Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Suspect a InstallMate Win32/ InstallRex.T and other viruses on my lapt

Suspect a virus on my laptop Virus on my laptop Viruses Malware Potentially Unwanted Programs InstallMate Win32/InstallRex.T WIn32 Virus Installmate virus

  • This topic is locked This topic is locked

#1
TechGuy2014

TechGuy2014

    New Member

  • Member
  • Pip
  • 6 posts

Hello,

 

I have recently had a problem with my Lenovo Thinkpad T500 laptop which has Windows 7 32-bit loaded on it. When I was surfing the internet a few days ago, my internet connection suddenly went off and I couldn't get it back up. On the connections bar at the bottom, it said 'unknown network'(public) with no internet access even though I logged in to my home wireless network. All my devices on the network were working properly with high network speeds. After rebooting, still the same, so I left it for a few days. When I turned it back on after that, it worked, but the computer was running way slower than normal and internet browsing was terribly difficult due to the slow loading speed of websites.  Only this computer seems affected. I have Eset Smart Security 4(Business Edition). After running a scan, it found 4 viruses:

 

1.C:\ProgramData\InstallMate\OptimizerPro\_Setupx.dll

2.C:\ProgramData\InstallMate\{2D978F06-3F8C-4D63-AF88-77AEF674ADF0}\_Setupx.dll

3.C:\Users\All Users\InstallMate\OptimizerPro\_Setupx.dll

4.C:\Users\All Users\InstallMate\{2D978F06-3F8C-4D63-AF88-77AEF674ADF0}\_Setupx.dll

(Hope I spelled them correctly)

 

It says all of them are a variant of Win32/InstallRex.T potentially unwanted application.

 

It only cleaned the first 2. The others it said 'error opening'. and I still find the folder InstallMate and its contents except of the Setupx files.

 

Since the scan the computer has been running a little bit faster, though still slower than normal. Can you suggest what I should do, because I think the computer is not totally disinfected?

 

I have also notice that after plugging in a USB flash drive, I put the 2 .txt files from OTL and after scanning with Eset scan it said there were 6 files on it. Plus when i pressed custom scan it asked me whether to scan the boot sector. I did but no malware was found, though I did not make this a bootable USB. Was this a manifestation of the virus to spread to others computers?

Also I sometimes get an error which says iexplorer.exe is not working. And it's an AppHangB1.

 
Here is the OTL quick scan log:
 
OTL logfile created on: 12/16/2014 12:43:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\stv\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.95 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.34% Memory free
3.89 Gb Paging File | 2.59 Gb Available in Paging File | 66.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.11 Gb Total Space | 25.23 Gb Free Space | 18.27% Space Free | Partition Type: NTFS
Drive Q: | 9.76 Gb Total Space | 3.07 Gb Free Space | 31.42% Space Free | Partition Type: NTFS

Computer Name: TECH-SUP18 | User Name: stv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/12/16 10:35:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\stv\Desktop\OTL.exe
PRC - [2014/11/13 16:24:18 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2013/08/02 02:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/01/07 21:53:22 | 000,340,992 | ---- | M] () -- C:\ProgramData\CloudSoft\OptimizerPro\OptimizerPro.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/07/30 23:08:58 | 001,149,400 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2012/07/30 23:08:56 | 000,921,048 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2012/07/30 23:08:55 | 006,956,504 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/28 17:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011/12/16 03:40:00 | 008,186,256 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
PRC - [2011/12/16 03:40:00 | 002,368,912 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2011/11/01 14:19:16 | 000,583,952 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
PRC - [2011/11/01 13:19:00 | 000,936,208 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2011/11/01 13:09:04 | 001,210,640 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2011/11/01 13:03:54 | 000,481,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2011/10/20 18:33:22 | 000,103,184 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
PRC - [2011/10/19 14:24:54 | 000,510,464 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/07/28 15:30:58 | 000,138,368 | ---- | M] () -- C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2011/01/12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2010/03/22 14:33:30 | 000,217,088 | ---- | M] () -- C:\Program Files\3G USB Modem\HSDPALauncher.exe
PRC - [2010/02/04 12:14:20 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2010/02/04 12:14:06 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/12/11 10:44:49 | 000,529,768 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\Kensington Display Adapter\DisplayLinkKensingtonSupport.exe
PRC - [2009/10/01 01:47:30 | 000,435,488 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\ACTray.exe
PRC - [2009/10/01 01:47:28 | 000,242,976 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe
PRC - [2009/10/01 01:47:26 | 000,124,192 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2009/10/01 01:14:46 | 000,335,872 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2009/09/28 09:27:20 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/09/25 08:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/09/01 09:32:20 | 000,098,304 | ---- | M] () -- C:\Windows\System32\DTS.exe
PRC - [2009/09/01 09:28:04 | 001,692,920 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe
PRC - [2009/08/27 01:02:26 | 001,021,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/08/24 06:00:30 | 000,352,256 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/24 06:00:02 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/08/20 02:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/07/15 03:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/07/14 08:15:36 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/07/02 04:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2009/07/02 04:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
PRC - [2009/05/28 08:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/03/13 10:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/02/02 11:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/31 01:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- C:\Program Files\RotateImage\RCIMGDIR.exe
PRC - [2008/01/12 03:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/05 05:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/05/04 06:58:56 | 000,998,912 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/07/28 15:31:02 | 001,048,496 | ---- | M] () -- C:\Program Files\Nokia\Nokia Internet Modem\wxmsw28u_core_vc_custom.dll
MOD - [2011/07/28 15:31:02 | 000,726,960 | ---- | M] () -- C:\Program Files\Nokia\Nokia Internet Modem\wxbase28u_vc_custom.dll
MOD - [2011/07/28 15:31:00 | 000,775,600 | ---- | M] () -- C:\Program Files\Nokia\Nokia Internet Modem\UIToolkit.dll
MOD - [2011/07/28 15:31:00 | 000,508,848 | ---- | M] () -- C:\Program Files\Nokia\Nokia Internet Modem\Toolkit.dll
MOD - [2011/07/28 15:31:00 | 000,147,888 | ---- | M] () -- C:\Program Files\Nokia\Nokia Internet Modem\pcre3.dll
MOD - [2011/07/28 15:31:00 | 000,049,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Internet Modem\Preferences.dll
MOD - [2011/07/28 15:30:58 | 000,138,368 | ---- | M] () -- C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
MOD - [2011/07/28 15:30:56 | 000,311,728 | ---- | M] () -- C:\Program Files\Nokia\Nokia Internet Modem\Device.dll
MOD - [2011/07/28 15:30:56 | 000,247,216 | ---- | M] () -- C:\Program Files\Nokia\Nokia Internet Modem\DB.dll
MOD - [2011/07/28 15:30:56 | 000,125,872 | ---- | M] () -- C:\Program Files\Nokia\Nokia Internet Modem\Discovery.dll
MOD - [2011/07/28 15:30:56 | 000,059,312 | ---- | M] () -- C:\Program Files\Nokia\Nokia Internet Modem\DriveDetector.dll
MOD - [2011/07/28 15:30:54 | 000,090,544 | ---- | M] () -- C:\Program Files\Nokia\Nokia Internet Modem\ComCore.dll
MOD - [2011/07/28 15:21:42 | 000,028,160 | ---- | M] () -- C:\Program Files\Nokia\Nokia Internet Modem\ressources\plugins\DiscoveryGeneric.plugin
MOD - [2011/07/28 15:21:38 | 000,017,408 | ---- | M] () -- C:\Program Files\Nokia\Nokia Internet Modem\ressources\plugins\DiscoveryNdis.plugin
MOD - [2010/03/22 14:33:30 | 000,217,088 | ---- | M] () -- C:\Program Files\3G USB Modem\HSDPALauncher.exe
MOD - [2009/10/01 01:14:44 | 000,651,264 | ---- | M] () -- C:\Program Files\Lenovo\Access Connections\AcDeskBand.dll
MOD - [2009/08/23 20:04:00 | 000,030,720 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2009/07/02 04:03:24 | 000,132,384 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2009/05/28 08:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2006/05/04 06:58:56 | 000,998,912 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe
MOD - [2006/05/04 06:58:38 | 001,239,040 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\vspdfdialogs100.bpl
MOD - [2006/05/04 06:58:38 | 000,237,056 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\expertpdf4core.bpl
MOD - [2006/05/04 06:58:36 | 003,014,656 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\vspdfcore100.bpl
MOD - [2006/05/04 06:58:36 | 001,026,048 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\vsvector100.bpl
MOD - [2006/05/04 06:58:36 | 000,230,912 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\vspdfeditor100.bpl
MOD - [2006/04/15 06:34:26 | 000,568,320 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\TMSlite100.bpl
MOD - [2006/03/02 20:39:28 | 001,844,224 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\te100.bpl
MOD - [2006/03/02 20:33:18 | 000,444,928 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\VirtualTree100.bpl
MOD - [2006/03/02 20:28:36 | 000,139,776 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\uoolep100.bpl
MOD - [2006/03/02 20:01:50 | 000,071,168 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\VSDesktop100.bpl
MOD - [2006/03/02 19:57:48 | 000,383,488 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\visage100.bpl
MOD - [2006/03/02 19:55:22 | 000,089,088 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\vsmisc100.bpl
MOD - [2005/12/26 13:20:52 | 002,098,176 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\PKIECtrl100.bpl
MOD - [2003/08/22 07:23:16 | 000,225,792 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\sqlite.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2014/12/10 19:56:14 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/22 03:55:14 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/06/06 06:38:37 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/04 13:45:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/07/30 23:08:55 | 006,956,504 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/16 03:40:00 | 002,368,912 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2011/11/01 14:19:16 | 000,583,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7)
SRV - [2011/11/01 13:19:00 | 000,936,208 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011/11/01 13:06:54 | 000,227,600 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011/11/01 13:03:54 | 000,481,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/20 18:33:22 | 000,103,184 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2011/10/19 14:24:54 | 000,510,464 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/01/12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010/02/04 12:14:20 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2010/02/04 12:14:06 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/10/01 01:47:28 | 000,242,976 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2009/10/01 01:47:26 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/09/25 08:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/09/01 09:32:20 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\DTS.exe -- (dtsvc)
SRV - [2009/09/01 09:32:16 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/09/01 09:28:04 | 001,692,920 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2009/08/27 01:02:26 | 001,021,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/08/24 06:00:02 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/08/23 20:04:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/08/05 07:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/07/15 03:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/03 11:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/07/02 04:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/04/29 04:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/12 03:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/05 05:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\NETw5s32.sys -- (NETw5s32)
DRV - [2013/08/22 14:40:22 | 000,035,288 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2012/07/30 23:09:13 | 000,275,320 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dlkmd.sys -- (dlkmd)
DRV - [2012/07/30 23:09:13 | 000,015,224 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV - [2012/07/30 21:18:28 | 000,021,888 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DisplayLinkUsbPort_6.3.40660.0.sys -- (DisplayLinkUsbPort)
DRV - [2011/11/15 15:56:04 | 000,037,888 | ---- | M] (MediaTek Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb2ser.sys -- (wdf_usb)
DRV - [2011/10/31 15:56:36 | 007,522,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32)
DRV - [2011/10/19 14:18:38 | 000,140,800 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPALP)
DRV - [2011/10/19 14:18:38 | 000,140,800 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL)
DRV - [2010/12/21 15:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 13:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2010/12/21 13:47:38 | 000,041,336 | ---- | M] (ESET) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/22 14:07:24 | 000,085,888 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nokia_cs1x_cdc_acm.sys -- (nokia_cs1x_cdc_acm)
DRV - [2010/04/22 14:07:24 | 000,081,408 | ---- | M] (Nokia) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nokia_cs1x_dc_enum.sys -- (nokia_cs1x_dc_enum)
DRV - [2010/04/22 14:07:24 | 000,009,856 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nokia_cs1x_cpo.sys -- (nokia_cs1x_cpo)
DRV - [2009/11/27 12:05:09 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009/09/22 04:47:10 | 005,946,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd)
DRV - [2009/09/15 06:30:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/09/15 05:36:00 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/09/07 11:00:00 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/09/01 11:44:16 | 000,485,376 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/08/24 06:32:48 | 005,073,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/08/24 06:32:48 | 005,073,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2009/08/24 05:09:56 | 000,106,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/08/23 20:04:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009/08/18 08:08:14 | 000,020,848 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{C4B36920-79E24793-06000000}_0)
DRV - [2009/07/22 07:56:22 | 000,459,264 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/07/14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/14 00:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/08 08:12:52 | 000,072,320 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\5U875.sys -- (5U875UVC)
DRV - [2009/07/02 20:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009/06/29 23:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2009/06/29 23:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/06/23 05:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/04/29 04:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/05/12 11:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2007/10/16 11:40:50 | 000,097,408 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmusbser.sys -- (qcusbser)
DRV - [2007/04/18 06:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/04/12 11:36:20 | 000,023,552 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0801.sys -- (tap0801)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {E9F33613-7E95-4C6C-AB69-88B40FC47BE4}
IE - HKLM\..\SearchScopes\{E9F33613-7E95-4C6C-AB69-88B40FC47BE4}: "URL" = http://www.bing.com/...c=IE-SearchBox;


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4142048944-2663147581-261081445-2255\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-4142048944-2663147581-261081445-2255\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4142048944-2663147581-261081445-2255\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKU\S-1-5-21-4142048944-2663147581-261081445-2255\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - prefs.js..keyword.URL: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://eu.ask.com/?l=dis&o=15003"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013/01/04 12:20:06 | 000,000,000 | ---D | M]

[2013/03/05 09:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stv\AppData\Roaming\mozilla\Extensions
[2014/07/31 19:11:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stv\AppData\Roaming\mozilla\Firefox\Profiles\bmlkzc7t.default\extensions
[2014/07/31 19:11:18 | 000,226,542 | ---- | M] () (No name found) -- C:\Users\stv\AppData\Roaming\mozilla\firefox\profiles\bmlkzc7t.default\extensions\[email protected]
[2013/03/30 23:41:02 | 000,195,574 | ---- | M] () (No name found) -- C:\Users\stv\AppData\Roaming\mozilla\firefox\profiles\bmlkzc7t.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013/03/31 22:53:48 | 000,001,720 | ---- | M] () -- C:\Users\stv\AppData\Roaming\mozilla\firefox\profiles\bmlkzc7t.default\searchplugins\sweetim.xml
[2014/07/31 19:11:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/07/31 19:11:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U38 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.380.5 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - default_search_provider: 1DDF856AC58E75FE10D80ECAA145011D6907AF3D0841552269AE31269ADD22F0 (Enabled)
CHR - default_search_provider: search_url = FB82FE06E948C32F8674F65C71B32976ECB09624C1D6C5CA2085CB373E0C0874
CHR - default_search_provider: suggest_url =
CHR - homepage: 083216990EC0ED1AE7699A4DE1CD3087BB582BA98D9ED1DD628D4C790DB86D95
CHR - Extension: Google Drive = C:\Users\stv\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\stv\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\stv\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\stv\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\stv\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.14.4_0\
CHR - Extension: Google Wallet = C:\Users\stv\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\stv\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Drive = C:\Users\stv\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\stv\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\stv\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\stv\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\stv\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.14.4_0\
CHR - Extension: Google Wallet = C:\Users\stv\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\stv\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/10/30 17:03:38 | 000,000,907 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 195.150.100.74    rnord-exch.rnkeo.com.cy
O1 - Hosts: 195.150.100.74 autodiscover.rnkeo.com.cy
O2 - BHO: (SmashPdf Opener PlugIn) - {00050000-0000-1011-8006-0000C06B5161} - C:\Program Files\SmartShelter Pdf\SmashPdfOpener.dll (WIBU-SYSTEMS AG)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4142048944-2663147581-261081445-2255\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ACTray] C:\Program Files\Lenovo\Access Connections\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [HSDPALauncher] C:\Program Files\3G USB Modem\HSDPALauncher.exe ()
O4 - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LenVolFx] C:\Windows\LenVolEx.exe (Lenovo)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [NokiaInternetModem_AppStart.exe] C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe ()
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-4142048944-2663147581-261081445-2255..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-4142048944-2663147581-261081445-2255\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_38)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Nord.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45B26B79-9745-4120-A1F7-1808E95D8B5D}: DhcpNameServer = 192.168.51.10
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{0b5f7434-38a3-11e3-baaf-001c259d6269}\Shell - "" = AutoRun
O33 - MountPoints2\{0b5f7434-38a3-11e3-baaf-001c259d6269}\Shell\AutoRun\command - "" = E:\iLinker.exe
O33 - MountPoints2\{3f4634e0-560f-11e2-9411-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3f4634e0-560f-11e2-9411-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{3f4634eb-560f-11e2-9411-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3f4634eb-560f-11e2-9411-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{4d1c7933-7358-11e2-9190-00216a0e462a}\Shell - "" = AutoRun
O33 - MountPoints2\{4d1c7933-7358-11e2-9190-00216a0e462a}\Shell\AutoRun\command - "" = E:\.\StartModem.exe
O33 - MountPoints2\{93fa2d6b-770b-11e2-9f3f-00216a0e462a}\Shell - "" = AutoRun
O33 - MountPoints2\{93fa2d6b-770b-11e2-9f3f-00216a0e462a}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{93fa2d79-770b-11e2-9f3f-00216a0e462a}\Shell - "" = AutoRun
O33 - MountPoints2\{93fa2d79-770b-11e2-9f3f-00216a0e462a}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\iLinker.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\StartModem.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/12/16 11:40:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\stv\Desktop\OTL.exe
[2014/12/14 14:31:25 | 000,000,000 | -HSD | C] -- C:\Users\stv\AppData\Local\EmieBrowserModeList
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/12/16 12:30:45 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/16 11:56:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/16 11:45:21 | 000,022,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/16 11:45:21 | 000,022,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/16 11:42:13 | 000,716,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/12/16 11:42:13 | 000,144,782 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/12/16 11:38:57 | 000,001,024 | ---- | M] () -- C:\Users\stv\.rnd
[2014/12/16 11:38:57 | 000,001,024 | ---- | M] () -- C:\.rnd
[2014/12/16 11:38:31 | 000,000,386 | -H-- | M] () -- C:\Windows\tasks\{3C0623F9-59E2-483A-9D7F-3C8A32234517}.job
[2014/12/16 11:38:01 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2014/12/16 11:37:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/16 11:37:44 | 1566,593,024 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/16 10:35:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\stv\Desktop\OTL.exe
[2014/12/13 02:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2014/12/01 21:23:51 | 000,074,130 | ---- | M] () -- C:\Users\stv\Desktop\mot iDEAL - Bevestiging.pdf
[2014/11/30 09:00:00 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2014/11/22 11:52:56 | 005,024,349 | ---- | M] () -- C:\Users\stv\Desktop\02 - Safe Access to and from ships.pdf
[2014/11/22 11:49:12 | 000,187,792 | ---- | M] () -- C:\Users\stv\Desktop\1331.pdf
[2014/11/18 21:28:14 | 000,278,263 | ---- | M] () -- C:\Users\stv\Desktop\Regulament_Mai_comod_Mai_smart_MyING.pdf
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/12/16 11:38:57 | 000,001,024 | ---- | C] () -- C:\.rnd
[2014/12/16 11:38:01 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2014/12/01 21:23:51 | 000,074,130 | ---- | C] () -- C:\Users\stv\Desktop\mot iDEAL - Bevestiging.pdf
[2014/11/22 11:52:55 | 005,024,349 | ---- | C] () -- C:\Users\stv\Desktop\02 - Safe Access to and from ships.pdf
[2014/11/22 11:49:10 | 000,187,792 | ---- | C] () -- C:\Users\stv\Desktop\1331.pdf
[2014/11/18 21:27:04 | 000,278,263 | ---- | C] () -- C:\Users\stv\Desktop\Regulament_Mai_comod_Mai_smart_MyING.pdf
[2014/06/02 06:39:00 | 000,001,024 | ---- | C] () -- C:\Users\stv\.rnd
[2013/11/07 14:59:45 | 000,000,942 | ---- | C] () -- C:\Users\stv\AppData\Roaming\bibstats
[2013/10/15 10:39:02 | 000,003,584 | ---- | C] () -- C:\Users\stv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/07 14:33:58 | 000,000,032 | ---- | C] () -- C:\Windows\SpriteKt.ini
[2013/06/05 07:27:06 | 000,007,621 | ---- | C] () -- C:\Users\stv\AppData\Local\Resmon.ResmonCfg
[2013/03/05 10:52:35 | 000,086,016 | ---- | C] () -- C:\ProgramData\EEOICalculator.sdf
[2013/01/30 07:42:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd9.dll
[2013/01/30 07:42:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd11.dll
[2013/01/30 07:42:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd10.dll
[2013/01/08 17:40:30 | 000,047,104 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2013/01/08 17:40:27 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2013/01/08 17:40:27 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.DLL
[2013/01/08 17:40:26 | 000,151,552 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2013/01/07 07:54:13 | 000,001,638 | ---- | C] () -- C:\Windows\unins000.dat
[2013/01/04 22:58:16 | 000,014,336 | ---- | C] () -- C:\Windows\System32\vsmon1.dll
[2013/01/04 13:58:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/01/04 12:04:50 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/03 17:51:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Lenovo
[2013/02/05 08:18:55 | 000,000,000 | ---D | M] -- C:\Users\pk\AppData\Roaming\ESET
[2013/02/05 08:18:52 | 000,000,000 | ---D | M] -- C:\Users\pk\AppData\Roaming\Lenovo
[2013/01/04 12:20:53 | 000,000,000 | ---D | M] -- C:\Users\stv\AppData\Roaming\ESET
[2013/01/04 23:19:46 | 000,000,000 | ---D | M] -- C:\Users\stv\AppData\Roaming\eXPert PDF Editor
[2013/05/27 18:39:56 | 000,000,000 | ---D | M] -- C:\Users\stv\AppData\Roaming\InterVideo
[2013/01/04 12:14:28 | 000,000,000 | ---D | M] -- C:\Users\stv\AppData\Roaming\Lenovo
[2013/05/29 12:45:42 | 000,000,000 | ---D | M] -- C:\Users\stv\AppData\Roaming\OpenCandy
[2013/10/15 10:38:08 | 000,000,000 | ---D | M] -- C:\Users\stv\AppData\Roaming\Research In Motion
[2013/05/29 12:46:37 | 000,000,000 | ---D | M] -- C:\Users\stv\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >
 
 
PS. Do you also need the Extra.txt file?
 
Thanks in advance,
TechGuy2014

Edited by TechGuy2014, 20 December 2014 - 10:00 AM.

  • 0

Advertisements


#2
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)

 

PS. Do you also need the Extra.txt file?


Yeah, go ahead and post it :)


  • 0

#3
TechGuy2014

TechGuy2014

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

OTL Extras logfile created on: 12/16/2014 12:43:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\stv\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.95 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.34% Memory free
3.89 Gb Paging File | 2.59 Gb Available in Paging File | 66.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.11 Gb Total Space | 25.23 Gb Free Space | 18.27% Space Free | Partition Type: NTFS
Drive Q: | 9.76 Gb Total Space | 3.07 Gb Free Space | 31.42% Space Free | Partition Type: NTFS

Computer Name: TECH-SUP18 | User Name: stv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-4142048944-2663147581-261081445-2255\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0462E19B-0A6F-4CD0-BE78-81FCE69D5001}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{07F6A7C7-1FD9-4372-BF8D-B95BB8678ED9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{08E10881-759A-4DED-A0BC-96DCFDFD2AA4}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0D414785-6FE4-4B10-AA1B-CB81E2585394}" = lport=2869 | protocol=6 | dir=in | app=system |
"{10826956-F217-4717-A343-C64B46B1AA44}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1B18F04C-B4B0-4C94-9627-C54FC0E02733}" = lport=10243 | protocol=6 | dir=in | app=system |
"{23DA4073-70BC-4223-8FD7-5F596988B822}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2487BAEA-77E9-4A5C-8CAB-CFEA3339C374}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3046C405-7BCA-438F-A509-9600B71E4B3A}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{3656512A-E87E-45B3-8DE9-D4CCAC3ADE1E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3AD91319-E175-4DB1-9A58-1CB34E9FB1B7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{408007E9-8CF4-41F7-97C5-666C323E4F91}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4331D505-F50C-4936-8C07-FCB1DCCD0EC2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{45BAC89E-E174-4E74-BC72-2A35D95D2876}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B6AD679-60AB-446D-9C77-188D7DD65AFF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4C6613F0-19C7-4749-A719-3C62C4559346}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4E7CAAF1-44A3-49B3-9E2B-C3D7A53F7EEA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{51BBB3FC-6B3E-4D91-B525-B03B847D2777}" = rport=2869 | protocol=6 | dir=out | app=system |
"{56D27A61-291A-4F38-85C3-CC2A7034E03E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5EE64625-4F2E-456F-9F2E-1BC7AB123AB4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{633CC7D5-E679-4A81-8B6A-5859D0017888}" = rport=2869 | protocol=6 | dir=out | app=system |
"{684AE664-5ACE-43D4-AD9A-64AF244EC75F}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{70D60E0E-E032-4687-A2B3-CDB559147028}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{747DC9F6-8E14-4220-B3DB-9FA7511C1F03}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{7532C443-A922-4219-A377-67B918CB747A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{788240EF-6AC2-443D-AFE7-8B8DA7391FDB}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{8B3C45BA-6D49-4400-8E3D-A30A6B5A6879}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8BE1F985-A81B-4CDB-9CA4-F5459B6158E7}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{8BFA0B6A-1DB7-47D0-A572-377A82C14DC0}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{8C4C516A-97EC-44C4-913C-6AFDADF722DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D3ED5CB-4943-41EC-9A9E-489B733B2612}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{90AC4074-0346-4EC5-8684-24A96B6A6BCD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{949AC393-70B8-4BC0-8A90-8A65A93D57FB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{9FB16CF7-4498-46A0-ACEC-A03E0B8BB2B7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A5CC07C4-3FA6-4AB4-812F-8DE191B65834}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A5CFC2EB-9E58-40E3-845D-22A0FD1065BF}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B0D3280A-6865-4C20-A375-CB37088CBA9E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B7BDE6B2-9CBC-4809-969C-674C72787320}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CDE3BCA6-9AD1-4092-92ED-C172445831A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D253AABC-F911-4E01-8314-896B6A79E5C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5F1E68B-8981-41D1-9AB3-793B80BC2EBD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D6A24590-A280-4B90-9D40-0C3B99A726A0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DD4DA917-12A8-4C8E-8202-4DE8E1F15280}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09EC21DC-7BF9-4D68-92AA-5867C24506EC}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1061DF67-1E00-48EA-B95B-C653C240F899}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{13715A2C-5717-477C-9850-826DF6008B19}" = protocol=6 | dir=in | app=c:\users\stv\appdata\local\temp\diq\flashplayer_151\software\sweetipacks.exe |
"{1CAFE87C-9836-4ED5-A830-FE7B1E8FE21B}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{23136A58-BD6C-4052-AAE4-33D316A96DC0}" = protocol=17 | dir=in | app=c:\users\stv\appdata\local\temp\diq\flashplayer_151\software\sweetipacks.exe |
"{26EDFD3F-DE82-41AC-A580-2395842DEA43}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{37D009C1-7A7F-42B9-A6EE-8B0D875DDFCE}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{528CF792-1A4D-4A0A-A892-FA253685CF20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5A798CA3-F96A-4A6B-A609-06D280E66AFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{621B7B56-5222-4B6B-81FC-B64C52497EE8}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{65E5476D-149F-4641-A49F-4EE6E92FDB23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{72BA5323-77D3-4DB1-A903-4DE7C5EF729B}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{731A12B1-A869-41C1-B572-8A3EB1DC85BA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75339AB5-D973-431A-A13C-96F87A394289}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{8340D40A-AA0B-47AD-AEE9-C180625526DE}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{859BC36B-DC3A-4A64-B6A0-00ADEEA5277A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87764F49-B3E8-482D-9A04-A60DA47ED632}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8FD7392D-37AC-4B50-A158-215AAD2BC6C5}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{96DE6862-F431-4E7D-AA29-6192E50FEEB2}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{98E8E705-D2BA-4499-87E8-860FA392BFD5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{99384E58-E362-45B8-86CC-E754906301DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B0EBD1C4-C91C-4B18-9EFA-7ECAA2BD34E1}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{B62995BD-4377-40F4-83C5-73366F7BC2C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B9AFAF4A-19F4-4608-852D-F2943F2E9FB7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B9E72B07-1A6C-4980-87D7-658FAC6BE2B3}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{C0A556BA-1C4F-41FE-A362-4B94F9D7D328}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C22C8A79-56CB-4BDA-9032-CD15A953603C}" = protocol=58 | dir=in | [email protected],-148 |
"{CADD2EC9-1062-4EE2-A05F-A6EEC416620E}" = dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{CEE0428E-F115-4C8B-B3E0-081CA3A05D41}" = protocol=58 | dir=in | [email protected],-148 |
"{D17EE2B2-D1D1-4AB8-8837-CDDF5E909A63}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D9843F91-5B94-4549-B0A4-FD76EE69BD30}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{DFA5ACA8-C08C-43D0-9874-60F80AF718D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E677C356-472C-4E3A-9DAF-180C9FDE0BA2}" = protocol=6 | dir=out | app=system |
"{F4CBD0C8-22D7-4EC8-98F2-44DE3BDACA3A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FCC1F522-69CC-4103-9E52-DD649880FC20}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FFC04DAF-6FC1-435D-8F58-393A112F85E7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{12490D16-5193-4B4E-8D90-4004DAE2AF14}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"TCP Query User{31C85ABD-F3BB-42D6-B168-0079769BB471}\\rnkeo-mail\commtext\mfw\program\mfw32.exe" = protocol=6 | dir=in | app=\\rnkeo-mail\commtext\mfw\program\mfw32.exe |
"TCP Query User{49E6FA04-40E2-449D-9262-634BE3BFF846}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{7E3EEE00-56E9-414E-9EFF-B87F73404FAF}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{97840858-3DF6-442E-8DB1-33A8CF11C77F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{A3A734D8-4A58-48C3-B443-F7F407C72619}C:\program files\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files\connectify\connectify.exe |
"TCP Query User{C9E0D8E9-F13C-4E3B-8C43-C02DCB33870D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{EC2EDA37-1743-4A9B-A450-CBB865586E99}C:\program files\microsoft office\office12\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"TCP Query User{FD8C95DD-CF49-4115-870A-7448BF736C4B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1764C401-F932-4420-BDC7-58B6C676E588}C:\program files\microsoft office\office12\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"UDP Query User{6721A3EB-1E27-413D-BB0E-96A3848AB220}\\rnkeo-mail\commtext\mfw\program\mfw32.exe" = protocol=17 | dir=in | app=\\rnkeo-mail\commtext\mfw\program\mfw32.exe |
"UDP Query User{7AEBF549-4921-48B8-A36B-BC708A1467C6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8E6EC235-E4FD-497B-BE07-685F34D7CF93}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{8F44CE9E-8495-4F59-82D5-D74E211BEAB9}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{9E02ED0F-7965-4995-A1EA-9348F1D78764}C:\program files\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files\connectify\connectify.exe |
"UDP Query User{A84AD21B-CF4A-4589-8F58-2902AE822292}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{E369967E-71B0-406A-8C26-7D98FF18E383}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"UDP Query User{F5EF5121-4C55-4CDF-919E-81ADA0A82E74}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C6F231-1B18-C448-323A-56D1A0DB9C46}" = Catalyst Control Center Graphics Full New
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0FC8C813-CEA0-42E1-8052-64DCA5973810}" = Kensington Display Adapter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{17FB7811-87DD-53C4-3A56-7F7F37DCD802}" = Catalyst Control Center Graphics Previews Vista
"{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}" = Client Security - Password Manager
"{192359F3-D455-0C89-3161-766008BD6D10}" = CCC Help French
"{1DF0C90D-0705-32EA-B4DB-341C311EBB93}" = ATI Catalyst Install Manager
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216038FF}" = Java™ 6 Update 38
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D440AF4-7330-43F0-A085-35DE1A90E703}" = Lenovo Fingerprint Software
"{38D80A4C-D893-4985-BA3F-0B1D9E848CED}" = ESET Smart Security
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{446B2807-CF65-6D50-2BC8-141E235CD1CD}" = ccc-core-static
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5033F411-4848-49D6-BAC2-DAA06AFA0AFC}" = HP Deskjet 2050 J510 series Basic Device Software
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.64.02
"{5C111F14-D9BE-459D-B0B6-B4D082F03749}" = Mobile Broadband Connect
"{5E09E82C-004D-4F08-B051-46DE6D79F71A}" = Microsoft Visual C++ Redist - ENU
"{5EF31A56-3C64-4649-BF91-8D2516CFF92E}" = SmartShelter|PDF Reader
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{73ED3EA3-F96F-D098-7EE4-146FBD30113E}" = PX Profile Update
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}" = Verizon Wireless Mobile Broadband Self Activation
"{7C6DD158-A31F-5F0B-82A0-C28258CBB31F}" = CCC Help Japanese
"{80F3F10B-A177-4494-93CE-98090D819093}" = Internet Explorer Toolbar 4.7 by SweetPacks
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82EB6CEA-749A-410F-8AD2-372A286BA3BE}" = Integrated Camera Driver Installer Package Ver.1.27.500.0
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{872D8B75-1B00-E5AD-22DD-DA74CA237C7C}" = CCC Help Chinese Standard
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9B0B15A5-DDCB-BD52-DF23-0FB44A59B903}" = ccc-utility
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C344D4A-69B8-430E-B463-BAA1A83D7F68}" = HP Deskjet 2050 J510 series Product Improvement Study
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{A34D0CB7-38BC-2C6D-270E-84BF07DB7CCB}" = Catalyst Control Center Graphics Light
"{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 4
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B2D4BB21-3239-4AA3-AB3B-126F8306FE30}" = Nokia Internet Modem
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B99D0112-5508-59BD-B80E-4049E907845C}" = CCC Help Chinese Traditional
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE6B5757-43F4-44CF-BB65-9C58867288A8}" = DisplayLink Core Software
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB5B4945-AA4C-5A32-D6EC-0365F6DC0C41}" = Catalyst Control Center Core Implementation
"{D00A26B4-CFAD-373C-8A62-4408AA382451}" = CCC Help Dutch
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D4001570-E33E-5B45-7BB6-B0AD9E08788C}" = CCC Help German
"{D54FF0DE-61B6-4436-AB3C-6F41B7D2A197}" = CodeMeter Runtime Kit v4.40
"{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel® PROSet/Wireless WiFi Software
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{D984A74E-DFB9-B6A2-C863-732A551F8FB2}" = Catalyst Control Center Localization All
"{DAA3DC12-2A82-0866-B3E1-8BCFF6EC5715}" = CCC Help Korean
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{E1EA855E-9187-4AFB-E7A9-FE655B48386B}" = CCC Help English
"{E276D6EE-9FB5-8456-633A-603893C8F539}" = CCC Help Portuguese
"{E2773E0C-BD2A-D110-F209-0C3E1118009E}" = CCC Help Spanish
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F042F206-13CF-43DB-BDF5-FFFE46357E5A}" = 3G USB Modem
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1B03D1F-29B4-86D7-DCF5-8C2DCE13B05E}" = CCC Help Italian
"{F65525AB-4B63-AC34-BE4A-08CA24FC1414}" = Catalyst Control Center Graphics Full Existing
"{F67714D1-6842-EACA-C159-D25B947FA380}" = Catalyst Control Center InstallProxy
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F932659E-6B83-1BF6-C10D-5F722F33C175}" = CCC Help Swedish
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"112AA64E0C8CC704E307FE914F7DEC1C0035598E" = Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55)
"1FBDB507F002A372EB195A0ACF6E2A2F9D34689E" = Windows Driver Package - Ricoh Company (rismxdp) hdc (09/03/2009 6.10.01.05)
"5F72B7FA1792CB768F6A46E18A9DAD0E1FE1C863" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (09/03/2009 6.10.01.05)
"7-Zip" = 7-Zip 9.20
"8E6CE26AD682E6D46DCCDD39CD93277A2EAF2449" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (07/07/2009 8.1.2.56)
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"ATI Uninstaller" = ATI Uninstaller
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"Broad Mobi HSPA Modem Normal Version_is1" = D-Link Connection Manager v6.0.0WW
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CES 4.1" = CES 4.1
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"D50474ACAF488895A3CE5D30373288EA6AD46EAA" = Windows Driver Package - Ricoh Company MMC Host Controller (09/03/2009 6.10.01.05)
"E59560E2F5B162D40255FCD327ACA5E989D995D2" = Windows Driver Package - Ricoh (5U875UVC) Image (07/08/2009 1.27.500.0)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"Google Chrome" = Google Chrome
"HECI" = Intel® Management Engine Interface
"HP Photo Creations" = HP Photo Creations
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{F042F206-13CF-43DB-BDF5-FFFE46357E5A}" = 3G USB Modem
"Kensington Universal Multi-Display Adapter" = Kensington Universal Multi-Display Adapter
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"MapWinGIS ActiveX_is1" = MapWinGIS ActiveX Control
"Marine Software WorkStation Files_is1" = Marine Software WorkStation Files
"MESOL" = Intel® Active Management Technology
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 30.0 (x86 en-US)" = Mozilla Firefox 30.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OnScreenDisplay" = On Screen Display
"OptimizerPro" = OptimizerPro
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"SoftwareUpdUtility" = Download Updater (AOL Inc.)
"SopCast" = SopCast 3.5.0
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TAP-Windows" = TAP-Windows 9.9.2
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VLC media player" = VideoLAN VLC media player 0.8.6i
"W7DevOR" = Registry Patch to arrange icons in Device and Printers folder of Windows 7
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4142048944-2663147581-261081445-2255\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"837939c830195d2e" = FutureShip EEOI Calculator

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/14/2014 10:58:16 AM | Computer Name = TECH-SUP18.Nord.local | Source = System Restore | ID = 8193
Description =

Error - 12/14/2014 10:58:16 AM | Computer Name = TECH-SUP18.Nord.local | Source = System Restore | ID = 8211
Description =

Error - 12/15/2014 6:23:52 AM | Computer Name = TECH-SUP18.Nord.local | Source = Application Error | ID = 1000
Description = Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc89a Faulting module name: IWMSSvc.dll, version: 14.3.0.0, time stamp:
0x4eb05342 Exception code: 0xc0000005 Fault offset: 0x0009ed50 Faulting process id:
0x784 Faulting application start time: 0x01d0184c16c473d6 Faulting application path:
C:\Windows\system32\WLANExt.exe Faulting module path: C:\Windows\System32\IWMSSvc.dll
Report
Id: 7702a9dc-8444-11e4-acbb-00234df3d10e

Error - 12/15/2014 8:42:18 AM | Computer Name = TECH-SUP18.Nord.local | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Lenovo\Access
Connections\AcCryptHlpr.dll".Error in manifest or policy file "C:\Program Files\Lenovo\Access
Connections\AcCryptHlpr.dll" on line 0. Invalid Xml syntax.

Error - 12/15/2014 9:00:48 AM | Computer Name = TECH-SUP18.Nord.local | Source = System Restore | ID = 8193
Description =

Error - 12/15/2014 9:00:48 AM | Computer Name = TECH-SUP18.Nord.local | Source = System Restore | ID = 8211
Description =

Error - 12/15/2014 12:42:23 PM | Computer Name = TECH-SUP18.Nord.local | Source = System Restore | ID = 8193
Description =

Error - 12/15/2014 12:42:23 PM | Computer Name = TECH-SUP18.Nord.local | Source = System Restore | ID = 8211
Description =

Error - 12/15/2014 1:50:51 PM | Computer Name = TECH-SUP18.Nord.local | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.17496 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 140c Start
Time: 01d0188ba2ca784e Termination Time: 0 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 12/15/2014 2:22:23 PM | Computer Name = TECH-SUP18.Nord.local | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.17496 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: d64 Start
Time: 01d0188faac68de4 Termination Time: 0 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

[ Lenovo-Message Center Plus/Admin Events ]
Error - 8/5/2014 12:37:14 AM | Computer Name = TECH-SUP18.Nord.local | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file size of the downloaded file /TOC.cab is not the same as the
file size of the file on the server

Error - 8/5/2014 12:37:14 AM | Computer Name = TECH-SUP18.Nord.local | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\default
does not have a Lenovo Digital Signature. The file will be deleted

Error - 8/5/2014 4:39:35 AM | Computer Name = TECH-SUP18.Nord.local | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 8/20/2014 12:42:18 PM | Computer Name = TECH-SUP18.Nord.local | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 8/30/2014 4:41:07 PM | Computer Name = TECH-SUP18.Nord.local | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 8/30/2014 8:43:03 PM | Computer Name = TECH-SUP18.Nord.local | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 8/31/2014 12:45:03 AM | Computer Name = TECH-SUP18.Nord.local | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 8/31/2014 4:47:00 AM | Computer Name = TECH-SUP18.Nord.local | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 8/31/2014 8:49:01 AM | Computer Name = TECH-SUP18.Nord.local | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 8/31/2014 12:51:00 PM | Computer Name = TECH-SUP18.Nord.local | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

[ OSession Events ]
Error - 2/11/2013 2:37:51 AM | Computer Name = TECH-SUP18.Nord.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 867
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/11/2013 6:22:55 AM | Computer Name = TECH-SUP18.Nord.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 13492
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/21/2013 3:47:10 AM | Computer Name = TECH-SUP18.Nord.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9659
seconds with 1380 seconds of active time. This session ended with a crash.

Error - 3/4/2013 7:43:57 AM | Computer Name = TECH-SUP18.Nord.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 19925
seconds with 3120 seconds of active time. This session ended with a crash.

Error - 9/9/2013 4:42:31 AM | Computer Name = TECH-SUP18.Nord.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14710
seconds with 4740 seconds of active time. This session ended with a crash.

Error - 9/9/2013 4:44:19 AM | Computer Name = TECH-SUP18.Nord.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 98
seconds with 60 seconds of active time. This session ended with a crash.

Error - 9/9/2013 7:58:52 AM | Computer Name = TECH-SUP18.Nord.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11664
seconds with 1200 seconds of active time. This session ended with a crash.

Error - 2/26/2014 2:41:39 AM | Computer Name = TECH-SUP18.Nord.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 48
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/23/2014 2:48:06 AM | Computer Name = TECH-SUP18.Nord.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 35
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/23/2014 6:10:38 AM | Computer Name = TECH-SUP18.Nord.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/15/2014 4:07:04 PM | Computer Name = TECH-SUP18.Nord.local | Source = Service Control Manager | ID = 7031
Description = The DisplayLinkManager service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 12/15/2014 4:07:21 PM | Computer Name = TECH-SUP18.Nord.local | Source = Service Control Manager | ID = 7016
Description = The Data Transfer Service service has reported an invalid current
state 0.

Error - 12/15/2014 4:07:29 PM | Computer Name = TECH-SUP18.Nord.local | Source = Microsoft-Windows-TBS | ID = 16385
Description = An internal TBS error was detected. The error code was 0x80070013.
This is usually caused by unexpected TPM or driver behavior and may be transient.

Error - 12/16/2014 5:37:45 AM | Computer Name = TECH-SUP18.Nord.local | Source = Application Popup | ID = 875
Description = Driver tap0801.sys has been blocked from loading.

Error - 12/16/2014 5:37:53 AM | Computer Name = TECH-SUP18.Nord.local | Source = amdkmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 12/16/2014 5:37:53 AM | Computer Name = TECH-SUP18.Nord.local | Source = amdkmdag | ID = 43029
Description = Display is not active

Error - 12/16/2014 5:37:58 AM | Computer Name = TECH-SUP18.Nord.local | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain NORD due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 12/16/2014 5:38:00 AM | Computer Name = TECH-SUP18.Nord.local | Source = Microsoft-Windows-GroupPolicy | ID = 1055
Description = The processing of Group Policy failed. Windows could not resolve the
computer name. This could be caused by one of more of the following: a) Name Resolution
failure on the current domain controller. b) Active Directory Replication Latency
(an account created on another domain controller has not replicated to the current
domain controller).

Error - 12/16/2014 5:38:31 AM | Computer Name = TECH-SUP18.Nord.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 12/16/2014 5:39:31 AM | Computer Name = TECH-SUP18.Nord.local | Source = DCOM | ID = 10016
Description =


< End of report >

 

By the way I do not use the infected computer for posting. I have a Chromebook.

Oh yeah, it used to have Windows Vista on it, now it has been upgraded to Windows 7.

TechGuy2014


Edited by TechGuy2014, 16 December 2014 - 07:44 AM.

  • 0

#4
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Thanks for that. The shootout begins now.



remove%20outdated.jpg Uninstall some programs

We need to uninstall some programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • Optimizer Pro

Pay special attention when uninstalling, some of the programs may have checkboxes that will either install others instead or ask you to leave them installed!
After completing uninstalls, please manually reboot your machine!


51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    autoclean;
    C:\ProgramData\CloudSoft;fs
    OpenVPNService;s
    NETw5s32;s
    C:\Users\stv\AppData\Roaming\mozilla\firefox\profiles\bmlkzc7t.default\searchplugins\sweetim.xml;f
    C:\Users\stv\AppData\Roaming\mozilla\firefox\profiles\bmlkzc7t.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi;f
    {EEE6C361-6118-11DC-9C72-001320C79847};c
    emptyclsid;
    {D4027C7F-154A-4066-A1AD-4243D8127440};c
    C:\Users\stv\AppData\Roaming\OpenCandy;fs
    startupall;
    filesrcm;
    skipfix-iedefaults;
    firefoxlook;
    chromelook;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!


  • 0

#5
TechGuy2014

TechGuy2014

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hey Naat,

I have uninstalled the Optimizer Pro but I am unable to disable my antivirus because it requires a password which I do not remember. I will try to find it and will tell you when I have managed/or not to disable it. Is it possible to run ZOEK with antivirus on?

 

My antivirus is Eset Smart Security 4 ( Business Edition)

 

TechGuy2014


  • 0

#6
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Your AV will most likely target ZOEK and remove it before it will do anything. 

 

Is this a corporate machine?


  • 0

#7
TechGuy2014

TechGuy2014

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Yes it is a corporate computer but has been replaced with a newer one, so this one is kept at home. It does require to be connected to the company wifi to update Eset which is a bit annoying. 

 

Also I have been searching the registry and found these strange entries (these are the results of a quick look at the registry, haven't checked it thoroughly):

HKEY_CURRENT_USER\Software\SweetIM

HKEY_CURRENT_USER\Software\Optimizer Pro

HKEY_CURRENT_USER\Software\(chinese letters) inside there is a PC Suit folder

HKEY_CURRENT_USER\Software\Tune Up

 

 

Not sure about this one though:

HKEY_CURRENT_USER\Software\PC-Doctor\PC-Doctor for Windows

 

It has a value called 'internetaccess_allowed'       Data=true

 

This PC-Doctor cannot be found in the uninstall/change applications in control panel. I also found Internet Explorer toolbar 4.7 by SweetPacks. I would also like to know how to completely remove Sopcast 3.5.0 (which I have installed but do not need it).

 

I have also deleted the Sweetpacks addon on firefox and disabled all plugins and resetted firefox. Should I do the same to Chrome and IE?

 

Could you give your opinions on the above and what to do with them please?

 

TechGuy2014


Edited by TechGuy2014, 16 December 2014 - 10:52 AM.

  • 0

#8
TechGuy2014

TechGuy2014

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hey Naat,

 

I don't want to sound paranoic or anything, but are you sure ZOEK is a safe application to use? I have seen some bad reviews for it on some websites and I'm not sure if I really want to risk it. 

 

TechGuy2014


  • 0

#9
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

I don't want to sound paranoic or anything, but are you sure ZOEK is a safe application to use? I have seen some bad reviews for it on some websites and I'm not sure if I really want to risk it.

I use ZOEK here and on every other forum I am present. Either you trust "some websites" or a trained malware removal specialist, it's up to you.

However I'm afraid I need to withdraw my assistance for you. Since this is a corporate-owned machine and you don't even know the password to stop your AV, we won't do much here. Every other tool I'd ask you to download requires switching the AV off.

Please also bare in mind our Terms of Use, point 3b.


  • 0

#10
TechGuy2014

TechGuy2014

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hey Naat,

 

I'm sorry that you have to withdraw your assistance, but the company's IT department no longer offers support these computers as they are outdated and have since been replaced. They were given away for personal use and they won't do anything to help. So I guess I have nothing to do other than buying a new Windows CD. 

 

Thanks for your help,

TechGuy2014

 

PS. Can you at least tell me this? Should I delete the strange registry entries that I posted earlier? 


  • 0

#11
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi,

 

If this machine is not longer owned by a company and you've got the rights for it now, I may be able to help you.  Let me know when ready and we may continue.


  • 0

#12
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: Suspect a virus on my laptop, Virus on my laptop, Viruses, Malware, Potentially Unwanted Programs, InstallMate, Win32/InstallRex.T, WIn32 Virus, Installmate virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP