Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

OTL Run - Ctrl Key Depressed Message (its not)on Starting Word


  • Please log in to reply

#1
FXRStuarty

FXRStuarty

    Member

  • Member
  • PipPip
  • 46 posts
As of yesterday I have been having a lot of problems with my main laptop, Lenovo G570 (I write this from my old back up).

I recently started college and suspect I may have brought something undesirable in from the college system.

The symptoms are as follows:

I was using MS Word to download info from the college website. As I downloaded each file I made some changes to it using the Word program.

I then realised that I could not type anything in to the document. On clicking on an area which already had text I noticed that text would become BOLD. I then suspected a "stuck" Ctrl key.

Having had no success in releasing the key I started the laptop in safe mode - this option had been offered when I had restarted Word - and found that I had no problem typing in to a Word document in Safe Mode.

After a bit of panic I thought the best thing to do was to use the on-board Onekey Rescue System facility offered on my laptop. I took the necessary action and the system was restored to original settings. All seemed well at this stage.

After some good advice, I purchased Kasperskey Anti Virus and loaded it to my laptop. I also downloaded Malware Bytes with the view to purchasing this too. I have not yet purchased Malware Bytes but have it on a trial basis on my laptop. I have not run a Malware Bytes sweep as yet.

I have a 500GB external harddrive which is connected to my Lenovo and decided to let Kasperskey have a scan of it. I left it over night to complete. This morning I found the system had shut down. The laptop had continuous power and there had been no power outage that I could discern.

On restarting the laptop it went through a whole range of, what appeared to be, updating, and something like 5700 (not sure of exact number shown on screen during the update) files were updated.

Once the laptop restarted it was again very slow. Starting Kasperskey took a good 30 seconds to load. The dialogue box was on screen showing that it was loading.

Kasperskey has now opened and I have again set it to carry out a full scan of all drives. It has about 3 hours to go.

At no time have I received any error code or infection name.

There is clearly something wrong with my laptop and I will be grateful if some guidance and assisance can be given to rstore it to health.

Thanks.


OTL logfile created on: 9/8/2013 12:05:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stuart\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.95 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 48.84% Memory free
7.89 Gb Paging File | 5.77 Gb Available in Paging File | 73.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 397.15 Gb Free Space | 94.15% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 27.58 Gb Free Space | 95.11% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 76.37 Gb Free Space | 16.40% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 3.74 Gb Total Space | 3.73 Gb Free Space | 99.83% Space Free | Partition Type: FAT32

Computer Name: STUART-PC | User Name: Stuart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/08 12:05:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stuart\Downloads\OTL.exe
PRC - [2013/09/07 21:29:37 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
PRC - [2013/08/23 15:27:42 | 000,984,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
PRC - [2013/08/14 18:55:19 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/06/17 12:35:50 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/08/23 01:34:17 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011/06/15 12:46:52 | 000,548,864 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331_STI.EXE
PRC - [2011/02/18 09:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/02/18 09:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/29 00:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/12/21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/08 10:54:59 | 018,003,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d013570491e3ed864b97675527fdd9d8\PresentationFramework.ni.dll
MOD - [2013/09/08 10:54:45 | 011,451,904 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9ea1cf89cf1897b6b2eeee51ef39b6b9\PresentationCore.ni.dll
MOD - [2013/09/08 10:54:43 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4f02f7d34c4fd0dc58ce1dffb5b424f9\PresentationFramework.Aero.ni.dll
MOD - [2013/09/08 10:54:34 | 007,053,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\3c2edeaaa3e117b0375bacf8fd971b1e\System.Core.ni.dll
MOD - [2013/09/08 10:54:31 | 003,858,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\bc21753d988d4f70f77cd2febb84833c\WindowsBase.ni.dll
MOD - [2013/09/08 10:54:29 | 005,628,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\0835155203a99b6a9bb540629920da0d\System.Xml.ni.dll
MOD - [2013/09/08 10:54:25 | 001,014,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\da18beba41f700dd4c71a3f5464c4342\System.Configuration.ni.dll
MOD - [2013/09/08 10:54:24 | 009,099,776 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\fc16a5cafc433e6d942e9bd5b14fbeaf\System.ni.dll
MOD - [2013/09/08 10:54:18 | 014,418,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c799474a067f07ef3a167d75029fa012\mscorlib.ni.dll
MOD - [2013/09/07 21:29:37 | 016,166,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/08/14 18:55:36 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/07/21 23:48:15 | 002,052,096 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/07/21 23:48:15 | 000,425,984 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/06/17 12:35:10 | 000,478,400 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
MOD - [2013/04/23 23:57:26 | 004,554,752 | ---- | M] () -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2013/04/15 23:56:17 | 001,253,376 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2012/12/12 06:32:26 | 005,025,792 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/10/05 11:53:24 | 003,198,976 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/10/05 11:53:24 | 000,630,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/12/25 21:42:15 | 005,255,168 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2011/08/23 01:34:16 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2010/11/21 04:23:48 | 000,303,104 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2009/06/10 22:22:40 | 000,010,752 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/08/14 18:55:29 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/17 12:35:50 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe -- (AVP)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/08/23 01:27:00 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2011/02/18 09:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/23 15:27:40 | 000,619,616 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/06/10 12:27:56 | 000,030,304 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2013/06/06 17:38:20 | 000,178,784 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/05/14 17:34:44 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/05/06 09:22:22 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2013/05/05 22:42:12 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2013/05/05 22:42:06 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/04/12 15:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/23 01:44:01 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011/08/23 01:43:58 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011/08/23 01:41:28 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011/08/23 01:41:28 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011/08/22 16:51:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/08/22 16:51:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/15 04:51:18 | 000,250,752 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2011/04/08 02:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/25 11:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/02/18 09:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/02/14 05:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/29 00:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/11/24 12:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/21 07:57:30 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 18:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/30 09:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/08/16 10:28:50 | 000,008,320 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmuvcflt.sys -- (vmuvcflt)
DRV:64bit: - [2009/07/21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7LENN_enGB552
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledAddons: %7Be5bbc237-c99b-4ced-a061-0be27703295f%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected] [2013/09/07 22:53:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected] [2013/09/07 22:53:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected] [2013/09/07 22:52:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/09/07 21:22:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stuart\AppData\Roaming\Mozilla\Extensions
[2013/09/08 10:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\172wdz9i.default\extensions
[2013/09/07 23:34:53 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\172wdz9i.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2013/09/08 10:02:41 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\172wdz9i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/09/07 21:30:49 | 000,013,041 | ---- | M] () (No name found) -- C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\172wdz9i.default\extensions\{e5bbc237-c99b-4ced-a061-0be27703295f}.xpi
[2013/09/07 21:21:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/07 21:21:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{359F6B77-108A-4E4F-AFEA-FADBDB8C108A}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/04/07 19:37:40 | 000,000,062 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/08 10:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/09/08 10:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/09/08 10:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/09/08 00:04:10 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Malwarebytes
[2013/09/08 00:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/08 00:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/08 00:03:55 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/09/08 00:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/08 00:03:13 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Programs
[2013/09/07 23:45:21 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\SoftGrid Client
[2013/09/07 23:45:21 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\SoftGrid Client
[2013/09/07 23:43:32 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\TP
[2013/09/07 23:42:54 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013/09/07 23:42:42 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\IrfanView
[2013/09/07 23:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2013/09/07 22:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
[2013/09/07 22:53:20 | 000,110,176 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\klfphc.dll
[2013/09/07 22:52:52 | 000,000,000 | ---D | C] -- C:\windows\ELAMBKUP
[2013/09/07 22:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/09/07 22:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/09/07 22:52:41 | 000,619,616 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klif.sys
[2013/09/07 22:52:41 | 000,112,224 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klflt.sys
[2013/09/07 22:43:00 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT
[2013/09/07 22:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/09/07 22:02:29 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/09/07 21:32:59 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Macromedia
[2013/09/07 21:32:59 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Macromedia
[2013/09/07 21:32:59 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Adobe
[2013/09/07 21:29:35 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2013/09/07 21:22:26 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Mozilla
[2013/09/07 21:22:26 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Mozilla
[2013/09/07 21:21:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/09/07 21:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/09/07 21:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/07 21:09:37 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Google
[2013/09/07 21:09:36 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Google
[2013/09/07 21:08:59 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Intel Corporation
[2013/09/07 21:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Energy Management
[2013/09/07 21:08:04 | 000,000,000 | R--D | C] -- C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/09/07 21:08:04 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Searches
[2013/09/07 21:08:04 | 000,000,000 | R--D | C] -- C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/09/07 21:08:04 | 000,000,000 | -H-D | C] -- C:\Users\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/09/07 21:07:55 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Identities
[2013/09/07 21:07:50 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Contacts
[2013/09/07 21:07:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/07 21:07:47 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\VirtualStore
[2013/09/07 21:07:27 | 000,000,000 | --SD | C] -- C:\Users\Stuart\AppData\Roaming\Microsoft
[2013/09/07 21:07:27 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Videos
[2013/09/07 21:07:27 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Saved Games
[2013/09/07 21:07:27 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Pictures
[2013/09/07 21:07:27 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Music
[2013/09/07 21:07:27 | 000,000,000 | R--D | C] -- C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/09/07 21:07:27 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Links
[2013/09/07 21:07:27 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Favorites
[2013/09/07 21:07:27 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Downloads
[2013/09/07 21:07:27 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Documents
[2013/09/07 21:07:27 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Desktop
[2013/09/07 21:07:27 | 000,000,000 | R--D | C] -- C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\AppData\Local\Temporary Internet Files
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\Templates
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\Start Menu
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\SendTo
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\Recent
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\PrintHood
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\NetHood
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\Documents\My Videos
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\Documents\My Pictures
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\Documents\My Music
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\My Documents
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\Local Settings
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\AppData\Local\History
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\Cookies
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\Application Data
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\AppData\Local\Application Data
[2013/09/07 21:07:27 | 000,000,000 | -H-D | C] -- C:\Users\Stuart\AppData
[2013/09/07 21:07:27 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Temp
[2013/09/07 21:07:27 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Microsoft
[2013/09/07 21:07:27 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Media Center Programs
[2013/09/07 21:07:27 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
[2013/09/07 21:05:59 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2013/09/08 11:51:01 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/08 11:16:18 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/08 11:16:18 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/08 11:16:01 | 000,779,266 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/09/08 11:16:01 | 000,664,992 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/09/08 11:16:01 | 000,125,696 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/09/08 11:09:27 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/08 11:09:19 | 000,330,369 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2013/09/08 11:08:35 | 000,282,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/09/08 11:08:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/09/08 11:08:17 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/08 10:55:57 | 000,764,810 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/09/08 00:03:56 | 000,001,137 | ---- | M] () -- C:\Users\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/09/08 00:03:56 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/07 23:42:54 | 000,001,002 | ---- | M] () -- C:\Users\Stuart\Desktop\IrfanView.lnk
[2013/09/07 22:53:22 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
[2013/09/07 22:03:52 | 000,108,227 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2013/09/07 22:03:52 | 000,108,227 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2013/09/07 21:21:52 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/09/07 21:09:29 | 000,001,441 | ---- | M] () -- C:\Users\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/07 21:08:50 | 000,002,086 | ---- | M] () -- C:\Users\Stuart\Desktop\OneKey Recovery.lnk
[2013/09/07 21:08:45 | 000,001,122 | ---- | M] () -- C:\Users\Stuart\Desktop\Cyberlink Power2Go.lnk
[2013/08/23 15:27:40 | 000,619,616 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klif.sys

========== Files Created - No Company Name ==========

[2013/09/08 00:03:56 | 000,001,137 | ---- | C] () -- C:\Users\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/09/08 00:03:56 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/07 23:42:54 | 000,001,002 | ---- | C] () -- C:\Users\Stuart\Desktop\IrfanView.lnk
[2013/09/07 22:53:38 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
[2013/09/07 22:36:52 | 000,764,810 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/09/07 22:02:23 | 3177,074,688 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/07 21:21:52 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/09/07 21:21:52 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/09/07 21:09:29 | 000,001,441 | ---- | C] () -- C:\Users\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/07 21:08:12 | 000,001,413 | ---- | C] () -- C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/09/07 21:08:06 | 000,001,447 | ---- | C] () -- C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/09/07 21:07:27 | 000,002,239 | ---- | C] () -- C:\Users\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/07 21:07:27 | 000,002,086 | ---- | C] () -- C:\Users\Stuart\Desktop\OneKey Recovery.lnk
[2013/09/07 21:07:27 | 000,001,122 | ---- | C] () -- C:\Users\Stuart\Desktop\Cyberlink Power2Go.lnk
[2013/09/07 21:07:27 | 000,000,290 | ---- | C] () -- C:\Users\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/09/07 21:07:27 | 000,000,272 | ---- | C] () -- C:\Users\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/09/07 21:07:27 | 000,000,189 | ---- | C] () -- C:\Users\Stuart\Desktop\Lenovo Telephony Start Now.url

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/07 23:42:42 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\IrfanView
[2013/09/07 23:53:28 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\SoftGrid Client
[2013/09/07 23:45:32 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\TP

========== Purity Check ==========



< End of report >

Edited by FXRStuarty, 08 September 2013 - 05:32 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,026 posts
  • MVP
You may need to pause your anti-virus while downloading and running the first one:


Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply (aswMBR.txt)




Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.




Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.




Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#3
FXRStuarty

FXRStuarty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Ron,

Firstly,thanks a lot for your time and the help you are offering. I am very grateful.

I have produced the logs as requested.

I am using a Memory Stick which I use on the laptop I am having trouble with and a college system. I have Kaspersky and Malware Bytes (both paid for versions) on my troubled laptop. Is it okay to continue using this memory stick? Grateful if you will advise.

aswMBR file:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-09 18:33:04
-----------------------------
18:33:04.222 OS Version: Windows x64 6.1.7601 Service Pack 1
18:33:04.222 Number of processors: 4 586 0x2A07
18:33:04.222 ComputerName: STUART-PC UserName: Stuart
18:33:05.626 Initialize success
18:40:55.171 AVAST engine defs: 13090900
18:41:07.510 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:41:07.510 Disk 0 Vendor: HITACHI_ JE3Z Size: 476940MB BusType: 3
18:41:07.620 Disk 0 MBR read successfully
18:41:07.620 Disk 0 MBR scan
18:41:07.635 Disk 0 Windows 7 default MBR code
18:41:07.651 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
18:41:07.666 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 431938 MB offset 411648
18:41:07.682 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 885020672
18:41:07.713 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 945829888
18:41:07.744 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 885022720
18:41:07.900 Disk 0 scanning C:\windows\system32\drivers
18:41:15.810 Service scanning
18:41:42.829 Modules scanning
18:41:44.436 AVAST engine scan C:\windows
18:41:46.433 AVAST engine scan C:\windows\system32
18:44:42.432 AVAST engine scan C:\windows\system32\drivers
18:44:52.307 AVAST engine scan C:\Users\Stuart
18:46:14.176 AVAST engine scan C:\ProgramData
18:46:39.729 Scan finished successfully
18:47:15.406 Disk 0 MBR has been saved successfully to "C:\Users\Stuart\Desktop\MBR.dat"
18:47:15.406 The log file has been saved successfully to "C:\Users\Stuart\Desktop\aswMBR.txt"


Speccy:

Summary
Operating System
Windows 7 Home Premium 64-bit SP1
CPU
Intel Core i3 2330M @ 2.20GHz 45 °C
Sandy Bridge 32nm Technology
RAM
4.00GB Single-Channel DDR3 @ 665MHz (9-9-9-24)
Motherboard
LENOVO Base Board Product Name (CPU1)
Graphics
Generic PnP Monitor ([email protected])
Intel HD Graphics Family (Lenovo)
Hard Drives
466GB HITACHI HTS547550A9E384 (SATA) 34 °C
Optical Drives
MATSHITA DVD-RAM UJ8B1AS
Audio
Conexant SmartAudio HD
Operating System
Windows 7 Home Premium 64-bit SP1
Computer type: Notebook
Installation Date: 07/09/2013 21:07:22
Serial Number:
Windows Security Center
User Account Control (UAC) Enabled
Notify level 2 - Default
Firewall Enabled
Windows Update
AutoUpdate Notify prior to download
Windows Defender
Windows Defender Enabled
Antivirus
Antivirus Enabled
Display Name Kaspersky Anti-Virus
Virus Signature Database Up to date
.NET Frameworks installed
v4.0 Full
v4.0 Client
v3.5 SP1
v3.0 SP2
v2.0 SP2
Internet Explorer
Version 9.0.8112.16421
PowerShell
Version 2.0
Environment Variables
USERPROFILE C:\Users\Stuart
SystemRoot C:\windows
User Variables
TEMP C:\Users\Stuart\AppData\Local\Temp
TMP C:\Users\Stuart\AppData\Local\Temp
Machine Variables
ComSpec C:\windows\system32\cmd.exe
FP_NO_HOST_CHECK NO
OS Windows_NT
Path C:\Program Files\Common Files\Microsoft Shared\Windows Live
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live
C:\windows\system32
C:\windows
C:\windows\System32\Wbem
%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
C:\Program Files (x86)\Windows Live\Shared
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE AMD64
TEMP C:\windows\TEMP
TMP C:\windows\TEMP
USERNAME SYSTEM
windir C:\windows
PSModulePath C:\windows\system32\WindowsPowerShell\v1.0\Modules\
NUMBER_OF_PROCESSORS 4
PROCESSOR_LEVEL 6
PROCESSOR_IDENTIFIER Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
PROCESSOR_REVISION 2a07
windows_tracing_logfile C:\BVTBin\Tests\installpackage\csilogfile.log
windows_tracing_flags 3
configsetroot C:\windows\ConfigSetRoot
LenovoTestLogFile preload.log
LenovoTestPath C:\prdv10\
Battery
AC Line Online
Battery Charge % 100 %
Battery State High
Remaining Battery Time Unknown
Power Profile
Active power scheme Energy Star
Hibernation Enabled
Turn Off Monitor after: (On AC Power) 10 min
Turn Off Monitor after: (On Battery Power) 5 min
Turn Off Hard Disk after: (On AC Power) 20 min
Turn Off Hard Disk after: (On Battery Power) 10 min
Suspend after: (On AC Power) Never
Suspend after: (On Battery Power) 15 min
Screen saver Enabled
Uptime
Current Session
Current Time 09/09/2013 18:57:57
Current Uptime 6,110 sec (0 d, 01 h, 41 m, 50 s)
Last Boot Time 09/09/2013 17:16:07
TimeZone
TimeZone GMT
Language English (United Kingdom)
Location United Kingdom
Format English (United Kingdom)
Currency £
Date Format dd/MM/yyyy
Time Format HH:mm:ss
Process List
armsvc.exe
Process ID 1392
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
Memory Usage 3.79 MB
Peak Memory Usage 3.83 MB
aswmbr.exe
Process ID 3856
User Stuart
Domain Stuart-PC
Path C:\Users\Stuart\Downloads\aswmbr.exe
Memory Usage 276 MB
Peak Memory Usage 418 MB
avp.exe
Process ID 1416
User SYSTEM
Domain NT AUTHORITY
Memory Usage 110 MB
Peak Memory Usage 304 MB
avpui.exe
Process ID 1868
User Stuart
Domain Stuart-PC
Memory Usage 3.61 MB
Peak Memory Usage 78 MB
csrss.exe
Process ID 516
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\csrss.exe
Memory Usage 4.93 MB
Peak Memory Usage 5.09 MB
csrss.exe
Process ID 632
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\csrss.exe
Memory Usage 36 MB
Peak Memory Usage 41 MB
dllhost.exe
Process ID 4008
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\DllHost.exe
Memory Usage 7.18 MB
Peak Memory Usage 7.33 MB
Dropbox.exe
Process ID 2932
User Stuart
Domain Stuart-PC
Path C:\Users\Stuart\AppData\Roaming\Dropbox\bin\Dropbox.exe
Memory Usage 72 MB
Peak Memory Usage 72 MB
dwm.exe
Process ID 1728
User Stuart
Domain Stuart-PC
Path C:\windows\system32\Dwm.exe
Memory Usage 55 MB
Peak Memory Usage 70 MB
Energy Management.exe
Process ID 2508
User Stuart
Domain Stuart-PC
Path C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
Memory Usage 12 MB
Peak Memory Usage 12 MB
explorer.exe
Process ID 1796
User Stuart
Domain Stuart-PC
Path C:\windows\Explorer.EXE
Memory Usage 56 MB
Peak Memory Usage 59 MB
firefox.exe
Process ID 4928
User Stuart
Domain Stuart-PC
Path C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Memory Usage 360 MB
Peak Memory Usage 395 MB
FreeAgentService.exe
Process ID 1496
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
Memory Usage 7.15 MB
Peak Memory Usage 7.48 MB
GoogleToolbarNotifier.exe
Process ID 2772
User Stuart
Domain Stuart-PC
Path C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Memory Usage 2.43 MB
Peak Memory Usage 7.77 MB
hkcmd.exe
Process ID 2332
User Stuart
Domain Stuart-PC
Path C:\Windows\System32\hkcmd.exe
Memory Usage 7.09 MB
Peak Memory Usage 7.15 MB
IAStorDataMgrSvc.exe
Process ID 3984
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Intel\Intel Rapid Storage Technology\IAStorDataMgrSvc.exe
Memory Usage 16 MB
Peak Memory Usage 16 MB
IAStorIcon.exe
Process ID 2672
User Stuart
Domain Stuart-PC
Path C:\Program Files (x86)\Intel\Intel Rapid Storage Technology\IAStorIcon.exe
Memory Usage 22 MB
Peak Memory Usage 22 MB
igfxpers.exe
Process ID 2596
User Stuart
Domain Stuart-PC
Path C:\Windows\System32\igfxpers.exe
Memory Usage 9.91 MB
Peak Memory Usage 9.96 MB
igfxtray.exe
Process ID 2084
User Stuart
Domain Stuart-PC
Path C:\Windows\System32\igfxtray.exe
Memory Usage 7.31 MB
Peak Memory Usage 7.32 MB
LMS.exe
Process ID 2280
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Intel\Intel Management Engine Components\LMS\LMS.exe
Memory Usage 5.13 MB
Peak Memory Usage 5.13 MB
lsass.exe
Process ID 688
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\lsass.exe
Memory Usage 13 MB
Peak Memory Usage 13 MB
lsm.exe
Process ID 696
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\lsm.exe
Memory Usage 4.31 MB
Peak Memory Usage 4.31 MB
mbamgui.exe
Process ID 2012
User Stuart
Domain Stuart-PC
Path C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
Memory Usage 7.27 MB
Peak Memory Usage 7.30 MB
mbamscheduler.exe
Process ID 1972
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
Memory Usage 5.55 MB
Peak Memory Usage 5.60 MB
mbamservice.exe
Process ID 1092
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
Memory Usage 118 MB
Peak Memory Usage 190 MB
PManage.exe
Process ID 2540
User Stuart
Domain Stuart-PC
Path C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
Memory Usage 6.56 MB
Peak Memory Usage 6.64 MB
procexp.exe
Process ID 3532
User Stuart
Domain Stuart-PC
Path C:\Users\Stuart\Downloads\procexp.exe
Memory Usage 7.44 MB
Peak Memory Usage 7.52 MB
procexp64.exe
Process ID 3400
User Stuart
Domain Stuart-PC
Path C:\Users\Stuart\AppData\Local\Temp\procexp64.exe
Memory Usage 45 MB
Peak Memory Usage 55 MB
rundll32.exe
Process ID 2124
User Stuart
Domain Stuart-PC
Path C:\windows\System32\rundll32.exe
Memory Usage 6.86 MB
Peak Memory Usage 6.88 MB
SearchFilterHost.exe
Process ID 3836
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\SearchFilterHost.exe
Memory Usage 8.34 MB
Peak Memory Usage 8.34 MB
SearchIndexer.exe
Process ID 2768
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\SearchIndexer.exe
Memory Usage 17 MB
Peak Memory Usage 17 MB
SearchProtocolHost.exe
Process ID 4160
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\SearchProtocolHost.exe
Memory Usage 12 MB
Peak Memory Usage 12 MB
services.exe
Process ID 664
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\services.exe
Memory Usage 9.65 MB
Peak Memory Usage 13 MB
smss.exe
Process ID 396
User SYSTEM
Domain NT AUTHORITY
Path \SystemRoot\System32\smss.exe
Memory Usage 1.18 MB
Peak Memory Usage 1.20 MB
Speccy64.exe
Process ID 4500
User Stuart
Domain Stuart-PC
Path C:\Program Files\Speccy\Speccy64.exe
Memory Usage 27 MB
Peak Memory Usage 27 MB
spoolsv.exe
Process ID 1260
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\System32\spoolsv.exe
Memory Usage 12 MB
Peak Memory Usage 13 MB
stxmenumgr.exe
Process ID 3008
User Stuart
Domain Stuart-PC
Path C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
Memory Usage 6.89 MB
Peak Memory Usage 6.99 MB
svchost.exe
Process ID 868
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 8.49 MB
Peak Memory Usage 8.51 MB
svchost.exe
Process ID 560
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 17 MB
Peak Memory Usage 17 MB
svchost.exe
Process ID 796
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 9.44 MB
Peak Memory Usage 9.63 MB
svchost.exe
Process ID 932
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\windows\System32\svchost.exe
Memory Usage 22 MB
Peak Memory Usage 23 MB
svchost.exe
Process ID 964
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\System32\svchost.exe
Memory Usage 139 MB
Peak Memory Usage 158 MB
svchost.exe
Process ID 1008
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 44 MB
Peak Memory Usage 48 MB
svchost.exe
Process ID 1104
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 17 MB
Peak Memory Usage 18 MB
svchost.exe
Process ID 2484
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 5.67 MB
Peak Memory Usage 5.71 MB
svchost.exe
Process ID 4344
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\System32\svchost.exe
Memory Usage 32 MB
Peak Memory Usage 70 MB
svchost.exe
Process ID 1288
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 37 MB
Peak Memory Usage 70 MB
svchost.exe
Process ID 3884
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\windows\System32\svchost.exe
Memory Usage 14 MB
Peak Memory Usage 14 MB
svchost.exe
Process ID 2572
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\svchost.exe
Memory Usage 20 MB
Peak Memory Usage 20 MB
SynTPEnh.exe
Process ID 2836
User Stuart
Domain Stuart-PC
Path C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Memory Usage 15 MB
Peak Memory Usage 15 MB
SynTPHelper.exe
Process ID 2856
User Stuart
Domain Stuart-PC
Path C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
Memory Usage 3.55 MB
Peak Memory Usage 3.57 MB
System
Process ID 4
Memory Usage 11 MB
Peak Memory Usage 15 MB
System Idle Process
Process ID 0
taskhost.exe
Process ID 1652
User Stuart
Domain Stuart-PC
Path C:\windows\system32\taskhost.exe
Memory Usage 7.80 MB
Peak Memory Usage 7.80 MB
UNS.exe
Process ID 4820
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Intel\Intel Management Engine Components\UNS\UNS.exe
Memory Usage 7.36 MB
Peak Memory Usage 7.38 MB
utility.exe
Process ID 2624
User Stuart
Domain Stuart-PC
Path C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
Memory Usage 13 MB
Peak Memory Usage 13 MB
VM331_STI.EXE
Process ID 2852
User Stuart
Domain Stuart-PC
Path C:\Program Files (x86)\USB Camera\VM331_STI.EXE
Memory Usage 5.87 MB
Peak Memory Usage 6.16 MB
wininit.exe
Process ID 600
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\wininit.exe
Memory Usage 4.50 MB
Peak Memory Usage 4.57 MB
winlogon.exe
Process ID 440
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\winlogon.exe
Memory Usage 7.36 MB
Peak Memory Usage 8.38 MB
WLIDSVC.EXE
Process ID 4696
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
Memory Usage 14 MB
Peak Memory Usage 14 MB
WLIDSVCM.EXE
Process ID 4264
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
Memory Usage 3.39 MB
Peak Memory Usage 3.43 MB
WmiPrvSE.exe
Process ID 3368
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\wbem\wmiprvse.exe
Memory Usage 17 MB
Peak Memory Usage 18 MB
WmiPrvSE.exe
Process ID 996
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\windows\system32\wbem\wmiprvse.exe
Memory Usage 12 MB
Peak Memory Usage 12 MB
wmpnetwk.exe
Process ID 3412
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Program Files\Windows Media Player\wmpnetwk.exe
Memory Usage 11 MB
Peak Memory Usage 25 MB
wuauclt.exe
Process ID 3600
User Stuart
Domain Stuart-PC
Path C:\windows\system32\wuauclt.exe
Memory Usage 7.02 MB
Peak Memory Usage 7.03 MB
YCMMirage.exe
Process ID 3064
User Stuart
Domain Stuart-PC
Path C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
Memory Usage 5.61 MB
Peak Memory Usage 5.71 MB
Scheduler
09/09/2013 19:51; GoogleUpdateTaskMachineUA
10/09/2013 09:51; GoogleUpdateTaskMachineCore
Hotfixes
08/09/2013 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2742595)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
08/09/2013 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2737019)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
08/09/2013 Definition Update for Windows Defender - KB915597 (Definition 1.157.1306.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
08/09/2013 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2789642)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
08/09/2013 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2840628)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
08/09/2013 Security Update for Windows 7 for x64-based Systems (KB2803821)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
08/09/2013 Security Update for Windows 7 for x64-based Systems (KB2807986)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
08/09/2013 Security Update for Windows 7 for x64-based Systems (KB2667402)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected system to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
08/09/2013 Security Update for Windows 7 for x64-based Systems (KB2655992)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain access to
information. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
08/09/2013 Security Update for Windows 7 for x64-based Systems (KB2849470)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
08/09/2013 Security Update for Windows 7 for x64-based Systems (KB2757638)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
08/09/2013 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2729449)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
08/09/2013 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2604121)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
08/09/2013 Security Update for Windows 7 for x64-based Systems (KB2758857)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
08/09/2013 Security Update for Windows 7 for x64-based Systems (KB2770660)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
08/09/2013 Security Update for Windows 7 for x64-based Systems (KB2845187)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
08/09/2013 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2804576)
A security issue has been identified that could allow an attacker
to misrepresent a system action or behavior without the knowledge
of the user. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
08/09/2013 Security Update for Windows 7 for x64-based Systems (KB2790113)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
08/09/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2604115)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
08/09/2013 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
08/09/2013 Security Update for Windows 7 for x64-based Systems (KB2861855)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
08/09/2013 Security Update for Windows 7 for x64-based Systems (KB2579686)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
08/09/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2729452)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
08/09/2013 Security Update for Windows 7 for x64-based Systems (KB2753842)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
08/09/2013 Security Update for Windows 7 for x64-based Systems (KB2645640)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
08/09/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2742599)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
08/09/2013 Security Update for Windows 7 for x64-based Systems (KB2690533)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
08/09/2013 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2736428)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected application to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
08/09/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2833946)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
08/09/2013 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2835393)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
08/09/2013 Security Update for Windows 7 for x64-based Systems (KB2727528)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
08/09/2013 Security Update for Windows 7 for x64-based Systems (KB2839894)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
08/09/2013 Security Update for Windows 7 for x64-based Systems (KB2850851)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
08/09/2013 Security Update for Windows 7 for x64-based Systems (KB2532531)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
08/09/2013 Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2487367)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain access to information. You can help protect
your computer by installing this update from Microsoft. After
you install this item, you may have to restart your computer.
08/09/2013 Security Update for Microsoft Silverlight (KB2847559)
This security update to Silverlight includes fixes outlined in
KB 2847559. This update is backward compatible with web applications
built using previous versions of Silverlight.
08/09/2013 Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB2538242)
A security issue has been identified leading to MFC application
vulnerability in DLL planting due to MFC not specifying the full
path to system/localization DLLs. You can protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2563227)
Install this update to resolve performance and reliability issues
in Windows. By applying this update, you can achieve better performance
and responsiveness in various scenarios. For a complete listing
of the issues that are included in this update, see the associated
Microsoft Knowledge Base article for more information. After
you install this item, you may have to restart your computer.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2763523)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2820331)
Install this update to resolve a set of known application compatibility
issues with Windows. For a complete listing of the issues that
are included in this update, see the associated Microsoft Knowledge
Base article for more information. After you install this item,
you may have to restart your computer.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2640148)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2547666)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2813956)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2660075)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Update for Kernel-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685811)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2545698)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Internet Explorer 10 for Windows 7 for x64-based Systems
Internet Explorer 10 is fast and fluid, and lets your websites
shine and perform just like native apps on your PC.
Internet
Explorer 10. Fast and fluid for Windows 7.
• Fast. Internet
Explorer 10 harnesses the untapped power of your PC, delivering
pages full of vivid graphics, smoother video, and interactive
content.
• Easy. Experience the web the way you want to with
pinned sites, built-in Spellcheck, and seamless integration with
your PC running Windows 7.
• Safer. Improved features like SmartScreen
Filter and Tracking Protection let you be more aware of threats
to your PC and your privacy.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2719857)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2803821)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2807986)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2667402)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected system to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2655992)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain access to
information. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2849470)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2757638)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2750841)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2709630)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Update for Windows 7 for x64-based Systems (KB971033)
This update to Windows Activation Technologies detects activation
exploits and tampering to key Windows system files. These exploits
try to bypass regular Windows activation and are sometimes included
within counterfeit copies of Windows.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2758857)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2770660)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2845187)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2790113)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2732059)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2604115)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2786400)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2861855)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2773072)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2579686)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2791765)
Install this update to resolve a set of known application compatibility
issues with Windows. For a complete listing of the issues that
are included in this update, see the associated Microsoft Knowledge
Base article for more information. After you install this item,
you may have to restart your computer.
07/09/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2729452)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2753842)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2645640)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2742599)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Update for User-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685813)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2690533)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2699779)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2726535)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2833946)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2727528)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2839894)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2850851)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2761217)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2808679)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2799926)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2732500)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2729094)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2834140)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2647753)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2656356)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2789645)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2830290)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2560656)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2552343)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2756921)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2620704)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2533552)
Install this update to enable future updates to install successfully
on all editions of Windows 7 or Windows Server 2008 R2. This
update may be required before selected future updates can be
installed. After you install this item, it cannot be removed.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2813347)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2862966)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2718704)
Install this update to resolve an issue which requires an update
to the certificate revocation list on Windows systems and to
keep your systems certificate list up to date. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2840631)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2631813)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2798162)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2536276)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2585542)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain access to
information. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
07/09/2013 Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB2618451)
Security issues have been identified in ActiveX controls that
could allow an attacker to compromise a system running Microsoft
Internet Explorer and gain control over it. You can help protect
your system by installing this update from Microsoft. After you
install this item, you may have to restart your computer.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2840149)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2844286)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2570947)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2863058)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2676562)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2847927)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2691442)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2803821)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2807986)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2667402)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected system to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2655992)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain access to
information. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
07/09/2013 Microsoft Browser Choice Screen Update for EEA Users of Windows 7 for x64-based Systems (KB976002)
Install this update to access a Choice Screen which lets you
select whether and which Web browser(s) to install in addition
to Internet Explorer. After you have installed this software
update it cannot be removed.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2849470)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Windows Malicious Software Removal Tool x64 - August 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2757638)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2758857)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2770660)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2845187)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2785220)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain access to
information. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2790113)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2604115)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2861855)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2579686)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2685939)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2729452)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2753842)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2645640)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2742599)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2690533)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2743555)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected system to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
07/09/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2833946)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2727528)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2839894)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2850851)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2804579)
A security issue has been identified that could allow an attacker
to misrepresent a system action or behavior without the knowledge
of the user. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
07/09/2013 Update for Windows 7 for x64-based Systems (KB2786081)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2532531)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2835364)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2653956)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2868623)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2705219)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2654428)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2813430)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2712808)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2511455)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2564958)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2619339)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2813170)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2832414)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2834886)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2835361)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2698365)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2862772)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2736422)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected application to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2644615)
A security issue has been identified that could allow an attacker
to break or bypass a security feature in the affected software.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
07/09/2013 Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB2820197)
A security issue has been identified in a Microsoft software
product that could affect your system. You can help protect your
system by installing this update from Microsoft. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article. After you install
this update, you may have to restart your system.
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2584146)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Update for Windows (KB958488)
Microsoft .NET Framework 4.0 Shared
07/09/2013 Security Update for Windows 7 for x64-based Systems (KB2621440)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
07/09/2013 Windows Update Agent 7.6.7600.256
The Windows Update Agent enables your computer to search for
and install updates from an update service. The agent can automatically
update itself as needed to communicate with the update service
when Windows searches for new updates.
System Folders
Path for burning CD C:\Users\Stuart\AppData\Local\Microsoft\Windows\Burn\Burn
Application Data C:\ProgramData
Public Desktop C:\Users\Public\Desktop
Documents C:\Users\Public\Documents
Global Favorites C:\Users\Stuart\Favorites
Music C:\Users\Public\Music
Pictures C:\Users\Public\Pictures
Start Menu Programs C:\ProgramData\Microsoft\Windows\Start Menu\Programs
Start Menu C:\ProgramData\Microsoft\Windows\Start Menu
Startup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Templates C:\ProgramData\Microsoft\Windows\Templates
Videos C:\Users\Public\Videos
Cookies C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Cookies
Desktop C:\Users\Stuart\Desktop
Physical Desktop C:\Users\Stuart\Desktop
User Favorites C:\Users\Stuart\Favorites
Fonts C:\windows\Fonts
Internet History C:\Users\Stuart\AppData\Local\Microsoft\Windows\History
Temporary Internet Files C:\Users\Stuart\AppData\Local\Microsoft\Windows\Temporary Internet Files
Local Application Data C:\Users\Stuart\AppData\Local
Windows Directory C:\windows
Windows/System C:\windows\system32
Program Files C:\Program Files
Services
Running Adobe Acrobat Update Service
Running Application Experience
Running Application Information
Running Background Intelligent Transfer Service
Running Base Filtering Engine
Running CNG Key Isolation
Running COM+ Event System
Running Computer Browser
Running Credential Manager
Running Cryptographic Services
Running DCOM Server Process Launcher
Running Desktop Window Manager Session Manager
Running DHCP Client
Running Diagnostic Policy Service
Running Diagnostic Service Host
Running Distributed Link Tracking Client
Running DNS Client
Running Extensible Authentication Protocol
Running Function Discovery Provider Host
Running Function Discovery Resource Publication
Running Group Policy Client
Running HomeGroup Listener
Running HomeGroup Provider
Running IKE and AuthIP IPsec Keying Modules
Running Intel Management and Security Application Local Management Service
Running Intel Management and Security Application User Notification Service
Running Intel Rapid Storage Technology
Running IP Helper
Running IPsec Policy Agent
Running Kaspersky Anti-Virus Service
Running MBAMScheduler
Running MBAMService
Running Network Connections
Running Network List Service
Running Network Location Awareness
Running Network Store Interface Service
Running Peer Name Resolution Protocol
Running Peer Networking Grouping
Running Peer Networking Identity Manager
Running Plug and Play
Running Power
Running Print Spooler
Running Program Compatibility Assistant Service
Running Remote Procedure Call (RPC)
Running RPC Endpoint Mapper
Running Seagate Service
Running Security Accounts Manager
Running Security Center
Running Server
Running Shell Hardware Detection
Running SSDP Discovery
Running Superfetch
Running System Event Notification Service
Running Task Scheduler
Running TCP/IP NetBIOS Helper
Running Themes
Running UPnP Device Host
Running User Profile Service
Running Windows Audio
Running Windows Audio Endpoint Builder
Running Windows Defender
Running Windows Driver Foundation - User-mode Driver Framework
Running Windows Event Log
Running Windows Firewall
Running Windows Font Cache Service
Running Windows Live ID Sign-in Assistant
Running Windows Management Instrumentation
Running Windows Media Player Network Sharing Service
Running Windows Search
Running Windows Update
Running WinHTTP Web Proxy Auto-Discovery Service
Running WLAN AutoConfig
Running Workstation
Stopped ActiveX Installer (AxInstSV)
Stopped Adaptive Brightness
Stopped Application Identity
Stopped Application Layer Gateway Service
Stopped ASP.NET State Service
Stopped BitLocker Drive Encryption Service
Stopped Block Level Backup Engine Service
Stopped Bluetooth Support Service
Stopped Certificate Propagation
Stopped COM+ System Application
Stopped Diagnostic System Host
Stopped Disk Defragmenter
Stopped Distributed Transaction Coordinator
Stopped Encrypting File System (EFS)
Stopped Fax
Stopped Google Software Updater
Stopped Google Update Service (gupdate)
Stopped Google Update Service (gupdatem)
Stopped Health Key and Certificate Management
Stopped Human Interface Device Access
Stopped Interactive Services Detection
Stopped Internet Connection Sharing (ICS)
Stopped KtmRm for Distributed Transaction Coordinator
Stopped Link-Layer Topology Discovery Mapper
Stopped McAfee SiteAdvisor Service
Stopped Media Center Extender Service
Stopped Microsoft .NET Framework NGEN v2.0.50727_X64
Stopped Microsoft .NET Framework NGEN v2.0.50727_X86
Stopped Microsoft .NET Framework NGEN v4.0.30319_X64
Stopped Microsoft .NET Framework NGEN v4.0.30319_X86
Stopped Microsoft iSCSI Initiator Service
Stopped Microsoft Office Diagnostics Service
Stopped Microsoft Software Shadow Copy Provider
Stopped Mozilla Maintenance Service
Stopped Multimedia Class Scheduler
Stopped Net.Msmq Listener Adapter
Stopped Net.Pipe Listener Adapter
Stopped Net.Tcp Listener Adapter
Stopped Net.Tcp Port Sharing Service
Stopped Netlogon
Stopped Network Access Protection Agent
Stopped Office Source Engine
Stopped Parental Controls
Stopped Partner Service
Stopped Performance Counter DLL Host
Stopped Performance Logs & Alerts
Stopped PnP-X IP Bus Enumerator
Stopped PNRP Machine Name Publication Service
Stopped Portable Device Enumerator Service
Stopped Problem Reports and Solutions Control Panel Support
Stopped Protected Storage
Stopped Quality Windows Audio Video Experience
Stopped Remote Access Auto Connection Manager
Stopped Remote Access Connection Manager
Stopped Remote Desktop Configuration
Stopped Remote Desktop Services
Stopped Remote Procedure Call (RPC) Locator
Stopped Remote Registry
Stopped Routing and Remote Access
Stopped Secondary Logon
Stopped Secure Socket Tunneling Protocol Service
Stopped Smart Card
Stopped Smart Card Removal Policy
Stopped SNMP Trap
Stopped Software Protection
Stopped SPP Notification Service
Stopped Tablet PC Input Service
Stopped Telephony
Stopped Thread Ordering Server
Stopped TPM Base Services
Stopped Virtual Disk
Stopped Volume Shadow Copy
Stopped WebClient
Stopped Windows Backup
Stopped Windows Biometric Service
Stopped Windows CardSpace
Stopped Windows Color System
Stopped Windows Connect Now - Config Registrar
Stopped Windows Error Reporting Service
Stopped Windows Event Collector
Stopped Windows Image Acquisition (WIA)
Stopped Windows Installer
Stopped Windows Live Mesh remote connections service
Stopped Windows Media Center Receiver Service
Stopped Windows Media Center Scheduler Service
Stopped Windows Modules Installer
Stopped Windows Presentation Foundation Font Cache 3.0.0.0
Stopped Windows Remote Management (WS-Management)
Stopped Windows Time
Stopped Wired AutoConfig
Stopped WMI Performance Adapter
Stopped WWAN AutoConfig
Security Options
Accounts: Administrator account status Disabled
Accounts: Guest account status Disabled
Accounts: Limit local account use of blank passwords to console logon only Enabled
Accounts: Rename administrator account Administrator
Accounts: Rename guest account Guest
Audit: Audit the access of global system objects Disabled
Audit: Audit the use of Backup and Restore privilege Disabled
Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings Not Defined
Audit: Shut down system immediately if unable to log security audits Disabled
DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax Not Defined
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax Not Defined
Devices: Allow undock without having to log on Enabled
Devices: Allowed to format and eject removable media Not Defined
Devices: Prevent users from installing printer drivers Disabled
Devices: Restrict CD-ROM access to locally logged-on user only Not Defined
Devices: Restrict floppy access to locally logged-on user only Not Defined
Domain controller: Allow server operators to schedule tasks Not Defined
Domain controller: LDAP server signing requirements Not Defined
Domain controller: Refuse machine account password changes Not Defined
Domain member: Digitally encrypt or sign secure channel data (always) Enabled
Domain member: Digitally encrypt secure channel data (when possible) Enabled
Domain member: Digitally sign secure channel data (when possible) Enabled
Domain member: Disable machine account password changes Disabled
Domain member: Maximum machine account password age 30 days
Domain member: Require strong (Windows 2000 or later) session key Enabled
Interactive logon: Display user information when the session is locked Not Defined
Interactive logon: Do not display last user name Disabled
Interactive logon: Do not require CTRL+ALT+DEL Not Defined
Interactive logon: Message text for users attempting to log on
Interactive logon: Message title for users attempting to log on
Interactive logon: Number of previous logons to cache (in case domain controller is not available) 10 logons
Interactive logon: Prompt user to change password before expiration 5 days
Interactive logon: Require Domain Controller authentication to unlock workstation Disabled
Interactive logon: Require smart card Disabled
Interactive logon: Smart card removal behavior No Action
Microsoft network client: Digitally sign communications (always) Disabled
Microsoft network client: Digitally sign communications (if server agrees) Enabled
Microsoft network client: Send unencrypted password to third-party SMB servers Disabled
Microsoft network server: Amount of idle time required before suspending session 15 minutes
Microsoft network server: Digitally sign communications (always) Disabled
Microsoft network server: Digitally sign communications (if client agrees) Disabled
Microsoft network server: Disconnect clients when logon hours expire Enabled
Microsoft network server: Server SPN target name validation level Not Defined
Network access: Allow anonymous SID/Name translation Disabled
Network access: Do not allow anonymous enumeration of SAM accounts Enabled
Network access: Do not allow anonymous enumeration of SAM accounts and shares Disabled
Network access: Do not allow storage of passwords and credentials for network authentication Disabled
Network access: Let Everyone permissions apply to anonymous users Disabled
Network access: Named Pipes that can be accessed anonymously
Network access: Remotely accessible registry paths System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion
Network access: Remotely accessible registry paths and sub-paths System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration,Software\Microsoft\Windows NT\CurrentVersion\Perflib,System\CurrentControlSet\Services\SysmonLog
Network access: Restrict anonymous access to Named Pipes and Shares Enabled
Network access: Shares that can be accessed anonymously Not Defined
Network access: Sharing and security model for local accounts Classic - local users authenticate as themselves
Network security: Allow Local System to use computer identity for NTLM Not Defined
Network security: Allow LocalSystem NULL session fallback Not Defined
Network Security: Allow PKU2U authentication requests to this computer to use online identities Not Defined
Network security: Configure encryption types allowed for Kerberos Not Defined
Network security: Do not store LAN Manager hash value on next password change Enabled
Network security: Force logoff when logon hours expire Disabled
Network security: LAN Manager authentication level Not Defined
Network security: LDAP client signing requirements Negotiate signing
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients Require 128-bit encryption
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers Require 128-bit encryption
Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication Not Defined
Network security: Restrict NTLM: Add server exceptions in this domain Not Defined
Network security: Restrict NTLM: Audit Incoming NTLM Traffic Not Defined
Network security: Restrict NTLM: Audit NTLM authentication in this domain Not Defined
Network security: Restrict NTLM: Incoming NTLM traffic Not Defined
Network security: Restrict NTLM: NTLM authentication in this domain Not Defined
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers Not Defined
Recovery console: Allow automatic administrative logon Disabled
Recovery console: Allow floppy copy and access to all drives and all folders Disabled
Shutdown: Allow system to be shut down without having to log on Enabled
Shutdown: Clear virtual memory pagefile Disabled
System cryptography: Force strong key protection for user keys stored on the computer Not Defined
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing Disabled
System objects: Require case insensitivity for non-Windows subsystems Enabled
System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) Enabled
System settings: Optional subsystems Posix
System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies Disabled
User Account Control: Admin Approval Mode for the Built-in Administrator account Disabled
User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop Disabled
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode Prompt for consent for non-Windows binaries
User Account Control: Behavior of the elevation prompt for standard users Prompt for credentials
User Account Control: Detect application installations and prompt for elevation Enabled
User Account Control: Only elevate executables that are signed and validated Disabled
User Account Control: Only elevate UIAccess applications that are installed in secure locations Enabled
User Account Control: Run all administrators in Admin Approval Mode Enabled
User Account Control: Switch to the secure desktop when prompting for elevation Enabled
User Account Control: Virtualize file and registry write failures to per-user locations Enabled
Device Tree
ACPI x64-based PC
Microsoft Watchdog Timer
Microsoft ACPI-Compliant System
Intel Core i3-2330M CPU @ 2.20GHz
Intel Core i3-2330M CPU @ 2.20GHz
Intel Core i3-2330M CPU @ 2.20GHz
Intel Core i3-2330M CPU @ 2.20GHz
ACPI Fan
ACPI Fan
ACPI Thermal Zone
ACPI Lid
System board
Motherboard resources
ACPI Fixed Feature Button
PCI bus
2nd generation Intel Core processor family DRAM Controller - 0104
Intel Management Engine Interface
Intel 6 Series/C200 Series Chipset Family SMBus Controller - 1C22
Motherboard resources
Intel® HD Graphics Family
Generic PnP Monitor
Intel® 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D
USB Root Hub
Generic USB Hub
High Definition Audio Controller
Conexant SmartAudio HD
Intel Display Audio
Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12
Atheros AR9285 Wireless Network Adapter
Intel® 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26
USB Root Hub
Generic USB Hub
USB Mass Storage Device
Seagate FreeAgent Go USB Device
USB Composite Device
Lenovo EasyCamera
Intel® HM65 Express Chipset Family LPC Interface Controller - 1C49
Direct memory access controller
Intel 82802 Firmware Hub Device
High precision event timer
Programmable interrupt controller
Numeric data processor
Motherboard resources
System CMOS/real time clock
System timer
Motherboard resources
ACPI Power Button
ACPI Sleep Button
Microsoft ACPI-Compliant Control Method Battery
Microsoft AC Adapter
Synaptics PS/2 Port TouchPad
Standard PS/2 Keyboard
Microsoft ACPI-Compliant Embedded Controller
Lenovo ACPI-Compliant Virtual Power Controller
Intel® Mobile Express Chipset SATA AHCI Controller
HITACHI HTS547550A9E384
MATSHITA DVD-RAM UJ8B1AS
CPU
Intel Core i3 2330M
Cores 2
Threads 4
Name Intel Core i3 2330M
Code Name Sandy Bridge
Package Socket 988B rPGA
Technology 32nm
Specification Intel Core i3-2330M CPU @ 2.20GHz
Family 6
Extended Family 6
Model A
Extended Model 2A
Stepping 7
Revision D2
Instructions MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, Intel 64, NX, VMX, AVX
Virtualization Supported, Disabled
Hyperthreading Supported, Enabled
Bus Speed 99.8 MHz
Stock Core Speed 2200 MHz
Stock Bus Speed 100 MHz
Average Temperature 45 °C
Caches
L1 Data Cache Size 2 x 32 KBytes
L1 Instructions Cache Size 2 x 32 KBytes
L2 Unified Cache Size 2 x 256 KBytes
L3 Unified Cache Size 3072 KBytes
Core 0
Core Speed 798.3 MHz
Multiplier x 8.0
Bus Speed 99.8 MHz
Temperature 45 °C
Thread 1
APIC ID 0
Thread 2
APIC ID 1
Core 1
Core Speed 798.3 MHz
Multiplier x 8.0
Bus Speed 99.8 MHz
Temperature 45 °C
Thread 1
APIC ID 2
Thread 2
APIC ID 3
RAM
Memory slots
Total memory slots 2
Used memory slots 1
Free memory slots 1
Memory
Type DDR3
Size 4096 MBytes
Channels # Single
DRAM Frequency 665.3 MHz
CAS# Latency (CL) 9 clocks
RAS# to CAS# Delay (tRCD) 9 clocks
RAS# Precharge (tRP) 9 clocks
Cycle Time (tRAS) 24 clocks
Command Rate (CR) 1T
Physical Memory
Memory Usage 55 %
Total Physical 3.95 GB
Available Physical 1.76 GB
Total Virtual 7.89 GB
Available Virtual 5.40 GB
SPD
Number Of SPD Modules 1
Slot #1
Type DDR3
Size 4096 MBytes
Manufacturer Samsung
Max Bandwidth PC3-10700 (667 MHz)
Part Number M471B5273DH0-CH9
Serial Number F12E7C6C
Week/year 25 / 11
SPD Ext. EPP
JEDEC #5
Frequency 685.7 MHz
CAS# Latency 9.0
RAS# To CAS# 9
RAS# Precharge 9
tRAS 25
tRC 34
Voltage 1.500 V
JEDEC #4
Frequency 609.5 MHz
CAS# Latency 8.0
RAS# To CAS# 8
RAS# Precharge 8
tRAS 22
tRC 30
Voltage 1.500 V
JEDEC #3
Frequency 533.3 MHz
CAS# Latency 7.0
RAS# To CAS# 7
RAS# Precharge 7
tRAS 20
tRC 27
Voltage 1.500 V
JEDEC #2
Frequency 457.1 MHz
CAS# Latency 6.0
RAS# To CAS# 6
RAS# Precharge 6
tRAS 17
tRC 23
Voltage 1.500 V
JEDEC #1
Frequency 381.0 MHz
CAS# Latency 5.0
RAS# To CAS# 5
RAS# Precharge 5
tRAS 14
tRC 19
Voltage 1.500 V
Motherboard
Manufacturer LENOVO
Model Base Board Product Name (CPU1)
Version Lenovo G570
Chipset Vendor Intel
Chipset Model Sandy Bridge
Chipset Revision 09
Southbridge Vendor Intel
Southbridge Model HM65
Southbridge Revision 05
BIOS
Brand LENOVO
Version 40CN25WW(V2.11)
Date 29/07/2011
PCI Data
Slot PCI-E x16
Slot Type PCI-E x16
Slot Usage In Use
Data lanes x16
Slot Designation J5C1
Characteristics 3.3V, Shared, PME, Hot Plug
Slot Number 0
Slot PCI-E x4
Slot Type PCI-E x4
Slot Usage In Use
Data lanes x4
Slot Designation J6C1
Characteristics 3.3V, Shared, PME, Hot Plug
Slot Number 1
Slot PCI-E x1
Slot Type PCI-E x1
Slot Usage In Use
Data lanes x1
Slot Designation J6C2
Characteristics 3.3V, Shared, PME, Hot Plug
Slot Number 2
Slot PCI-E x1
Slot Type PCI-E x1
Slot Usage In Use
Data lanes x1
Slot Designation J6D2
Characteristics 3.3V, Shared, PME, Hot Plug
Slot Number 3
Slot PCI-E x1
Slot Type PCI-E x1
Slot Usage In Use
Data lanes x1
Slot Designation J7C1
Characteristics 3.3V, Shared, PME, Hot Plug
Slot Number 4
Slot PCI-E x1
Slot Type PCI-E x1
Slot Usage In Use
Data lanes x1
Slot Designation J7D2
Characteristics 3.3V, Shared, PME, Hot Plug
Slot Number 5
Slot PCI-E x16
Slot Type PCI-E x16
Slot Usage In Use
Data lanes x16
Slot Designation J8C2
Characteristics 3.3V, Shared, PME, Hot Plug
Slot Number 6
Graphics
Monitor
Name Generic PnP Monitor on Intel HD Graphics Family
Current Resolution 1366x768 pixels
Work Resolution 1366x728 pixels
State Enabled, Primary
Monitor Width 1366
Monitor Height 768
Monitor BPP 32 bits per pixel
Monitor Frequency 60 Hz
Device \\.\DISPLAY1\Monitor0
Intel HD Graphics Family
Manufacturer Intel
Model HD Graphics Family
Device ID 8086-0116
Revision A
Subvendor Lenovo (17AA)
Current Performance Level Level 0
Driver version 8.15.10.2342
Count of performance levels : 1
Level 1
Hard Drives
HITACHI HTS547550A9E384
Manufacturer Hitachi
Product Family Travelstar
Series Prefix Standard
Model Capacity For This Specific Drive 500GB
Heads 16
Cylinders 16,383
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA8-ACS
Serial Number J2150050CE141C
LBA Size 48-bit LBA
Power On Count 974 times
Power On Time 160.8 days
Speed 5400 RPM
Features S.M.A.R.T., APM, NCQ
Transfer Mode SATA II
Interface SATA
Capacity 466 GB
Real size 500,107,862,016 bytes
RAID Type None
S.M.A.R.T
Status Good
Temperature 34 °C
Temperature Range OK (less than 50 °C)
01 Read Error Rate 100 (100) Data 0000000000
02 Throughput Performance 100 (100) Data 0000000000
03 Spin-Up Time 217 (217) Data 0000000001
04 Start/Stop Count 100 (100) Data 00000003CE
05 Reallocated Sectors Count 094 (094) Data 0000000000
07 Seek Error Rate 100 (100) Data 0000000000
08 Seek Time Performance 100 (100) Data 0000000000
09 Power-On Hours (POH) 092 (092) Data 0000000F12
0A Spin Retry Count 100 (100) Data 0000000000
0C Device Power Cycle Count 100 (100) Data 00000003CE
BF G-sense error rate 100 (100) Data 0000000000
C0 Power-off Retract Count 100 (100) Data 0000000019
C1 Load/Unload Cycle Count 080 (080) Data 0000032272
C2 Temperature 176 (176) Data 00000B0022
C4 Reallocation Event Count 074 (074) Data 0000000317
C5 Current Pending Sector Count 093 (093) Data 0000000188
C6 Uncorrectable Sector Count 100 (100) Data 0000000000
C7 UltraDMA CRC Error Count 200 (200) Data 0000000000
DF Load/Unload Retry Count 100 (100) Data 0000000000
Partition 0
Partition ID Disk #0, Partition #0
Size 200 MB
Partition 1
Partition ID Disk #0, Partition #1
Disk Letter C:
File System NTFS
Volume Serial Number F642AEC9
Size 422 GB
Used Space 31.2 GB (8%)
Free Space 391 GB (92%)
Partition 2
Partition ID Disk #0, Partition #2
Disk Letter D:
File System NTFS
Volume Serial Number 788FDB31
Size 29.0 GB
Used Space 1.42 GB (5%)
Free Space 27.6 GB (95%)
Partition 3
Partition ID Disk #0, Partition #3
Size 14.7 GB
Optical Drives
MATSHITA DVD-RAM UJ8B1AS
Media Type DVD Writer
Name MATSHITA DVD-RAM UJ8B1AS
Availability Running/Full Power
Capabilities Random Access, Supports Writing, Supports Removable Media
Read capabilities CD-R, CD-RW, CD-ROM, DVD-RAM, DVD-ROM, DVD-R, DVD-RW, DVD+R, DVD+RW, DVD-R DL, DVD+R DL
Write capabilities CD-R, CD-RW, DVD-RAM, DVD-R, DVD-RW, DVD+R, DVD+RW, DVD-R DL, DVD+R DL
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive F:
Media Loaded TRUE
SCSI Bus 0
SCSI Logical Unit 0
SCSI Port 0
SCSI Target Id 1
Size
Status OK
Volume Name Audio CD
Volume Serial Number FD9502
Audio
Sound Cards
Conexant SmartAudio HD
Intel Display Audio
Playback Device
Speakers (Conexant SmartAudio HD)
Recording Devices
Stereo Mix (Conexant SmartAudio HD)
Internal Microphone (Conexant SmartAudio HD) (default)
Peripherals
Standard PS/2 Keyboard
Device Kind Keyboard
Device Name Standard PS/2 Keyboard
Vendor (Standard keyboards)
Location plugged into keyboard port
Driver
Date 6-21-2006
Version 6.1.7601.17514
File C:\windows\system32\DRIVERS\i8042prt.sys
File C:\windows\system32\DRIVERS\kbdclass.sys
Synaptics PS/2 Port TouchPad
Device Kind Mouse
Device Name Synaptics PS/2 Port TouchPad
Vendor Synaptics
Location plugged into PS/2 mouse port
Driver
Date 4-7-2011
Version 15.3.0.0
File C:\windows\system32\DRIVERS\SynTP.sys
File C:\windows\system32\SynTPAPI.dll
File C:\windows\system32\SynCOM.dll
File C:\windows\system32\SynCtrl.dll
File C:\Program Files\Synaptics\SynTP\SynTPRes.dll
File C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
File C:\Program Files\Synaptics\SynTP\SynCntxt.rtf
File C:\Program Files\Synaptics\SynTP\SynZMetr.exe
File C:\Program Files\Synaptics\SynTP\SynMood.exe
File C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
File C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
File C:\Program Files\Synaptics\SynTP\SynTPCOM.dll
File C:\Program Files\Synaptics\SynTP\Tutorial.exe
File C:\Program Files\Synaptics\SynTP\InstNT.exe
File C:\Program Files\Synaptics\SynTP\SynISDLL.dll
File C:\Program Files\Synaptics\SynTP\SynUnst.ini
File C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
File C:\Program Files\Synaptics\SynTP\SynPivotRotate.mpg
File C:\Program Files\Synaptics\SynTP\SynChiralRotate.mpg
File C:\Program Files\Synaptics\SynTP\SynFlick.mpg
File C:\Program Files\Synaptics\SynTP\SynPinch.mpg
File C:\Program Files\Synaptics\SynTP\SynMomentum.mpg
File C:\Program Files\Synaptics\SynTP\SynLinearVHScroll.mpg
File C:\Program Files\Synaptics\SynTP\SynChiralVHScroll.mpg
File C:\Program Files\Synaptics\SynTP\SynTwoFingerVHScroll.mpg
File C:\Program Files\Synaptics\SynTP\SynPivotRotate_ChiralRotate.mpg
File C:\Program Files\Synaptics\SynTP\SynThreeFingerFlick.mpg
File C:\Program Files\Synaptics\SynTP\SynThreeFingersDown.mpg
File C:\Program Files\Synaptics\SynTP\SynTwistRotate.mpg
File C:\Program Files\Synaptics\SynTP\SynChiralTwistRotate.mpg
File C:\Program Files\Synaptics\SynTP\SynLinearVScroll.mpg
File C:\windows\SysWOW64\SynCOM.dll
File C:\windows\SysWOW64\SynCtrl.dll
File C:\windows\SysWOW64\SynTPCOM.dll
File C:\windows\SysWOW64\SynTPEnhPS.dll
File C:\windows\system32\DRIVERS\i8042prt.sys
File C:\windows\system32\DRIVERS\mouclass.sys
File C:\windows\system32\SynTPCo9.dll
File C:\windows\system32\WdfCoInstaller01009.dll
Lenovo EasyCamera
Device Kind Camera/scanner
Device Name Lenovo EasyCamera
Vendor Chicony Electronics Co Ltd
Comment Lenovo EasyCamera
Location 0000.001d.0000.001.006.000.000.000.000
Driver
Date 6-16-2011
Version 13.11.616.1
File C:\windows\System32\Drivers\vm331avs.sys
File C:\windows\System32\Drivers\vmuvcflt.sys
File C:\windows\System\vm331avs.rsf
File C:\windows\SysWOW64\vmprp331.ax
File C:\windows\SysWOW64\vm331Rmv.ini
File C:\windows\SysWOW64\Reg331Unstal.dll
File C:\windows\System32\vmprp331x64.ax
File C:\windows\twain_32\VM331\VM331TWN.DS
File C:\windows\twain_32\VM331\vm331.lrc
File C:\Program Files (x86)\USB Camera\VM331_STI.EXE
File C:\Program Files (x86)\USB Camera\vm331Rmv.exe
File C:\Program Files (x86)\USB Camera\vm331Rmv.ini
File C:\Program Files (x86)\USB Camera\uninstall.iss
File C:\windows\vm331Rmv.ini
File C:\windows\Reg331Unstal.dll
File C:\windows\twain_32\VM331\1028.lrc
File C:\windows\twain_32\VM331\1033.lrc
File C:\windows\twain_32\VM331\2052.lrc
File C:\windows\twain_32\VM331\3076.lrc
File C:\windows\system32\VmCoinst.dll
Disk drive
Device Kind USB storage
Device Name Disk drive
Vendor SEAGATE
Comment Seagate FreeAgent Go USB Device
Location USB Mass Storage Device
Driver
Date 6-21-2006
Version 6.1.7600.16385
File C:\windows\system32\DRIVERS\disk.sys
Printers
Fax
Printer Port SHRFAX:
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 200 * 200 dpi Monochrome
Status Unknown
Driver
Driver Name Microsoft Shared Fax Driver (v4.00)
Driver Path C:\windows\system32\spool\DRIVERS\x64\3\FXSDRV.DLL
Microsoft XPS Document Writer (Default Printer)
Printer Port XPSPort:
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name Microsoft XPS Document Writer (v6.00)
Driver Path C:\windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll
Network
You are connected to the internet
Connected through Atheros AR9285 Wireless Network Adapter
IP Address 192.168.0.2
Subnet mask 255.255.255.0
Gateway server 192.168.0.1
Preferred DNS server 192.168.0.1
DHCP Enabled
DHCP server 192.168.0.1
External IP Address 94.2.230.184
Adapter Type IEEE 802.11 wireless
NetBIOS over TCP/IP Enabled via DHCP
NETBIOS Node Type Hybrid node
Link Speed 0 Bps
Computer Name
NetBIOS Name STUART-PC
DNS Name Stuart-PC
Membership Part of workgroup
Workgroup WORKGROUP
Remote Desktop
Disabled
Console
State Active
Domain Stuart-PC
WinInet Info
LAN Connection
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info
Using native Wi-Fi API version 2
Available access points count 1
Wi-Fi (SKYC105D)
SSID SKYC105D
Frequency 2412000 kHz
Channel Number 1
Name SKYC105D
Signal Strength/Quality 100
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags Currently Connected to this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout (ms) 60,000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout (ms) 30,000
IEProxy Auto Detect No
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Sharing and Discovery
Network Discovery Enabled
File and Printer Sharing Enabled
File and printer sharing service Enabled
Simple File Sharing Enabled
Administrative Shares Enabled
Network access: Sharing and security model for local accounts Classic - local users authenticate as themselves
Adapters List
Atheros AR9285 Wireless Network Adapter
IP Address 192.168.0.2
Subnet mask 255.255.255.0
Gateway server 192.168.0.1
MAC Address D0-DF-9A-E4-E5-97
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
IP Address 0.0.0.0
Subnet mask 0.0.0.0
Gateway server 0.0.0.0
MAC Address B8-70-F4-38-FC-AE
Network Shares
Users C:\Users
Current TCP Connections
avp.exe (1416)
Local 0.0.0.0:1110 LISTEN
Local 0.0.0.0:1111 LISTEN
Local 127.0.0.1:1110 ESTABLISHED Remote 127.0.0.1:50691 (Querying... )
Local 127.0.0.1:1110 ESTABLISHED Remote 127.0.0.1:50735 (Querying... )
Local 127.0.0.1:1110 ESTABLISHED Remote 127.0.0.1:50789 (Querying... )
Local 127.0.0.1:1110 ESTABLISHED Remote 127.0.0.1:50793 (Querying... )
Local 127.0.0.1:1110 ESTABLISHED Remote 127.0.0.1:50800 (Querying... )
Local 127.0.0.1:1110 ESTABLISHED Remote 127.0.0.1:50891 (Querying... )
Local 127.0.0.1:1110 ESTABLISHED Remote 127.0.0.1:49641 (Querying... )
Local 192.168.0.2:50692 ESTABLISHED Remote 108.168.208.206:80 (Querying... ) (HTTP)
Local 192.168.0.2:50736 ESTABLISHED Remote 173.194.41.164:443 (Querying... ) (HTTPS)
Local 192.168.0.2:50892 ESTABLISHED Remote 83.149.126.218:80 (Querying... ) (HTTP)
Local 192.168.0.2:49642 ESTABLISHED Remote 88.198.67.166:443 (Querying... ) (HTTPS)
Local 192.168.0.2:50790 ESTABLISHED Remote 74.125.132.84:443 (Querying... ) (HTTPS)
Local 192.168.0.2:50794 ESTABLISHED Remote 173.194.41.79:443 (Querying... ) (HTTPS)
Local 192.168.0.2:50801 ESTABLISHED Remote 173.194.34.74:443 (Querying... ) (HTTPS)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (4928)
Local 127.0.0.1:50789 ESTABLISHED Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:50793 ESTABLISHED Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:50800 ESTABLISHED Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:50891 ESTABLISHED Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:49212 ESTABLISHED Remote 127.0.0.1:49213 (Querying... )
Local 127.0.0.1:49213 ESTABLISHED Remote 127.0.0.1:49212 (Querying... )
Local 127.0.0.1:49641 ESTABLISHED Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:50691 ESTABLISHED Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:50735 ESTABLISHED Remote 127.0.0.1:1110 (Querying... )
C:\Users\Stuart\AppData\Roaming\Dropbox\bin\Dropbox.exe (2932)
Local 127.0.0.1:49159 ESTABLISHED Remote 127.0.0.1:19872 (Querying... )
Local 0.0.0.0:17500 LISTEN
Local 192.168.0.2:49165 ESTABLISHED Remote 108.160.162.46:80 (Querying... ) (HTTP)
Local 127.0.0.1:19872 ESTABLISHED Remote 127.0.0.1:49159 (Querying... )
lsass.exe (688)
Local 0.0.0.0:49156 LISTEN
services.exe (664)
Local 0.0.0.0:49155 LISTEN
svchost.exe (1008)
Local 0.0.0.0:49154 LISTEN
svchost.exe (868)
Local 0.0.0.0:135 (DCE) LISTEN
svchost.exe (932)
Local 0.0.0.0:49153 LISTEN
System Process
Local 127.0.0.1:1110 TIME-WAIT Remote 127.0.0.1:50906 (Querying... )
Local 192.168.0.2:50726 TIME-WAIT Remote 173.194.41.173:80 (Querying... ) (HTTP)
Local 192.168.0.2:50744 TIME-WAIT Remote 95.100.145.224:443 (Querying... ) (HTTPS)
Local 192.168.0.2:50748 TIME-WAIT Remote 173.194.41.67:80 (Querying... ) (HTTP)
Local 192.168.0.2:50783 TIME-WAIT Remote 199.7.55.72:80 (Querying... ) (HTTP)
Local 192.168.0.2:50803 TIME-WAIT Remote 31.13.72.1:80 (Querying... ) (HTTP)
Local 192.168.0.2:50838 TIME-WAIT Remote 93.184.220.196:80 (Querying... ) (HTTP)
Local 192.168.0.2:50850 TIME-WAIT Remote 108.161.189.3:80 (Querying... ) (HTTP)
Local 192.168.0.2:50856 TIME-WAIT Remote 176.255.203.185:80 (Querying... ) (HTTP)
Local 192.168.0.2:50857 TIME-WAIT Remote 88.221.38.110:443 (Querying... ) (HTTPS)
Local 192.168.0.2:50859 TIME-WAIT Remote 54.230.3.67:80 (Querying... ) (HTTP)
Local 192.168.0.2:50881 TIME-WAIT Remote 185.31.19.196:80 (Querying... ) (HTTP)
Local 192.168.0.2:50883 TIME-WAIT Remote 176.255.203.209:80 (Querying... ) (HTTP)
Local 192.168.0.2:50887 TIME-WAIT Remote 173.194.33.15:80 (Querying... ) (HTTP)
Local 127.0.0.1:50898 TIME-WAIT Remote 127.0.0.1:1111 (Querying... )
Local 192.168.0.2:50889 TIME-WAIT Remote 173.194.33.15:80 (Querying... ) (HTTP)
Local 127.0.0.1:1110 TIME-WAIT Remote 127.0.0.1:50707 (Querying... )
Local 127.0.0.1:1110 TIME-WAIT Remote 127.0.0.1:50708 (Querying... )
Local 127.0.0.1:1110 TIME-WAIT Remote 127.0.0.1:50709 (Querying... )
Local 192.168.0.2:50893 TIME-WAIT Remote 62.128.100.106:443 (Querying... ) (HTTPS)
Local 127.0.0.1:1110 TIME-WAIT Remote 127.0.0.1:50741 (Querying... )
Local 127.0.0.1:1110 TIME-WAIT Remote 127.0.0.1:50745 (Querying... )
Local 192.168.0.2:50899 TIME-WAIT Remote 81.19.104.72:443 (Querying... ) (HTTPS)
Local 192.168.0.2:50903 TIME-WAIT Remote 62.128.100.106:443 (Querying... ) (HTTPS)
Local 192.168.0.2:50912 TIME-WAIT Remote 108.161.189.3:80 (Querying... ) (HTTP)
Local 127.0.0.1:1110 TIME-WAIT Remote 127.0.0.1:50884 (Querying... )
Local 192.168.0.2:50913 TIME-WAIT Remote 108.161.189.3:80 (Querying... ) (HTTP)
Local 127.0.0.1:1110 TIME-WAIT Remote 127.0.0.1:50904 (Querying... )
Local 192.168.0.2:50915 TIME-WAIT Remote 108.161.189.3:80 (Querying... ) (HTTP)
Local 192.168.0.2:50916 TIME-WAIT Remote 62.128.100.106:443 (Querying... ) (HTTPS)
Local 192.168.0.2:50917 TIME-WAIT Remote 62.128.100.106:443 (Querying... ) (HTTPS)
Local 192.168.0.2:50918 TIME-WAIT Remote 81.19.104.72:443 (Querying... ) (HTTPS)
Local 192.168.0.2:50920 TIME-WAIT Remote 81.19.104.72:443 (Querying... ) (HTTPS)
Local 192.168.0.2:50924 TIME-WAIT Remote 199.7.59.72:80 (Querying... ) (HTTP)
Local 192.168.0.2:50925 TIME-WAIT Remote 81.19.104.72:443 (Querying... ) (HTTPS)
Local 127.0.0.1:50693 TIME-WAIT Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:50710 TIME-WAIT Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:50723 TIME-WAIT Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:50725 TIME-WAIT Remote 127.0.0.1:1110 (Querying... )
Local 192.168.0.2:50926 TIME-WAIT Remote 81.19.104.72:443 (Querying... ) (HTTPS)
Local 127.0.0.1:50747 TIME-WAIT Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:50782 TIME-WAIT Remote 127.0.0.1:1110 (Querying... )
Local 192.168.0.2:50928 TIME-WAIT Remote 108.171.164.205:80 (Querying... ) (HTTP)
Local 192.168.0.2:50929 TIME-WAIT Remote 62.128.100.106:443 (Querying... ) (HTTPS)
Local 192.168.0.2:50932 TIME-WAIT Remote 81.19.104.72:443 (Querying... ) (HTTPS)
Local 127.0.0.1:50802 TIME-WAIT Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:50837 TIME-WAIT Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:50849 TIME-WAIT Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:50854 TIME-WAIT Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:50858 TIME-WAIT Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:50880 TIME-WAIT Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:50882 TIME-WAIT Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:50886 TIME-WAIT Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:50888 TIME-WAIT Remote 127.0.0.1:1110 (Querying... )
Local 192.168.0.2:50934 TIME-WAIT Remote 81.19.104.72:443 (Querying... ) (HTTPS)
Local 127.0.0.1:50894 TIME-WAIT Remote 127.0.0.1:1111 (Querying... )
Local 127.0.0.1:50895 TIME-WAIT Remote 127.0.0.1:1111 (Querying... )
Local 127.0.0.1:50896 TIME-WAIT Remote 127.0.0.1:1111 (Querying... )
Local 127.0.0.1:50897 TIME-WAIT Remote 127.0.0.1:1111 (Querying... )
Local 192.168.0.2:50911 TIME-WAIT Remote 108.161.189.3:80 (Querying... ) (HTTP)
Local 127.0.0.1:50900 TIME-WAIT Remote 127.0.0.1:1111 (Querying... )
Local 127.0.0.1:50901 TIME-WAIT Remote 127.0.0.1:1111 (Querying... )
Local 127.0.0.1:50902 TIME-WAIT Remote 127.0.0.1:1111 (Querying... )
Local 127.0.0.1:50907 TIME-WAIT Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:50909 TIME-WAIT Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:50910 TIME-WAIT Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:50914 TIME-WAIT Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:50919 TIME-WAIT Remote 127.0.0.1:1111 (Querying... )
Local 127.0.0.1:50921 TIME-WAIT Remote 127.0.0.1:1111 (Querying... )
Local 127.0.0.1:50922 TIME-WAIT Remote 127.0.0.1:1111 (Querying... )
Local 127.0.0.1:50923 TIME-WAIT Remote 127.0.0.1:1110 (Querying... )
Local 127.0.0.1:50930 TIME-WAIT Remote 127.0.0.1:1111 (Querying... )
Local 127.0.0.1:50931 TIME-WAIT Remote 127.0.0.1:1111 (Querying... )
Local 127.0.0.1:50933 TIME-WAIT Remote 127.0.0.1:1111 (Querying... )
Local 192.168.0.2:50694 TIME-WAIT Remote 173.194.78.95:80 (Querying... ) (HTTP)
Local 192.168.0.2:50714 TIME-WAIT Remote 23.198.49.224:80 (Querying... ) (HTTP)
Local 192.168.0.2:50724 TIME-WAIT Remote 23.198.47.139:80 (Querying... ) (HTTP)
System Process
Local 0.0.0.0:445 (Windows shares) LISTEN
Local 0.0.0.0:2869 LISTEN
Local 0.0.0.0:5357 LISTEN
Local 0.0.0.0:10243 LISTEN
Local 192.168.0.2:139 (NetBIOS session service) LISTEN
wininit.exe (600)
Local 0.0.0.0:49152 LISTEN
wmpnetwk.exe (3412)
Local 0.0.0.0:554 LISTEN
Generated with Speccy v1.23.569


System Idle Process output:

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 95.99 0 K 24 K 0
procexp64.exe 1.76 28,112 K 48,064 K 3400 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
Interrupts 0.50 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 0.38 61,928 K 55,148 K 1728 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.34 4,672 K 9,520 K 796 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 0.24 5,160 K 12,856 K 688 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
SynTPEnh.exe 0.19 9,440 K 15,352 K 2836 Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
csrss.exe 0.15 3,332 K 33,140 K 632 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
VM331_STI.EXE 0.09 25,316 K 6,012 K 2852 VM331 StiMnt Vimicro (Verified) Microsoft Windows Hardware Compatibility Publisher
firefox.exe 0.07 292,972 K 338,544 K 4928 Firefox Mozilla Corporation (Verified) Mozilla Corporation
System 0.07 504 K 11,668 K 4
avp.exe 0.04 280,620 K 65,548 K 1416 Kaspersky Anti-Virus Kaspersky Lab ZAO (Verified) Kaspersky Lab
LMS.exe 0.04 2,808 K 5,244 K 2280 Local Manageability Service Intel Corporation (Verified) Intel Corporation
svchost.exe 0.04 7,808 K 20,504 K 2572 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
IAStorDataMgrSvc.exe 0.03 22,312 K 16,756 K 3984 IAStorDataSvc Intel Corporation (Verified) Intel Corporation
explorer.exe 0.02 33,244 K 57,144 K 1796 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 0.01 19,604 K 15,920 K 2768 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
mbamgui.exe < 0.01 2,960 K 7,444 K 2012 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
wmpnetwk.exe < 0.01 9,732 K 10,900 K 3412 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 10,028 K 17,636 K 560 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 16,248 K 17,276 K 1104 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE < 0.01 7,368 K 14,720 K 4696 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
YCMMirage.exe < 0.01 1,704 K 5,748 K 3064 YouCam Mirage CyberLink (Verified) CyberLink
GoogleToolbarNotifier.exe < 0.01 2,644 K 2,484 K 2772 GoogleToolbarNotifier Google Inc. (Verified) Google Inc
svchost.exe < 0.01 11,092 K 14,504 K 3884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 26,916 K 43,608 K 1008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
IAStorIcon.exe < 0.01 25,160 K 22,496 K 2672 IAStorIcon Intel Corporation (Verified) Intel Corporation
csrss.exe < 0.01 2,672 K 5,036 K 516 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
aswmbr.exe < 0.01 118,992 K 283,296 K 3856 avast! Antirootkit AVAST Software (No signature was present in the subject) AVAST Software
Dropbox.exe < 0.01 61,756 K 74,024 K 2932 Dropbox Dropbox, Inc. (Verified) Dropbox
wuauclt.exe 2,556 K 7,188 K 3600 Windows Update Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 9,796 K 11,772 K 3368 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 1,516 K 3,472 K 4264 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 3,308 K 7,504 K 440 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,668 K 4,612 K 600 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
utility.exe 9,592 K 13,528 K 2624 Lenovo Battery Management Software Ver 6.0 Lenovo(beijing) Limited (Verified) Lenovo (Beijing) Limited
UNS.exe 3,412 K 7,532 K 4820 User Notification Service Intel Corporation (Verified) Intel Corporation
taskhost.exe 3,664 K 7,964 K 1652 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 2,012 K 5,340 K 4596 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 1,572 K 3,640 K 2856 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 131,412 K 142,060 K 964 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 37,428 K 38,152 K 1288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 38,564 K 24,600 K 4344 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 19,284 K 22,544 K 932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,860 K 8,636 K 868 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,400 K 5,804 K 2484 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
stxmenumgr.exe 2,496 K 7,056 K 3008 FreeAgent™ Launcher Seagate LLC (Verified) Seagate Technology
spoolsv.exe 7,872 K 12,828 K 1260 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 568 K 1,208 K 396 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 5,964 K 9,720 K 664 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe 2,392 K 7,024 K 2124 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 2,632 K 7,624 K 3532 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PManage.exe 1,992 K 6,716 K 2540 VeriFace Tray Icon Manager Lenovo (Verified) Lenovo (Beijing) Limited
mbamservice.exe 121,944 K 119,884 K 1092 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamscheduler.exe 2,136 K 5,684 K 1972 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
lsm.exe 2,676 K 4,388 K 696 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
igfxtray.exe 3,316 K 7,488 K 2084 igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 4,068 K 10,148 K 2596 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
hkcmd.exe 3,064 K 7,256 K 2332 hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
FreeAgentService.exe 4,424 K 7,320 K 1496 Sync Windows Services Seagate Technology LLC (Verified) Seagate Technology
Energy Management.exe 6,256 K 12,092 K 2508 Lenovo Energy Management Software 6.0 Lenovo (Beijing) Limited (Verified) Lenovo (Beijing) Limited
dllhost.exe 2,736 K 7,348 K 4008 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
avpui.exe 74,076 K 3,060 K 1868 Kaspersky Anti-Virus Kaspersky Lab ZAO (Verified) Kaspersky Lab
armsvc.exe 1,224 K 3,880 K 1392 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems


VEW:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 09/09/2013 19:59:19

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/09/2013 18:03:58
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/09/2013 18:03:13
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.


Thanks again for your help.

Stuart
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,026 posts
  • MVP
Not seeing much. You do have that foistware, McAfee Security Scan and it's broken so there may be a 30 second delay in boot from that. See if you can uninstall it.

Is it still slow? Process Explorer says it is running normally. Speccy says the hard drive is good and the temps are good. What exactly is slow? Booting? Browsing? Firefox startup? Other?

You have an add-on in Firefox I am not familiar with:

FF - prefs.js..extensions.enabledAddons: %7Be5bbc237-c99b-4ced-a061-0be27703295f%7D:1.1
&
[2013/09/07 21:30:49 | 000,013,041 | ---- | M] () (No name found) -- C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\172wdz9i.default\extensions\{e5bbc237-c99b-4ced-a061-0be27703295f}.xpi

Judging by the time stamp it is probably nothing more than Adobe Flash.


Go to http://www.speedtest.net/ and click on Begin Test

When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v
  • 0

#5
FXRStuarty

FXRStuarty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Thanks for your prompt response.

Carried out the test and the link is pasted below.

Posted Image

Regarding my "slow" comment. This related to booting the laptop. It seemed to hang at the Welcome screen and the little animated circle would stop turning for a good few seconds.

Things do seem to have improved.

Regarding the unfamiliar Firefox addon. Firefox now opens in Tabs which I do not like. I prefer to work in new windows. The addon from Firefox basically makes one big tab which stretches across the page giving the appearance of a single window. This may not be the unusual string to which you refer.

Do you have any thoughts on my use of the memory stick I referred to in my last reply? I was using it at college today and strange things happened. For instance, I could not open a folder held on that drive. A double click on a folder would open the folder Properties. I tried attaching a file from the stick to an email. I could navigate to the stick and relevant folder and it would open without problem.

I also noticed, with the stick inserted, pressing the UP arrow key made the screen flip through 90 degrees. Very odd.

Again, thanks for your assistance.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,026 posts
  • MVP
Sometimes the slowness during boot is caused by a poor video driver so you might want to check with your PC maker to see if they have a dew video or graphics driver.

We can also turn on the boot log and then reboot and then look at the log and see if there is anything odd going on.

http://www.techrepub...lp-of-msconfig/

As for the USB drive:

Plug in the USB drive and then run OTL, quickscan and post the log. Also tell me which drive letter the drive gets assigned.
  • 0

#7
FXRStuarty

FXRStuarty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Ron,

I have CnP the output from the OTL scan (1st below) and ntbtlog.

The external drives are G: for the memory stick and I also have an external HD which is on E:

OTL output

OTL logfile created on: 9/10/2013 3:35:48 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stuart\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.95 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 66.19% Memory free
7.89 Gb Paging File | 6.23 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 390.68 Gb Free Space | 92.62% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 27.58 Gb Free Space | 95.11% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 69.05 Gb Free Space | 14.82% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 3.74 Gb Total Space | 3.73 Gb Free Space | 99.80% Space Free | Partition Type: FAT32

Computer Name: STUART-PC | User Name: Stuart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/08 12:05:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stuart\Downloads\OTL.exe
PRC - [2013/08/23 15:27:42 | 000,984,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
PRC - [2013/06/17 12:35:50 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
PRC - [2013/06/05 18:28:40 | 027,370,808 | ---- | M] (Dropbox, Inc.) -- C:\Users\Stuart\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/08/23 01:34:17 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011/06/15 12:46:52 | 000,548,864 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331_STI.EXE
PRC - [2011/02/18 09:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/02/18 09:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/29 00:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/12/21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/08 12:24:40 | 000,253,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\21482b114917a59206b0620314337000\WindowsFormsIntegration.ni.dll
MOD - [2013/09/08 12:23:40 | 018,101,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\93af19a4306a6361c5a5f1c5ed38aeef\System.ServiceModel.ni.dll
MOD - [2013/09/08 12:21:04 | 001,801,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\44d87641535e186f4a7fc9c469bc73dd\System.Xaml.ni.dll
MOD - [2013/09/08 11:57:38 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\aabbed019df19cbda3b3dfb80fa98bf0\IAStorUtil.ni.dll
MOD - [2013/09/08 11:57:38 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\8fae59a3cc25d36da6f7f85ef16e441c\IAStorCommon.ni.dll
MOD - [2013/09/08 11:11:12 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\dd8f4efb7e81c75fe444a180f6f1aacf\System.Runtime.Remoting.ni.dll
MOD - [2013/09/08 11:10:30 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/09/08 11:10:23 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/09/08 11:10:09 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
MOD - [2013/09/08 11:10:04 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/09/08 11:10:00 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/09/08 11:09:59 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/09/08 11:09:36 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/09/08 10:54:59 | 018,003,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d013570491e3ed864b97675527fdd9d8\PresentationFramework.ni.dll
MOD - [2013/09/08 10:54:45 | 011,451,904 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9ea1cf89cf1897b6b2eeee51ef39b6b9\PresentationCore.ni.dll
MOD - [2013/09/08 10:54:43 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4f02f7d34c4fd0dc58ce1dffb5b424f9\PresentationFramework.Aero.ni.dll
MOD - [2013/09/08 10:54:34 | 007,053,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\3c2edeaaa3e117b0375bacf8fd971b1e\System.Core.ni.dll
MOD - [2013/09/08 10:54:31 | 003,858,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\bc21753d988d4f70f77cd2febb84833c\WindowsBase.ni.dll
MOD - [2013/09/08 10:54:29 | 005,628,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\0835155203a99b6a9bb540629920da0d\System.Xml.ni.dll
MOD - [2013/09/08 10:54:25 | 001,014,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\da18beba41f700dd4c71a3f5464c4342\System.Configuration.ni.dll
MOD - [2013/09/08 10:54:24 | 009,099,776 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\fc16a5cafc433e6d942e9bd5b14fbeaf\System.ni.dll
MOD - [2013/09/08 10:54:18 | 014,418,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c799474a067f07ef3a167d75029fa012\mscorlib.ni.dll
MOD - [2013/06/17 12:35:10 | 000,478,400 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
MOD - [2013/03/13 21:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Stuart\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/14 00:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Stuart\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/08/23 01:34:16 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/08/14 18:55:29 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/17 12:35:50 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe -- (AVP)
SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/08/23 01:27:00 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2011/02/18 09:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/23 15:27:40 | 000,619,616 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/06/10 12:27:56 | 000,030,304 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2013/06/06 17:38:20 | 000,178,784 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/05/14 17:34:44 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/05/06 09:22:22 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2013/05/05 22:42:12 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2013/05/05 22:42:06 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/04/12 15:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/23 01:44:01 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011/08/23 01:43:58 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011/08/23 01:41:28 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011/08/23 01:41:28 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011/08/22 16:51:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/08/22 16:51:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/15 04:51:18 | 000,250,752 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2011/04/08 02:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/25 11:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/02/18 09:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/02/14 05:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/29 00:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/11/24 12:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/21 07:57:30 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 18:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/30 09:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/08/16 10:28:50 | 000,008,320 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmuvcflt.sys -- (vmuvcflt)
DRV:64bit: - [2009/07/21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7LENN_enGB552
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledAddons: %7Be5bbc237-c99b-4ced-a061-0be27703295f%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected] [2013/09/07 22:53:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected] [2013/09/07 22:53:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected] [2013/09/07 22:52:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/09/07 21:22:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stuart\AppData\Roaming\Mozilla\Extensions
[2013/09/08 10:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\172wdz9i.default\extensions
[2013/09/07 23:34:53 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\172wdz9i.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2013/09/08 10:02:41 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\172wdz9i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/09/07 21:30:49 | 000,013,041 | ---- | M] () (No name found) -- C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\172wdz9i.default\extensions\{e5bbc237-c99b-4ced-a061-0be27703295f}.xpi
[2013/09/07 21:21:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/07 21:21:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========


O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stuart\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{359F6B77-108A-4E4F-AFEA-FADBDB8C108A}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/04/07 19:37:40 | 000,000,062 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/10 15:24:06 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013/09/09 19:54:31 | 000,000,000 | ---D | C] -- C:\Users\Stuart\Documents\Virus Help
[2013/09/09 18:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2013/09/09 18:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/09/08 16:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2013/09/08 16:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate
[2013/09/08 16:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2013/09/08 16:12:34 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Dropbox
[2013/09/08 16:11:27 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013/09/08 16:10:57 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Dropbox
[2013/09/08 15:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/09/08 15:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/09/08 15:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/09/08 15:52:52 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Adobe
[2013/09/08 15:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/09/08 15:36:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2013/09/08 15:36:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2013/09/08 15:36:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/09/08 15:36:18 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2013/09/08 15:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/09/08 15:33:29 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Microsoft Help
[2013/09/08 15:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/09/08 15:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/09/08 15:33:01 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/09/08 14:41:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom DesktopSuite
[2013/09/08 14:32:14 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Downloaded Installations
[2013/09/08 14:32:07 | 000,000,000 | -HSD | C] -- C:\windows\ftpcache
[2013/09/08 10:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/09/08 10:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/09/08 10:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/09/08 00:04:10 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Malwarebytes
[2013/09/08 00:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/08 00:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/08 00:03:55 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/09/08 00:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/08 00:03:13 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Programs
[2013/09/07 23:45:21 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\SoftGrid Client
[2013/09/07 23:45:21 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\SoftGrid Client
[2013/09/07 23:43:32 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\TP
[2013/09/07 23:42:54 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013/09/07 23:42:42 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\IrfanView
[2013/09/07 23:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2013/09/07 22:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
[2013/09/07 22:53:20 | 000,110,176 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\klfphc.dll
[2013/09/07 22:52:52 | 000,000,000 | ---D | C] -- C:\windows\ELAMBKUP
[2013/09/07 22:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/09/07 22:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/09/07 22:52:41 | 000,619,616 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klif.sys
[2013/09/07 22:52:41 | 000,112,224 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klflt.sys
[2013/09/07 22:43:00 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT
[2013/09/07 22:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/09/07 22:02:29 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/09/07 21:32:59 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Macromedia
[2013/09/07 21:32:59 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Macromedia
[2013/09/07 21:32:59 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Adobe
[2013/09/07 21:29:35 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2013/09/07 21:22:26 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Mozilla
[2013/09/07 21:22:26 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Mozilla
[2013/09/07 21:21:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/09/07 21:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/09/07 21:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/07 21:09:37 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Google
[2013/09/07 21:09:36 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Google
[2013/09/07 21:08:59 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Intel Corporation
[2013/09/07 21:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Energy Management
[2013/09/07 21:08:04 | 000,000,000 | R--D | C] -- C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/09/07 21:08:04 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Searches
[2013/09/07 21:08:04 | 000,000,000 | R--D | C] -- C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/09/07 21:08:04 | 000,000,000 | -H-D | C] -- C:\Users\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/09/07 21:07:55 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Identities
[2013/09/07 21:07:50 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Contacts
[2013/09/07 21:07:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/07 21:07:47 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\VirtualStore
[2013/09/07 21:07:27 | 000,000,000 | --SD | C] -- C:\Users\Stuart\AppData\Roaming\Microsoft
[2013/09/07 21:07:27 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Videos
[2013/09/07 21:07:27 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Saved Games
[2013/09/07 21:07:27 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Pictures
[2013/09/07 21:07:27 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Music
[2013/09/07 21:07:27 | 000,000,000 | R--D | C] -- C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/09/07 21:07:27 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Links
[2013/09/07 21:07:27 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Favorites
[2013/09/07 21:07:27 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Downloads
[2013/09/07 21:07:27 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Documents
[2013/09/07 21:07:27 | 000,000,000 | R--D | C] -- C:\Users\Stuart\Desktop
[2013/09/07 21:07:27 | 000,000,000 | R--D | C] -- C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\AppData\Local\Temporary Internet Files
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\Templates
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\Start Menu
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\SendTo
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\Recent
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\PrintHood
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\NetHood
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\Documents\My Videos
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\Documents\My Pictures
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\Documents\My Music
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\My Documents
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\Local Settings
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\AppData\Local\History
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\Cookies
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\Application Data
[2013/09/07 21:07:27 | 000,000,000 | -HSD | C] -- C:\Users\Stuart\AppData\Local\Application Data
[2013/09/07 21:07:27 | 000,000,000 | -H-D | C] -- C:\Users\Stuart\AppData
[2013/09/07 21:07:27 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Temp
[2013/09/07 21:07:27 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Microsoft
[2013/09/07 21:07:27 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Media Center Programs
[2013/09/07 21:07:27 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
[2013/09/07 21:05:59 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2013/09/10 15:33:22 | 000,779,266 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/09/10 15:33:22 | 000,664,992 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/09/10 15:33:22 | 000,125,696 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/09/10 15:32:29 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/10 15:32:29 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/10 15:25:28 | 000,259,609 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2013/09/10 15:25:15 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/10 15:25:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/09/10 15:24:57 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/09 23:51:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/09 19:55:55 | 000,061,440 | ---- | M] ( ) -- C:\Users\Stuart\Desktop\VEW.exe
[2013/09/09 18:56:25 | 000,000,796 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/09/09 18:48:57 | 000,001,460 | ---- | M] () -- C:\Users\Stuart\Desktop\procexp - Shortcut.lnk
[2013/09/09 18:47:15 | 000,000,512 | ---- | M] () -- C:\Users\Stuart\Desktop\MBR.dat
[2013/09/09 18:32:28 | 000,001,455 | ---- | M] () -- C:\Users\Stuart\Desktop\aswmbr - Shortcut.lnk
[2013/09/08 16:51:07 | 000,361,200 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/09/08 16:42:20 | 000,002,148 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2013/09/08 16:12:34 | 000,001,041 | ---- | M] () -- C:\Users\Stuart\Desktop\Dropbox.lnk
[2013/09/08 16:11:40 | 000,001,051 | ---- | M] () -- C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/09/08 15:56:55 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/09/08 12:27:51 | 000,001,420 | ---- | M] () -- C:\Users\Stuart\Desktop\OTL - Shortcut.lnk
[2013/09/08 10:55:57 | 000,764,810 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/09/08 00:03:56 | 000,001,137 | ---- | M] () -- C:\Users\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/09/08 00:03:56 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/07 23:42:54 | 000,001,002 | ---- | M] () -- C:\Users\Stuart\Desktop\IrfanView.lnk
[2013/09/07 22:53:22 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
[2013/09/07 22:03:52 | 000,108,227 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2013/09/07 22:03:52 | 000,108,227 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2013/09/07 21:21:52 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/09/07 21:09:29 | 000,001,441 | ---- | M] () -- C:\Users\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/07 21:08:50 | 000,002,086 | ---- | M] () -- C:\Users\Stuart\Desktop\OneKey Recovery.lnk
[2013/09/07 21:08:45 | 000,001,122 | ---- | M] () -- C:\Users\Stuart\Desktop\Cyberlink Power2Go.lnk
[2013/08/23 15:27:40 | 000,619,616 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klif.sys

========== Files Created - No Company Name ==========

[2013/09/09 19:55:50 | 000,061,440 | ---- | C] ( ) -- C:\Users\Stuart\Desktop\VEW.exe
[2013/09/09 18:56:25 | 000,000,796 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/09/09 18:48:15 | 000,001,460 | ---- | C] () -- C:\Users\Stuart\Desktop\procexp - Shortcut.lnk
[2013/09/09 18:47:15 | 000,000,512 | ---- | C] () -- C:\Users\Stuart\Desktop\MBR.dat
[2013/09/09 18:31:20 | 000,001,455 | ---- | C] () -- C:\Users\Stuart\Desktop\aswmbr - Shortcut.lnk
[2013/09/08 16:42:20 | 000,002,148 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2013/09/08 16:12:34 | 000,001,041 | ---- | C] () -- C:\Users\Stuart\Desktop\Dropbox.lnk
[2013/09/08 16:11:40 | 000,001,051 | ---- | C] () -- C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/09/08 15:56:55 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/09/08 15:56:54 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/09/08 12:27:51 | 000,001,420 | ---- | C] () -- C:\Users\Stuart\Desktop\OTL - Shortcut.lnk
[2013/09/08 00:03:56 | 000,001,137 | ---- | C] () -- C:\Users\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/09/08 00:03:56 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/07 23:42:54 | 000,001,002 | ---- | C] () -- C:\Users\Stuart\Desktop\IrfanView.lnk
[2013/09/07 22:53:38 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
[2013/09/07 22:36:52 | 000,764,810 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/09/07 22:02:23 | 3177,074,688 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/07 21:21:52 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/09/07 21:21:52 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/09/07 21:09:29 | 000,001,441 | ---- | C] () -- C:\Users\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/07 21:08:12 | 000,001,413 | ---- | C] () -- C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/09/07 21:08:06 | 000,001,447 | ---- | C] () -- C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/09/07 21:07:27 | 000,002,086 | ---- | C] () -- C:\Users\Stuart\Desktop\OneKey Recovery.lnk
[2013/09/07 21:07:27 | 000,001,122 | ---- | C] () -- C:\Users\Stuart\Desktop\Cyberlink Power2Go.lnk
[2013/09/07 21:07:27 | 000,000,290 | ---- | C] () -- C:\Users\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/09/07 21:07:27 | 000,000,272 | ---- | C] () -- C:\Users\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/09/07 21:07:27 | 000,000,189 | ---- | C] () -- C:\Users\Stuart\Desktop\Lenovo Telephony Start Now.url

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/10 15:25:39 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Dropbox
[2013/09/07 23:42:42 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\IrfanView
[2013/09/07 23:53:28 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\SoftGrid Client
[2013/09/07 23:45:32 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\TP

========== Purity Check ==========



< End of report >


ntbtlog output

Service Pack 1 9 10 2013 15:24:50.125
Loaded driver \SystemRoot\system32\ntoskrnl.exe
Loaded driver \SystemRoot\system32\hal.dll
Loaded driver \SystemRoot\system32\kdcom.dll
Loaded driver \SystemRoot\system32\mcupdate_GenuineIntel.dll
Loaded driver \SystemRoot\system32\PSHED.dll
Loaded driver \SystemRoot\system32\CLFS.SYS
Loaded driver \SystemRoot\system32\CI.dll
Loaded driver \SystemRoot\system32\drivers\Wdf01000.sys
Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS
Loaded driver \SystemRoot\system32\drivers\ACPI.sys
Loaded driver \SystemRoot\system32\drivers\WMILIB.SYS
Loaded driver \SystemRoot\system32\drivers\msisadrv.sys
Loaded driver \SystemRoot\system32\drivers\pci.sys
Loaded driver \SystemRoot\system32\drivers\vdrvroot.sys
Loaded driver \SystemRoot\system32\DRIVERS\kl1.sys
Loaded driver \SystemRoot\System32\drivers\partmgr.sys
Loaded driver \SystemRoot\system32\drivers\compbatt.sys
Loaded driver \SystemRoot\system32\drivers\BATTC.SYS
Loaded driver \SystemRoot\system32\drivers\volmgr.sys
Loaded driver \SystemRoot\System32\drivers\volmgrx.sys
Loaded driver \SystemRoot\System32\drivers\mountmgr.sys
Loaded driver \SystemRoot\system32\DRIVERS\iaStor.sys
Loaded driver \SystemRoot\system32\drivers\atapi.sys
Loaded driver \SystemRoot\system32\drivers\ataport.SYS
Loaded driver \SystemRoot\system32\drivers\msahci.sys
Loaded driver \SystemRoot\system32\drivers\PCIIDEX.SYS
Loaded driver \SystemRoot\system32\drivers\amdxata.sys
Loaded driver \SystemRoot\system32\drivers\fltmgr.sys
Loaded driver \SystemRoot\system32\drivers\fileinfo.sys
Loaded driver \SystemRoot\System32\Drivers\Ntfs.sys
Loaded driver \SystemRoot\System32\Drivers\msrpc.sys
Loaded driver \SystemRoot\System32\Drivers\ksecdd.sys
Loaded driver \SystemRoot\System32\Drivers\cng.sys
Loaded driver \SystemRoot\System32\drivers\pcw.sys
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.sys
Loaded driver \SystemRoot\system32\drivers\ndis.sys
Loaded driver \SystemRoot\system32\drivers\NETIO.SYS
Loaded driver \SystemRoot\System32\Drivers\ksecpkg.sys
Loaded driver \SystemRoot\System32\drivers\tcpip.sys
Loaded driver \SystemRoot\System32\drivers\fwpkclnt.sys
Loaded driver \SystemRoot\system32\drivers\wd.sys
Loaded driver \SystemRoot\system32\drivers\volsnap.sys
Loaded driver \SystemRoot\System32\Drivers\spldr.sys
Loaded driver \SystemRoot\System32\drivers\rdyboost.sys
Loaded driver \SystemRoot\System32\Drivers\mup.sys
Loaded driver \SystemRoot\System32\DRIVERS\LhdX64.sys
Loaded driver \SystemRoot\System32\drivers\hwpolicy.sys
Loaded driver \SystemRoot\System32\DRIVERS\fvevol.sys
Loaded driver \SystemRoot\system32\drivers\fbfmon.sys
Loaded driver \SystemRoot\system32\drivers\disk.sys
Loaded driver \SystemRoot\system32\drivers\CLASSPNP.SYS
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\klif.sys
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\system32\drivers\rdpencdd.sys
Loaded driver \SystemRoot\system32\drivers\rdprefmp.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\tdx.sys
Loaded driver \SystemRoot\system32\DRIVERS\kltdi.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\system32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\wfplwf.sys
Loaded driver \SystemRoot\system32\DRIVERS\pacer.sys
Loaded driver \SystemRoot\system32\DRIVERS\vwififlt.sys
Loaded driver \SystemRoot\system32\DRIVERS\klim6.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\drivers\nsiproxy.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\kneps.sys
Loaded driver \SystemRoot\system32\DRIVERS\klpd.sys
Loaded driver \SystemRoot\System32\drivers\discache.sys
Loaded driver \SystemRoot\System32\Drivers\dfsc.sys
Loaded driver \SystemRoot\system32\drivers\BPntDrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\blbdrive.sys
Loaded driver \SystemRoot\system32\DRIVERS\tunnel.sys
Loaded driver \SystemRoot\System32\drivers\dxgkrnl.sys
Loaded driver \SystemRoot\system32\DRIVERS\igdkmd64.sys
Loaded driver \SystemRoot\system32\DRIVERS\HECIx64.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\L1C62x64.sys
Loaded driver \SystemRoot\system32\DRIVERS\athrx.sys
Loaded driver \SystemRoot\system32\DRIVERS\vwifibus.sys
Loaded driver \SystemRoot\system32\DRIVERS\AcpiVpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\SynTP.sys
Loaded driver \SystemRoot\system32\DRIVERS\klmouflt.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\klkbdflt.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\system32\DRIVERS\CompositeBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\clwvd.sys
Loaded driver \SystemRoot\system32\drivers\ksthunk.sys
Loaded driver \SystemRoot\system32\DRIVERS\AgileVpn.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\rassstp.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\umbus.sys
Did not load driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\CHDRT64.sys
Loaded driver \SystemRoot\system32\DRIVERS\IntcDAud.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdfs.sys
Loaded driver \SystemRoot\system32\DRIVERS\monitor.sys
Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
Loaded driver \SystemRoot\System32\Drivers\vm331avs.sys
Loaded driver \SystemRoot\System32\Drivers\vmuvcflt.sys
Loaded driver \SystemRoot\system32\drivers\luafv.sys
Loaded driver \??\C:\windows\system32\drivers\mbam.sys
Loaded driver \SystemRoot\system32\drivers\WudfPf.sys
Loaded driver \SystemRoot\system32\DRIVERS\lltdio.sys
Loaded driver \SystemRoot\system32\DRIVERS\nwifi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Loaded driver \SystemRoot\system32\DRIVERS\rspndr.sys
Loaded driver \SystemRoot\system32\drivers\HTTP.sys
Loaded driver \SystemRoot\system32\DRIVERS\bowser.sys
Loaded driver \SystemRoot\System32\drivers\mpsdrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb10.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb20.sys
Loaded driver \SystemRoot\system32\drivers\peauth.sys
Loaded driver \SystemRoot\System32\Drivers\secdrv.SYS
Loaded driver \SystemRoot\System32\DRIVERS\srvnet.sys
Loaded driver \SystemRoot\System32\drivers\tcpipreg.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv2.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Did not load driver \SystemRoot\System32\DRIVERS\srv.sys
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,026 posts
  • MVP

Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS


I have seen this blamed for a slow boot. Don't know if that's really the case but on my Win 7, ndproxy does not start during boot. It seems to be the basis for all of the networking so it might be waiting for something in the network to start. Go into Device Manager and see if you can change it to Demand which is what it says on mine.

Click on the Start Orb.
In the Start Search box type: device manager
and Enter and it should open up after a short delay. Click on View then on Show Hidden Devices. Find Non-Plug and Play Drivers and click on the arrow in front of it. Find ndproxy and right click on it and select Properties. Click on the Driver tab. Down at the bottom should be a Startup Type. If it says Boot change it to Demand and OK. Then delete the current ntbtlog and reboot and look at the boot log again and see if it still tries to load ndproxy. (Does it seem to boot faster?) If your networking still works then you can leave it like that. If not then put it back.

EDIT: Just ran the boot log on mine and it is also trying to load ndproxy and srv multiple times so I expect that's normal and not the cause of your boot slowness.

Your USB drive appears to be OK. There is not much on it so I would try reformatting it:
http://www.makeuseof...rmat-usb-drive/
  • 0

#9
FXRStuarty

FXRStuarty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Ron,

Sorry for the delay in responding, I've been engaged on other things.

Had a look at the Boot change and its already set at Demand. Should I do anything?
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,026 posts
  • MVP
No it appears that it is normal for Windows to try to load it several times. False alarm.

Did you try reformatting the USB drive?
  • 0

#11
FXRStuarty

FXRStuarty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Ron,

Once again apologies for delay in responding.

I have done all you have suggested and everything seems to be running as it should.

Thank you. I really appreciate the help you have given me.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP