0000000000
0B Recalibration Retries 100 (100) Data 0000000000
0C Device Power Cycle Count 100 (100) Data 00000002F5
C0 Power-off Retract Count 200 (200) Data 000000000F
C1 Load/Unload Cycle Count 199 (199) Data 0000001689
C2 Temperature 101 (097) Data 000000002E
C4 Reallocation Event Count 200 (200) Data 0000000000
C5 Current Pending Sector Count 200 (200) Data 0000000000
C6 Uncorrectable Sector Count 100 (253) Data 0000000000
C7 UltraDMA CRC Error Count 200 (200) Data 0000000000
C8 Write Error Rate / Multi-Zone Error Rate 100 (253) Data 0000000000
Partition 0
Partition ID Disk #0, Partition #0
Size 200 MB
Partition 1
Partition ID Disk #0, Partition #1
Disk Letter C:
File System NTFS
Volume Serial Number 56EE8D40
Size 655 GB
Used Space 356 GB (55%)
Free Space 299 GB (45%)
Partition 2
Partition ID Disk #0, Partition #2
Disk Letter D:
File System NTFS
Volume Serial Number B21F7882
Size 29.0 GB
Used Space 2.70 GB (10%)
Free Space 26.3 GB (90%)
Partition 3
Partition ID Disk #0, Partition #3
Size 14.7 GB
Optical Drives
MATSHITA DVD-RAM UJ8B1AS
Media Type DVD Writer
Name MATSHITA DVD-RAM UJ8B1AS
Availability Running/Full Power
Capabilities Random Access, Supports Writing, Supports Removable Media
Read capabilities CD-R, CD-RW, CD-ROM, DVD-RAM, DVD-ROM, DVD-R, DVD-RW, DVD+R, DVD+RW, DVD-R DL, DVD+R DL
Write capabilities CD-R, CD-RW, DVD-RAM, DVD-R, DVD-RW, DVD+R, DVD+RW, DVD-R DL, DVD+R DL
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive F:
Media Loaded FALSE
SCSI Bus 0
SCSI Logical Unit 0
SCSI Port 0
SCSI Target Id 0
Status OK
Audio
Sound Cards
Realtek High Definition Audio
Intel Display Audio
Playback Devices
Realtek Digital Output (Realtek High Definition Audio)
Speakers (Realtek High Definition Audio) (default)
Recording Device
Microphone (Realtek High Definition Audio)
Speaker Configuration
Speaker type Stereo
Peripherals
Standard PS/2 Keyboard
Device Kind Keyboard
Device Name Standard PS/2 Keyboard
Vendor (Standard keyboards)
Location plugged into keyboard port
Driver
Date 6-21-2006
Version 6.1.7601.17514
File C:\windows\system32\DRIVERS\i8042prt.sys
File C:\windows\system32\DRIVERS\kbdclass.sys
Synaptics PS/2 Port TouchPad
Device Kind Mouse
Device Name Synaptics PS/2 Port TouchPad
Vendor Synaptics
Location plugged into PS/2 mouse port
Driver
Date 3-21-2011
Version 15.2.16.3
File C:\windows\system32\DRIVERS\SynTP.sys
File C:\windows\system32\SynTPAPI.dll
File C:\windows\system32\SynCOM.dll
File C:\windows\system32\SynCtrl.dll
File C:\Program Files\Synaptics\SynTP\SynTPRes.dll
File C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
File C:\Program Files\Synaptics\SynTP\SynCntxt.rtf
File C:\Program Files\Synaptics\SynTP\SynZMetr.exe
File C:\Program Files\Synaptics\SynTP\SynMood.exe
File C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
File C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
File C:\Program Files\Synaptics\SynTP\SynTPCOM.dll
File C:\Program Files\Synaptics\SynTP\Tutorial.exe
File C:\Program Files\Synaptics\SynTP\InstNT.exe
File C:\Program Files\Synaptics\SynTP\SynISDLL.dll
File C:\Program Files\Synaptics\SynTP\SynUnst.ini
File C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
File C:\Program Files\Synaptics\SynTP\SynPivotRotate.mpg
File C:\Program Files\Synaptics\SynTP\SynChiralRotate.mpg
File C:\Program Files\Synaptics\SynTP\SynFlick.mpg
File C:\Program Files\Synaptics\SynTP\SynPinch.mpg
File C:\Program Files\Synaptics\SynTP\SynMomentum.mpg
File C:\Program Files\Synaptics\SynTP\SynLinearVHScroll.mpg
File C:\Program Files\Synaptics\SynTP\SynChiralVHScroll.mpg
File C:\Program Files\Synaptics\SynTP\SynTwoFingerVHScroll.mpg
File C:\Program Files\Synaptics\SynTP\SynPivotRotate_ChiralRotate.mpg
File C:\Program Files\Synaptics\SynTP\SynThreeFingerFlick.mpg
File C:\Program Files\Synaptics\SynTP\SynThreeFingersDown.mpg
File C:\Program Files\Synaptics\SynTP\SynTwistRotate.mpg
File C:\Program Files\Synaptics\SynTP\SynLinearVScroll.mpg
File C:\windows\SysWOW64\SynCOM.dll
File C:\windows\SysWOW64\SynCtrl.dll
File C:\windows\SysWOW64\SynTPCOM.dll
File C:\windows\SysWOW64\SynTPEnhPS.dll
File C:\windows\system32\DRIVERS\i8042prt.sys
File C:\windows\system32\DRIVERS\mouclass.sys
File C:\windows\system32\SynTPCo9.dll
File C:\windows\system32\WdfCoInstaller01009.dll
HID-compliant mouse
Device Kind Mouse
Device Name HID-compliant mouse
Vendor Super Micro Computer
Location USB Input Device
Driver
Date 6-21-2006
Version 6.1.7600.16385
File C:\windows\system32\DRIVERS\mouhid.sys
File C:\windows\system32\DRIVERS\mouclass.sys
Lenovo EasyCamera
Device Kind Camera/scanner
Device Name Lenovo EasyCamera
Vendor Realtek Semiconductor Corp
Comment Lenovo EasyCamera
Location 0000.001d.0000.001.006.000.000.000.000
Driver
Date 3-23-2011
Version 6.1.7600.98
File C:\windows\system32\DRIVERS\rtsuvc.sys
File C:\windows\RtsUvcUninst64.exe
File C:\windows\SysWow64\RtsUvcExt.dll
File C:\windows\system32\RtsUvcExt64.dll
File C:\windows\twain_32\rtsuvc\RtsUvcTWN.ds
Printers
Brother MFC-6490CW Printer (Default Printer)
Printer Port WSD-44c0bd14-269b-4035-b7cd-340bc5f13deb.0036
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status The printer is offline
Driver
Driver Name Brother MFC-6490CW (v6.00)
Driver Path C:\windows\system32\spool\DRIVERS\x64\3\UNIDRV.DLL
CutePDF Writer
Printer Port CPW2:
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name CutePDF Writer (v6.00)
Driver Path C:\windows\system32\spool\DRIVERS\x64\3\PSCRIPT5.DLL
Fax
Printer Port SHRFAX:
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 200 * 200 dpi Monochrome
Status Unknown
Driver
Driver Name Microsoft Shared Fax Driver (v4.00)
Driver Path C:\windows\system32\spool\DRIVERS\x64\3\FXSDRV.DLL
Foxit Reader PDF Printer
Printer Port FOXIT_Reader:
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 300 * 300 dpi Color
Status Unknown
Driver
Driver Name Foxit Reader PDF Printer Driver (v4.01)
Driver Path C:\windows\system32\spool\DRIVERS\x64\3\frdvpr_drv.dll
Microsoft XPS Document Writer
Printer Port XPSPort:
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name Microsoft XPS Document Writer (v6.00)
Driver Path C:\windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll
Network
You are connected to the internet
Connected through Atheros AR9285 Wireless Network Adapter
IP Address 192.168.0.12
Subnet mask 255.255.255.0
Gateway server 192.168.0.1
Preferred DNS server 202.156.1.16
Alternate DNS server 218.186.2.16
Alternate DNS server 218.186.2.6
DHCP Enabled
DHCP server 192.168.0.1
External IP Address 183.90.103.22
Adapter Type IEEE 802.11 wireless
NetBIOS over TCP/IP Enabled via DHCP
NETBIOS Node Type Broadcast node
Link Speed 0 Bps
Computer Name
NetBIOS Name LENOVOY470
DNS Name LenovoY470
Membership Part of workgroup
Workgroup MSHOME
Remote Desktop
Disabled
Console
State Active
Domain LENOVOY470
WinInet Info
LAN Connection
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info
Using native Wi-Fi API version 2
Available access points count 16
Wi-Fi (Mojojojoe)
SSID Mojojojoe
Frequency 2452000 kHz
Channel Number 9
Name Mojojojoe
Signal Strength/Quality 58
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags Currently Connected to this network
Cipher Algorithm to be used when joining this network Temporal Key Integrity Protocol (TKIP) algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (belkin.518)
SSID belkin.518
Name belkin.518
Signal Strength/Quality 32
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (astanto)
SSID astanto
Name astanto
Signal Strength/Quality 10
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time WPA algorithm that uses preshared keys (PSK)
Wi-Fi (mori)
SSID mori
Name mori
Signal Strength/Quality 44
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (MoriGuest)
SSID MoriGuest
Name MoriGuest
Signal Strength/Quality 48
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (SINGTEL-ED2D)
SSID SINGTEL-ED2D
Name SINGTEL-ED2D
Signal Strength/Quality 66
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network WEP cipher algorithm with a cipher key of any length
Default Auth used to join this network for the first time IEEE 802.11 Open System authentication algorithm
Wi-Fi (1B-2ndFloor)
SSID 1B-2ndFloor
Name 1B-2ndFloor
Signal Strength/Quality 16
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (T@ntrum)
SSID T@ntrum
Name T@ntrum
Signal Strength/Quality 26
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (belkin.518.guests)
SSID belkin.518.guests
Name belkin.518.guests
Signal Strength/Quality 32
Security Disabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network No Cipher algorithm is enabled/supported
Default Auth used to join this network for the first time IEEE 802.11 Open System authentication algorithm
Wi-Fi (Mojojojoe)
SSID Mojojojoe
Frequency 2452000 kHz
Channel Number 9
Name Mojojojoe
Signal Strength/Quality 62
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network Temporal Key Integrity Protocol (TKIP) algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (CHONG FAMILY)
SSID CHONG FAMILY
Name CHONG FAMILY
Signal Strength/Quality 8
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time WPA algorithm that uses preshared keys (PSK)
Wi-Fi (CBV704W-CF49)
SSID CBV704W-CF49
Name CBV704W-CF49
Signal Strength/Quality 18
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network Temporal Key Integrity Protocol (TKIP) algorithm
Default Auth used to join this network for the first time WPA algorithm that uses preshared keys (PSK)
Wi-Fi (AandM)
SSID AandM
Name AandM
Signal Strength/Quality 10
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network Temporal Key Integrity Protocol (TKIP) algorithm
Default Auth used to join this network for the first time WPA algorithm that uses preshared keys (PSK)
Wi-Fi (dlink)
SSID dlink
Name dlink
Signal Strength/Quality 12
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (SINGTEL-195F)
SSID SINGTEL-195F
Name SINGTEL-195F
Signal Strength/Quality 16
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network WEP cipher algorithm with a cipher key of any length
Default Auth used to join this network for the first time IEEE 802.11 Open System authentication algorithm
Wi-Fi (MuffBub)
SSID MuffBub
Name MuffBub
Signal Strength/Quality 10
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout (ms) 60,000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout (ms) 30,000
IEProxy Auto Detect No
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Sharing and Discovery
Network Discovery Enabled
File and Printer Sharing Enabled
File and printer sharing service Enabled
Simple File Sharing Enabled
Administrative Shares Enabled
Network access: Sharing and security model for local accounts Classic - local users authenticate as themselves
Adapters List
Microsoft Virtual WiFi Miniport Adapter
IP Address 0.0.0.0
Subnet mask 0.0.0.0
Gateway server 0.0.0.0
MAC Address 16-DE-2B-C3-86-AC
Atheros AR9285 Wireless Network Adapter
IP Address 192.168.0.12
Subnet mask 255.255.255.0
Gateway server 192.168.0.1
MAC Address 74-DE-2B-C3-86-AC
Broadcom NetLink ™ Gigabit Ethernet
IP Address 0.0.0.0
Subnet mask 0.0.0.0
Gateway server 0.0.0.0
MAC Address DC-0E-A1-69-8E-AA
Network Shares
Users C:\Users
Current TCP Connections
AppleMobileDeviceService.exe (1892)
Local 127.0.0.1:49156 ESTABLISHED Remote 127.0.0.1:5354 (Querying... )
Local 127.0.0.1:27015 ESTABLISHED Remote 127.0.0.1:49170 (Querying... )
Local 127.0.0.1:27015 LISTEN
AvastSvc.exe (1352)
Local 127.0.0.1:12563 LISTEN
Local 127.0.0.1:12993 LISTEN
Local 127.0.0.1:12995 LISTEN
Local 127.0.0.1:27275 LISTEN
Local 127.0.0.1:12110 LISTEN
Local 0.0.0.0:12025 LISTEN
Local 0.0.0.0:12110 LISTEN
Local 0.0.0.0:12119 LISTEN
Local 0.0.0.0:12143 LISTEN
Local 0.0.0.0:12465 LISTEN
Local 0.0.0.0:12563 LISTEN
Local 0.0.0.0:12993 LISTEN
Local 0.0.0.0:12995 LISTEN
Local 0.0.0.0:27275 LISTEN
Local 127.0.0.1:12025 LISTEN
Local 127.0.0.1:12080 LISTEN
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49189 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49258 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49262 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49268 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49281 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49283 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49293 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49308 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49311 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49320 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49325 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49328 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49332 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49333 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49334 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49335 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49336 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49341 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49348 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49377 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49378 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49379 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49380 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49390 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49391 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49392 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49393 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49394 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49395 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49398 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49400 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49402 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49404 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49406 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49408 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49410 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49412 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49413 (Querying... )
Local 192.168.0.12:49158 ESTABLISHED Remote 77.234.42.52:80 (Querying... ) (HTTP)
Local 192.168.0.12:49190 ESTABLISHED Remote 218.153.11.20:80 (Querying... ) (HTTP)
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49414 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49418 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49419 (Querying... )
Local 192.168.0.12:49264 ESTABLISHED Remote 74.125.135.121:80 (Querying... ) (HTTP)
Local 192.168.0.12:49266 ESTABLISHED Remote 74.125.135.121:80 (Querying... ) (HTTP)
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49420 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49421 (Querying... )
Local 192.168.0.12:49284 ESTABLISHED Remote 194.71.107.27:80 (Querying... ) (HTTP)
Local 192.168.0.12:49285 ESTABLISHED Remote 203.117.36.177:80 (Querying... ) (HTTP)
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49423 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49429 (Querying... )
Local 192.168.0.12:49295 ESTABLISHED Remote 180.210.201.204:80 (Querying... ) (HTTP)
Local 192.168.0.12:49309 ESTABLISHED Remote 117.18.237.29:80 (Querying... ) (HTTP)
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49430 (Querying... )
Local 192.168.0.12:49318 ESTABLISHED Remote 199.7.51.72:80 (Querying... ) (HTTP)
Local 192.168.0.12:49322 ESTABLISHED Remote 74.125.235.12:80 (Querying... ) (HTTP)
Local 192.168.0.12:49323 ESTABLISHED Remote 117.18.237.29:80 (Querying... ) (HTTP)
Local 192.168.0.12:49327 ESTABLISHED Remote 68.232.44.121:80 (Querying... ) (HTTP)
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49432 (Querying... )
Local 192.168.0.12:49331 ESTABLISHED Remote 124.155.223.112:80 (Querying... ) (HTTP)
Local 192.168.0.12:49337 ESTABLISHED Remote 173.194.38.172:80 (Querying... ) (HTTP)
Local 192.168.0.12:49338 ESTABLISHED Remote 206.17.82.1:80 (Querying... ) (HTTP)
Local 192.168.0.12:49339 ESTABLISHED Remote 173.194.38.172:80 (Querying... ) (HTTP)
Local 192.168.0.12:49340 ESTABLISHED Remote 173.194.38.172:80 (Querying... ) (HTTP)
Local 192.168.0.12:49342 ESTABLISHED Remote 173.194.38.172:80 (Querying... ) (HTTP)
Local 192.168.0.12:49343 ESTABLISHED Remote 173.194.38.172:80 (Querying... ) (HTTP)
Local 192.168.0.12:49349 ESTABLISHED Remote 68.232.44.111:80 (Querying... ) (HTTP)
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49433 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49434 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49435 (Querying... )
Local 192.168.0.12:49381 ESTABLISHED Remote 77.234.43.93:80 (Querying... ) (HTTP)
Local 192.168.0.12:49382 SYN-SENT Remote 77.234.42.83:80 (Querying... ) (HTTP)
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:49437 (Querying... )
Local 127.0.0.1:12119 LISTEN
Local 192.168.0.12:49396 SYN-SENT Remote 74.53.57.69:80 (Querying... ) (HTTP)
Local 192.168.0.12:49397 SYN-SENT Remote 198.199.110.31:80 (Querying... ) (HTTP)
Local 192.168.0.12:49399 ESTABLISHED Remote 103.31.6.36:80 (Querying... ) (HTTP)
Local 192.168.0.12:49401 ESTABLISHED Remote 103.31.6.36:80 (Querying... ) (HTTP)
Local 192.168.0.12:49403 ESTABLISHED Remote 103.31.6.36:80 (Querying... ) (HTTP)
Local 192.168.0.12:49405 ESTABLISHED Remote 103.31.6.36:80 (Querying... ) (HTTP)
Local 192.168.0.12:49407 ESTABLISHED Remote 103.31.6.36:80 (Querying... ) (HTTP)
Local 192.168.0.12:49409 SYN-SENT Remote 212.52.82.53:80 (Querying... ) (HTTP)
Local 192.168.0.12:49411 SYN-SENT Remote 212.52.82.53:80 (Querying... ) (HTTP)
Local 127.0.0.1:12143 LISTEN
Local 192.168.0.12:49416 SYN-SENT Remote 212.52.82.53:80 (Querying... ) (HTTP)
Local 127.0.0.1:12465 LISTEN
Local 192.168.0.12:49422 SYN-SENT Remote 212.52.82.53:80 (Querying... ) (HTTP)
Local 192.168.0.12:49424 SYN-SENT Remote 212.52.82.53:80 (Querying... ) (HTTP)
Local 192.168.0.12:49425 SYN-SENT Remote 212.52.82.53:80 (Querying... ) (HTTP)
Local 192.168.0.12:49426 SYN-SENT Remote 74.53.57.80:80 (Querying... ) (HTTP)
Local 192.168.0.12:49427 SYN-SENT Remote 74.53.57.80:80 (Querying... ) (HTTP)
Local 192.168.0.12:49428 SYN-SENT Remote 74.53.57.80:80 (Querying... ) (HTTP)
Local 192.168.0.12:49431 SYN-SENT Remote 74.53.57.80:80 (Querying... ) (HTTP)
Local 192.168.0.12:49436 SYN-SENT Remote 74.53.57.80:80 (Querying... ) (HTTP)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (256)
Local 127.0.0.1:49268 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49181 ESTABLISHED Remote 127.0.0.1:49180 (Querying... )
Local 127.0.0.1:49390 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49293 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49308 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49311 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49320 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49325 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49328 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49332 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49333 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49334 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49335 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49336 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49341 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49348 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49377 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49378 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49379 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49380 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49391 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49392 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49393 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49394 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49395 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49398 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49400 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49402 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49404 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49406 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49408 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49410 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49412 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49413 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49414 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49418 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49419 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49421 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49423 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49429 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49430 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49432 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49433 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49434 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49435 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49437 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49420 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 192.168.0.12:49280 ESTABLISHED Remote 54.251.148.23:443 (Querying... ) (HTTPS)
Local 127.0.0.1:49283 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49262 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49258 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49180 ESTABLISHED Remote 127.0.0.1:49181 (Querying... )
Local 127.0.0.1:49281 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 192.168.0.12:49388 ESTABLISHED Remote 63.245.216.132:443 (Querying... ) (HTTPS)
Local 192.168.0.12:49389 ESTABLISHED Remote 63.245.216.132:443 (Querying... ) (HTTPS)
Local 192.168.0.12:49415 SYN-SENT Remote 63.245.216.132:443 (Querying... ) (HTTPS)
Local 192.168.0.12:49417 SYN-SENT Remote 63.245.216.132:443 (Querying... ) (HTTPS)
C:\Program Files (x86)\Samsung\Kies\Kies.exe (3772)
Local 127.0.0.1:49189 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
C:\Program Files (x86)\iTunes\iTunesHelper.exe (3596)
Local 127.0.0.1:49170 ESTABLISHED Remote 127.0.0.1:27015 (Querying... )
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (3560)
Local 127.0.0.1:49387 SYN-SENT Remote 127.0.0.1:2559 (Querying... )
System Process
Local 127.0.0.1:12080 TIME-WAIT Remote 127.0.0.1:49254 (Querying... )
Local 192.168.0.12:49310 TIME-WAIT Remote 50.115.125.92:80 (Querying... ) (HTTP)
Local 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:49376 (Querying... )
Local 192.168.0.12:49329 TIME-WAIT Remote 203.190.124.24:80 (Querying... ) (HTTP)
Local 192.168.0.12:49351 TIME-WAIT Remote 63.245.216.132:443 (Querying... ) (HTTPS)
Local 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:49384 (Querying... )
Local 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:49385 (Querying... )
Local 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:49386 (Querying... )
Local 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:49383 (Querying... )
Local 127.0.0.1:49304 TIME-WAIT Remote 127.0.0.1:12080 (Querying... )
Local 192.168.0.12:49352 TIME-WAIT Remote 63.245.216.132:443 (Querying... ) (HTTPS)
Local 127.0.0.1:12080 TIME-WAIT Remote 127.0.0.1:49326 (Querying... )
Local 127.0.0.1:49306 TIME-WAIT Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:12080 TIME-WAIT Remote 127.0.0.1:49344 (Querying... )
Local 127.0.0.1:49302 TIME-WAIT Remote 127.0.0.1:12080 (Querying... )
Local 192.168.0.12:49294 TIME-WAIT Remote 63.245.217.55:443 (Querying... ) (HTTPS)
Local 192.168.0.12:49291 TIME-WAIT Remote 206.17.82.1:80 (Querying... ) (HTTP)
Local 192.168.0.12:49270 TIME-WAIT Remote 117.18.237.29:80 (Querying... ) (HTTP)
Local 192.168.0.12:49243 TIME-WAIT Remote 77.234.41.68:80 (Querying... ) (HTTP)
Local 192.168.0.12:49238 TIME-WAIT Remote 63.245.216.132:443 (Querying... ) (HTTPS)
Local 192.168.0.12:49358 TIME-WAIT Remote 192.168.0.10:8187 (Querying... )
Local 192.168.0.12:49263 TIME-WAIT Remote 50.115.125.92:80 (Querying... ) (HTTP)
Local 127.0.0.1:5357 TIME-WAIT Remote 127.0.0.1:49214 (Querying... )
Local 127.0.0.1:5357 TIME-WAIT Remote 127.0.0.1:49236 (Querying... )
Local 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:49274 (Querying... )
Local 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:49275 (Querying... )
Local 127.0.0.1:12080 TIME-WAIT Remote 127.0.0.1:49163 (Querying... )
Local 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:49296 (Querying... )
Local 127.0.0.1:49375 TIME-WAIT Remote 127.0.0.1:27275 (Querying... )
Local 127.0.0.1:12080 TIME-WAIT Remote 127.0.0.1:49255 (Querying... )
Local 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:49297 (Querying... )
Local 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:49319 (Querying... )
Local 127.0.0.1:12080 TIME-WAIT Remote 127.0.0.1:49265 (Querying... )
Local 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:49330 (Querying... )
Local 127.0.0.1:12080 TIME-WAIT Remote 127.0.0.1:49279 (Querying... )
Local 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:49345 (Querying... )
Local 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:49346 (Querying... )
Local 127.0.0.1:12080 TIME-WAIT Remote 127.0.0.1:49286 (Querying... )
Local 127.0.0.1:27275 TIME-WAIT Remote 127.0.0.1:49367 (Querying... )
System Process
Local 0.0.0.0:445 (Windows shares) LISTEN
Local 0.0.0.0:2869 LISTEN
Local 0.0.0.0:5357 LISTEN
Local 0.0.0.0:10243 LISTEN
Local 192.168.0.12:139 (NetBIOS session service) LISTEN
lsass.exe (736)
Local 0.0.0.0:49155 LISTEN
mDNSResponder.exe (1104)
Local 127.0.0.1:5354 ESTABLISHED Remote 127.0.0.1:49156 (Querying... )
Local 127.0.0.1:5354 LISTEN
services.exe (716)
Local 0.0.0.0:49160 LISTEN
svchost.exe (1004)
Local 0.0.0.0:135 (DCE) LISTEN
svchost.exe (1048)
Local 0.0.0.0:49154 LISTEN
svchost.exe (604)
Local 0.0.0.0:49153 LISTEN
wininit.exe (652)
Local 0.0.0.0:49152 LISTEN
wmpnetwk.exe (4244)
Local 0.0.0.0:554 LISTEN
Generated with Speccy v1.22.536

#14
RKinner

Posted 28 August 2013 - 10:51 AM

Malware Expert

Expert
24,625 posts

May be called EIST in the BIOS.

Do you get the same events if you start it up when it is cold?

You might look on the Lenovo site and see if they have a new BIOS or Chipset utility for your PC.

#15
misshot

Posted 28 August 2013 - 11:09 PM

Member

Topic Starter
Member
55 posts

May be called EIST in the BIOS.

Do you get the same events if you start it up when it is cold?

You might look on the Lenovo site and see if they have a new BIOS or Chipset utility for your PC.

No such option.

How do i update the driver? Lenovo update utility say the driver is all up to date.
I found this chipset driver 9.2.0.1021 at lenovo website @ http://support.lenov...?DocID=DS018655 and i think my driver is 9.2.0.1011 as seen under device manager "2nd generation Intel® Core™ processor family DRAM Controller - 0104"? Are they the same?

This is the result if start cold.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 29/08/2013 12:45:53 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/08/2013 4:45:43 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----------

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 29/08/2013 12:47:59 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/08/2013 4:43:49 AM
Type: Warning Category: 0
Event: 4 Source: k57nd60a
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 29/08/2013 4:43:18 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Edited by misshot, 28 August 2013 - 11:14 PM.