Antivir malware
-
Antivir malware
My wife picked up the "antivir" malware from an airline site. I went to bleeping computer.com for info and did the following:
1.) boot in safemode
2.) uncheck proxy server in IE
3.) run rkill
4.) run MBAM
MBAM found some trojan items and took care of them.
The computer is 64-bit Vista and has no protection that I know of. Could someone please take a look at a log to see if the computer is clean and also recomend some free AV to use?
Thanks in advance.
-
Please, read HERE, and post required logs.
-
Hi Broni,
Thanks for your help. Here are the logs for MBAM and GMER. I'll post the other logs in a separate reply.
MBAM:
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Database version: 4391
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
8/8/2010 10:44:04 PM
mbam-log-2010-08-08 (22-44-04).txt
Scan type: Quick scan
Objects scanned: 143521
Time elapsed: 7 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER LOG:
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-09 00:16:37
Windows 6.0.6001 Service Pack 1
Running: mr81euf8.exe
---- Files - GMER 1.0.15 ----
File C:\RRbackups\C 0 bytes
File C:\RRbackups\C\0 0 bytes
File C:\RRbackups\C\0\Data27 50003968 bytes
File C:\RRbackups\C\0\Data46 50003968 bytes
File C:\RRbackups\C\0\Data65 50003968 bytes
File C:\RRbackups\C\0\Data0 50003968 bytes
File C:\RRbackups\C\0\Data1 50003968 bytes
File C:\RRbackups\C\0\Data10 50003968 bytes
File C:\RRbackups\C\0\Data100 50003968 bytes
File C:\RRbackups\C\0\Data101 50003968 bytes
File C:\RRbackups\C\0\Data102 50003968 bytes
File C:\RRbackups\C\0\Data103 50003968 bytes
File C:\RRbackups\C\0\Data104 50003968 bytes
File C:\RRbackups\C\0\Data105 50003968 bytes
File C:\RRbackups\C\0\Data106 50003968 bytes
File C:\RRbackups\C\0\Data107 50003968 bytes
File C:\RRbackups\C\0\Data108 50003968 bytes
File C:\RRbackups\C\0\Data109 50003968 bytes
File C:\RRbackups\C\0\Data11 50003968 bytes
File C:\RRbackups\C\0\Data110 50003968 bytes
File C:\RRbackups\C\0\Data111 50003968 bytes
File C:\RRbackups\C\0\Data112 50003968 bytes
File C:\RRbackups\C\0\Data12 50003968 bytes
File C:\RRbackups\C\0\Data13 50003968 bytes
File C:\RRbackups\C\0\Data14 50003968 bytes
File C:\RRbackups\C\0\Data15 50003968 bytes
File C:\RRbackups\C\0\Data16 50003968 bytes
File C:\RRbackups\C\0\Data17 50003968 bytes
File C:\RRbackups\C\0\Data18 50003968 bytes
File C:\RRbackups\C\0\Data19 50003968 bytes
File C:\RRbackups\C\0\Data2 50003968 bytes
File C:\RRbackups\C\0\Data20 50003968 bytes
File C:\RRbackups\C\0\Data21 50003968 bytes
File C:\RRbackups\C\0\Data22 50003968 bytes
File C:\RRbackups\C\0\Data23 50003968 bytes
File C:\RRbackups\C\0\Data24 50003968 bytes
File C:\RRbackups\C\0\Data25 50003968 bytes
File C:\RRbackups\C\0\Data26 50003968 bytes
File C:\RRbackups\C\0\Data28 50003968 bytes
File C:\RRbackups\C\0\Data29 50003968 bytes
File C:\RRbackups\C\0\Data3 50003968 bytes
File C:\RRbackups\C\0\Data30 50003968 bytes
File C:\RRbackups\C\0\Data31 50003968 bytes
File C:\RRbackups\C\0\Data32 50003968 bytes
File C:\RRbackups\C\0\Data33 50003968 bytes
File C:\RRbackups\C\0\Data34 50003968 bytes
File C:\RRbackups\C\0\Data35 50003968 bytes
File C:\RRbackups\C\0\Data36 50003968 bytes
File C:\RRbackups\C\0\Data37 50003968 bytes
File C:\RRbackups\C\0\Data38 50003968 bytes
File C:\RRbackups\C\0\Data39 50003968 bytes
File C:\RRbackups\C\0\Data4 50003968 bytes
File C:\RRbackups\C\0\Data40 50003968 bytes
File C:\RRbackups\C\0\Data41 50003968 bytes
File C:\RRbackups\C\0\Data42 50003968 bytes
File C:\RRbackups\C\0\Data43 50003968 bytes
File C:\RRbackups\C\0\Data44 50003968 bytes
File C:\RRbackups\C\0\Data45 50003968 bytes
File C:\RRbackups\C\0\Data47 50003968 bytes
File C:\RRbackups\C\0\Data48 50003968 bytes
File C:\RRbackups\C\0\Data49 50003968 bytes
File C:\RRbackups\C\0\Data5 50003968 bytes
File C:\RRbackups\C\0\Data50 50003968 bytes
File C:\RRbackups\C\0\Data51 50003968 bytes
File C:\RRbackups\C\0\Data52 50003968 bytes
File C:\RRbackups\C\0\Data53 50003968 bytes
File C:\RRbackups\C\0\Data54 50003968 bytes
File C:\RRbackups\C\0\Data55 50003968 bytes
File C:\RRbackups\C\0\Data56 50003968 bytes
File C:\RRbackups\C\0\Data57 50003968 bytes
File C:\RRbackups\C\0\Data58 50003968 bytes
File C:\RRbackups\C\0\Data59 50003968 bytes
File C:\RRbackups\C\0\Data6 50003968 bytes
File C:\RRbackups\C\0\Data60 50003968 bytes
File C:\RRbackups\C\0\Data61 50003968 bytes
File C:\RRbackups\C\0\Data62 50003968 bytes
File C:\RRbackups\C\0\Data63 50003968 bytes
File C:\RRbackups\C\0\Data64 50003968 bytes
File C:\RRbackups\C\0\Data66 50003968 bytes
File C:\RRbackups\C\0\Data67 50003968 bytes
File C:\RRbackups\C\0\Data68 50003968 bytes
File C:\RRbackups\C\0\Data69 50003968 bytes
File C:\RRbackups\C\0\Data7 50003968 bytes
File C:\RRbackups\C\0\Data70 50003968 bytes
File C:\RRbackups\C\0\Data71 50003968 bytes
File C:\RRbackups\C\0\Data72 50003968 bytes
File C:\RRbackups\C\0\Data73 50003968 bytes
File C:\RRbackups\C\0\Data74 50003968 bytes
File C:\RRbackups\C\0\Data75 50003968 bytes
File C:\RRbackups\C\0\Data76 50003968 bytes
File C:\RRbackups\C\0\Data77 50003968 bytes
File C:\RRbackups\C\0\Data78 50003968 bytes
File C:\RRbackups\C\0\Data79 50003968 bytes
File C:\RRbackups\C\0\Data8 50003968 bytes
File C:\RRbackups\C\0\Data80 50003968 bytes
File C:\RRbackups\C\0\Data81 50003968 bytes
File C:\RRbackups\C\0\Data82 50003968 bytes
File C:\RRbackups\C\0\Data83 50003968 bytes
File C:\RRbackups\C\0\Data84 50003968 bytes
File C:\RRbackups\C\0\Data85 50003968 bytes
File C:\RRbackups\C\0\Data86 50003968 bytes
File C:\RRbackups\C\0\Data87 50003968 bytes
File C:\RRbackups\C\0\Data88 50003968 bytes
File C:\RRbackups\C\0\Data89 50003968 bytes
File C:\RRbackups\C\0\Data9 50003968 bytes
File C:\RRbackups\C\0\Data90 50003968 bytes
File C:\RRbackups\C\0\Data91 50003968 bytes
File C:\RRbackups\C\0\Data92 50003968 bytes
File C:\RRbackups\C\0\Data93 50003968 bytes
File C:\RRbackups\C\0\Data94 50003968 bytes
File C:\RRbackups\C\0\Data95 50003968 bytes
File C:\RRbackups\C\0\Data96 50003968 bytes
File C:\RRbackups\C\0\Data97 50003968 bytes
File C:\RRbackups\C\0\Data98 50003968 bytes
File C:\RRbackups\C\0\Data99 50003968 bytes
File C:\RRbackups\C\0\EFSFile 0 bytes
File C:\RRbackups\C\0\HashFile 1451352 bytes
File C:\RRbackups\C\0\Info 0 bytes
File C:\RRbackups\C\0\TOCFile 147554120 bytes
File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\backups.dat 8192 bytes
File C:\RRbackups\common\bmgrmode.dat 29 bytes
File C:\RRbackups\common\css.dat 8192 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 110 bytes
File C:\RRbackups\common\rr.log 34466 bytes
File C:\RRbackups\common\rr_bcdenum.dat 4168 bytes
File C:\RRbackups\common\SAM 262144 bytes
File C:\RRbackups\common\secpolicy.dat 20480 bytes
File C:\RRbackups\common\settings.dat 32768 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\usersids.dat 20800 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\C rypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\C rypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\C rypto\RSA\S-1-5-21-432148126-3170665589-795329589-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\C rypto\RSA\S-1-5-21-432148126-3170665589-795329589-500\8f71098770f72c7a67cd8f1151619865_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 54 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\P rotect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\P rotect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\P rotect\S-1-5-21-2954931239-385123427-3653054573-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\P rotect\S-1-5-21-2954931239-385123427-3653054573-500\3a1b7501-4387-496f-a860-64554f41ab50 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\P rotect\S-1-5-21-2954931239-385123427-3653054573-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\P rotect\S-1-5-21-432148126-3170665589-795329589-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\P rotect\S-1-5-21-432148126-3170665589-795329589-500\a9d39b00-924f-4c0c-853b-5f7fcb676fad 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\P rotect\S-1-5-21-432148126-3170665589-795329589-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\S ystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\S ystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\S ystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\S ystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\S ystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\lqi 0 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData 0 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Lenovo\Client Security Solution\enroll.ini 32 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Microsoft\Crypto\RSA\ S-1-5-21-432148126-3170665589-795329589-1003 0 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Microsoft\Crypto\RSA\ S-1-5-21-432148126-3170665589-795329589-1003\62a45886e06c7d046ea8b819bec0598a_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 45 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Microsoft\Crypto\RSA\ S-1-5-21-432148126-3170665589-795329589-1003\6b29ae44e85efac3c72ff4d1865d73f1_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 53 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Microsoft\Crypto\RSA\ S-1-5-21-432148126-3170665589-795329589-1003\83aa4cc77f591dfc2374580bbd95f6ba_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 45 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Microsoft\Crypto\RSA\ S-1-5-21-432148126-3170665589-795329589-1003\8f71098770f72c7a67cd8f1151619865_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 54 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Microsoft\Protect\CRE DHIST 24 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Microsoft\Protect\S-1-5-21-432148126-3170665589-795329589-1003 0 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Microsoft\Protect\S-1-5-21-432148126-3170665589-795329589-1003\2497295e-a6ff-4d9b-8c3c-b846023f3cb0 388 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Microsoft\Protect\S-1-5-21-432148126-3170665589-795329589-1003\35d352e9-6cec-4708-9ebd-37785d7ff08d 388 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Microsoft\Protect\S-1-5-21-432148126-3170665589-795329589-1003\8ad852a9-1a5b-45f0-b554-1ef9e31db8f8 388 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Microsoft\Protect\S-1-5-21-432148126-3170665589-795329589-1003\a55e2e77-34b6-4433-ba52-8785b77ed22c 388 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Microsoft\Protect\S-1-5-21-432148126-3170665589-795329589-1003\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Microsoft\SystemCerti ficates 0 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Microsoft\SystemCerti ficates\My 0 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Microsoft\SystemCerti ficates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Microsoft\SystemCerti ficates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\lqi\AppData\Roaming\Microsoft\SystemCerti ficates\My\CTLs 0 bytes
File C:\RRbackups\ProgramData 0 bytes
File C:\RRbackups\ProgramData\Microsoft 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\04836675d4aef5970c10786062c1ef4f_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 77 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\0bb6bf26f4b4223cf2ce5f15320258f1_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 77 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\0fd79e0df429ed8b6ad56d35e97900bc_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 1305 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\1d10613f2ee966c84d6d08e3bb10dc13_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 1305 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\228b3307ee120960fa7bc981f11b07f1_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 77 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\35461bc1efa0e88721435b76a1458417_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 1305 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\4b743ca12f2bd13d0989f560a44e2c55_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 1305 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\5dbc6d95b2ff47a533806688fd34117d_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 1305 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\5fd02a6b23562662a6cb0e471dfa39f9_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 77 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\6c680727dfac19a9df999734358e32e7_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 1305 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\71515343ba2ad84049670f95b92dbcc6_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 77 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\75dc40c0bd44c4b6c8d9233839b82cce_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 1305 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\7b214f26ea27b34de34b1caa21dac2b5_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 1305 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\8282e8491eefafb505a6708815b870ac_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 77 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\85c29698354827f41950a6dd5d34dc36_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 1305 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\a0876bf21bd2d3fc57718d1034b04f7d_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 1305 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\a9fea6c2b04ea01f95420fba2de317c4_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 1305 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\abc682d080ba323b7405de263ceedd61_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 77 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\af613da282cd4b826ef8caa1a1f97f1c_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 77 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\b25d710d6334a5500bd8e9f06016e3a4_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 77 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\cad22f0cfb08f5ee78d507cfaddcd175_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 77 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\d2bd7e426526cf89736dbd99f7230c93_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 1305 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\d8485f09a481470433d5ea96ac7440c3_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 77 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\e20ecd0f5458e729de49a695df2fad94_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 1305 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\3e9fd40d700297ec091a0a2abeffc896_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 77 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\ae5401eb2f82750f5f7b56389f6a2000_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 77 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\e21c346bfa45211cb639e6748de64787_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 77 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\e25f18cba290c1e7e3b595f8adb4a6b7_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 1305 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\e325bc14d087a2dd00047475d2ea6f0b_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 1305 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\eb9b8498fafe1a064500d02b9031328a_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 1305 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\eede0f6f2e71e48731f0bdccc694d9a7_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 77 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\fc1e3851f429ea606d6ff1e01a5229f1_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 52 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\Mach ineKeys\fcad562231fd1169ef17d25fb9b1e154_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 77 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\62a45886e06c7d046ea8b819bec0598a_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 45 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 47 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 54 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_cc9eee0a-4fa0-4cde-aa76-c21785e3cd84 893 bytes
---- EOF - GMER 1.0.15 ----
-
Hi Broni,
Here is the log for MBR.
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover
device: opened successfully
user: MBR read successfully
kernel: error reading MBR
-
Here is the log for OTL:
OTL logfile created on: 8/9/2010 11:10:26 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\lqi\Desktop
64bit-Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.65 Gb Total Space | 97.05 Gb Free Space | 43.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 9.77 Gb Total Space | 2.54 Gb Free Space | 26.04% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.68 Gb Free Space | 46.30% Space Free | Partition Type: NTFS
Computer Name: LQI-PC
Current User Name: lqi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/09 11:09:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\lqi\Desktop\OTL.exe
PRC - [2009/12/21 19:35:18 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService .exe
PRC - [2009/09/26 00:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/08/04 04:49:00 | 000,318,096 | ---- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe
PRC - [2009/07/10 14:43:24 | 000,177,440 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2009/07/10 14:43:20 | 000,435,488 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2009/07/10 14:43:18 | 000,238,880 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2009/07/10 14:43:14 | 000,124,192 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/07/10 14:14:16 | 000,077,824 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACGadgetWrapper.ex e
PRC - [2009/07/10 14:13:38 | 000,335,872 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/05/21 07:48:38 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/05/21 07:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/04/15 15:04:00 | 000,061,728 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/04/14 06:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/03/19 02:45:26 | 000,461,376 | ---- | M] (LENOVO) -- C:\Program Files (x86)\ThinkVantage\AMSG\Amsg.exe
PRC - [2009/03/13 04:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/03/12 21:12:52 | 000,172,032 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
PRC - [2009/02/02 05:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/01/14 13:42:00 | 000,472,352 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMUIAux.EXE
PRC - [2009/01/14 13:42:00 | 000,066,848 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/07 14:38:00 | 000,256,576 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files (x86)\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2008/08/31 14:02:00 | 000,165,208 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2008/08/31 14:02:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2008/08/12 12:05:00 | 001,116,656 | ---- | M] (Roxio) -- C:\Program Files (x86)\Lenovo2\Drag-to-Disc\DrgToDsc.exe
PRC - [2008/06/13 20:42:54 | 000,779,576 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2008/05/29 04:10:56 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2008/05/29 04:10:48 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\AMT\LMS.exe
PRC - [2008/05/24 19:49:56 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008/05/24 19:49:32 | 001,155,072 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2008/05/24 19:31:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2008/05/24 19:17:54 | 000,520,192 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/05/24 18:52:50 | 000,032,768 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2008/01/20 22:48:57 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieuser.exe
PRC - [2008/01/20 22:47:31 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/26 20:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/03 21:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files (x86)\Digital Line Detect\DLG.exe
========== Modules (SafeList) ==========
MOD - [2010/08/09 11:09:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\lqi\Desktop\OTL.exe
MOD - [2008/01/20 22:48:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 22:46:25 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdb aa5a083979cc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/05/21 07:48:24 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2009/05/21 07:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2009/02/11 17:39:34 | 001,454,080 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2009/02/11 17:38:02 | 000,306,688 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2009/02/11 16:22:36 | 000,825,856 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/01/28 20:59:34 | 000,047,656 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2008/09/28 21:18:00 | 000,045,344 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2008/01/20 22:50:33 | 000,252,928 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2008/01/20 22:50:17 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2008/01/20 22:49:41 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 22:45:48 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/18 02:37:22 | 000,412,672 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WP F\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/12 00:11:13 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService .exe -- (FreeAgentGoNext Service)
SRV - [2009/07/10 14:43:18 | 000,238,880 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/07/10 14:43:14 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/01/14 13:42:00 | 000,066,848 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/09 05:08:30 | 000,360,448 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/06/13 20:42:54 | 000,779,576 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2008/05/29 04:10:56 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2008/05/29 04:10:48 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2008/05/24 19:49:32 | 001,155,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2008/05/24 19:31:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2008/05/24 19:17:54 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/05/24 18:52:50 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/04/25 11:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/09/26 20:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/05 12:45:16 | 000,037,696 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tvtfilter.sys -- (tvtfilter)
DRV:64bit: - [2009/08/05 12:44:43 | 000,035,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\psadd.sys -- (psadd)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/11 04:26:18 | 000,407,576 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/02/09 14:26:42 | 000,036,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mux.sys -- (MUXP)
DRV:64bit: - [2009/02/09 14:26:42 | 000,036,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mux.sys -- (MUXMP)
DRV:64bit: - [2009/02/09 12:49:26 | 004,828,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2009/02/09 05:02:06 | 000,637,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/01/28 20:58:24 | 000,133,160 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Apsx64.sys -- (Shockprf)
DRV:64bit: - [2009/01/28 20
46 | 000,023,592 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009/01/26 01:03:20 | 000,029,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tp4track.sys -- (Tp4Track)
DRV:64bit: - [2009/01/14 13:42:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Tppwr64v.sys -- (TPPWRIF)
DRV:64bit: - [2009/01/05 00:36:16 | 000,151,656 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr)
DRV:64bit: - [2008/09/28 21:17:40 | 000,029,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2008/09/08 21:02:02 | 007,914,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/09/02 22:27:58 | 000,092,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\5U875.sys -- (5U875UVC)
DRV:64bit: - [2008/08/22 02:10:26 | 000,316,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2008/08/21 23:50:32 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgp.sys -- (motccgp)
DRV:64bit: - [2008/08/21 23:50:02 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2008/08/18 03:11:52 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ICDUSB3.sys -- (ICDUSB3)
DRV:64bit: - [2008/07/16 04:01:00 | 000,055,360 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\tvtumon.sys -- (tvtumon)
DRV:64bit: - [2008/05/12 05:04:26 | 000,015,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2008/04/09 06:16:54 | 000,017,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2008/04/08 06:00:00 | 000,055,024 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/03/26 01:13:40 | 000,056,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2008/03/25 03:51:16 | 001,487,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/03/25 03:47:06 | 000,294,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2008/03/25 03:45:44 | 000,740,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/02/22 18:54:24 | 000,041,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2008/01/20 22:50:17 | 000,460,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2008/01/20 22:47:20 | 000,119,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\irda.sys -- (irda)
DRV:64bit: - [2008/01/20 22:45:42 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:45:13 | 000,054,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2008/01/20 22:45:11 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 22:45:09 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2008/01/20 22:45:09 | 000,111,104 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/10/18 02:37:10 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2007/10/11 11:40:00 | 000,027,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\MosIrUsb.sys -- (MosIrUsb)
DRV:64bit: - [2007/06/18 19:29:58 | 000,010,360 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLADResE.SYS -- (DLADResE)
DRV:64bit: - [2007/06/18 19:29:44 | 000,044,152 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLABMFSE.SYS -- (DLABMFSE)
DRV:64bit: - [2007/06/18 19:29:42 | 000,135,544 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAUDFAE.SYS -- (DLAUDFAE)
DRV:64bit: - [2007/06/18 19:29:40 | 000,143,736 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAUDF_E.SYS -- (DLAUDF_E)
DRV:64bit: - [2007/06/18 19:29:36 | 000,034,552 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAOPIOE.SYS -- (DLAOPIOE)
DRV:64bit: - [2007/06/18 19:29:32 | 000,041,976 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLABOIOE.SYS -- (DLABOIOE)
DRV:64bit: - [2007/06/18 19:29:28 | 000,018,040 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAPoolE.SYS -- (DLAPoolE)
DRV:64bit: - [2007/06/18 19:29:26 | 000,142,584 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAIFS_E.SYS -- (DLAIFS_E)
DRV:64bit: - [2007/03/12 04:25:30 | 000,123,992 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\DRVECDB.SYS -- (DRVECDB)
DRV:64bit: - [2007/02/09 15:34:18 | 000,063,608 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\DRVEDDM.SYS -- (DRVEDDM)
DRV:64bit: - [2007/02/08 23:05:36 | 000,039,160 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\DLARTL_E.SYS -- (DLARTL_E)
DRV:64bit: - [2007/02/08 23:05:36 | 000,015,864 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\DLACDBHE.SYS -- (DLACDBHE)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN by Lenovo
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN by Lenovo
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN by Lenovo
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo - Welcome - Country selection [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mail.agnesscott.edu/exchange [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyServer" = http=127.0.0.1:6522
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/29 13:54:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/29 13:54:58 | 000,000,000 | ---D | M]
[2010/06/29 13:55:17 | 000,000,000 | ---D | M] -- C:\Users\lqi\AppData\Roaming\Mozilla\Extensions
[2010/06/30 11:54:55 | 000,000,000 | ---D | M] -- C:\Users\lqi\AppData\Roaming\Mozilla\Firefox\Profi les\d7tyfmwv.default\extensions
[2010/06/30 11:54:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\lqi\AppData\Roaming\Mozilla\Firefox\Profi les\d7tyfmwv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/30 09:54:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\lqi\AppData\Roaming\Mozilla\Firefox\Profi les\d7tyfmwv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/29 13:54:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe ()
O4:64bit: - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ACTray] C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMSG] C:\Program Files (x86)\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [BLOG] C:\Program Files (x86)\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Program Files (x86)\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe ()
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files (x86)\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files (x86)\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files (x86)\Lenovo2\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files (x86)\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/Veriz...oadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll (CCTVUpdateInstall)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll ()
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\My Pictures\2008_07_hawaii\2008_07_03\IMG_1692.JPG
O24 - Desktop BackupWallPaper: C:\My Pictures\2008_07_hawaii\2008_07_03\IMG_1692.JPG
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008/06/02 18:46:54 | 000,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{236ea144-81da-11de-8f61-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{236ea144-81da-11de-8f61-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008/07/21 12:09:40 | 000,262,144 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{4006db59-81d2-11de-ad4a-001f16239150}\Shell - "" = AutoRun
O33 - MountPoints2\{4006db59-81d2-11de-ad4a-001f16239150}\Shell\AutoRun\command - "" = S:\LenovoSDrive.exe -- [2008/07/29 18:37:58 | 000,180,224 | -HS- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll ()
Drivers32:64bit: aux - wdmaud.drv ()
Drivers32:64bit: midi - wdmaud.drv ()
Drivers32:64bit: midimapper - midimap.dll ()
Drivers32:64bit: mixer - wdmaud.drv ()
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32:64bit: msacm.msadpcm - msadp32.acm ()
Drivers32:64bit: msacm.msg711 - msg711.acm ()
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm ()
Drivers32:64bit: MSVideo8 - VfWWDM32.dll ()
Drivers32:64bit: vidc.i420 - iyuv_32.dll ()
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll ()
Drivers32:64bit: vidc.mrle - msrle32.dll ()
Drivers32:64bit: vidc.msvc - msvidc32.dll ()
Drivers32:64bit: VIDC.UYVY - msyuv.dll ()
Drivers32:64bit: VIDC.YUY2 - msyuv.dll ()
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll ()
Drivers32:64bit: VIDC.YVYU - msyuv.dll ()
Drivers32:64bit: wave - wdmaud.drv ()
Drivers32:64bit: wavemapper - msacm32.drv ()
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 90 Days ==========
[2010/08/09 11:09:12 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\lqi\Desktop\OTL.exe
[2010/08/08 22:24:30 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\lqi\Desktop\TFC.exe
[2010/08/08 12:32:11 | 000,000,000 | ---D | C] -- C:\Users\lqi\AppData\Roaming\InterVideo
[2010/08/05 02:44:53 | 000,000,000 | ---D | C] -- C:\Users\lqi\AppData\Roaming\Malwarebytes
[2010/08/05 02:44:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/05 02:44:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/05 02:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/05 02:43:26 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\lqi\Desktop\mbam-setup.exe
[2010/08/05 02:31:27 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/02 22:58:43 | 000,000,000 | ---D | C] -- C:\Users\lqi\AppData\Local\senudkujb
[2010/07/06 10:28:03 | 000,000,000 | ---D | C] -- C:\Users\lqi\AppData\Roaming\HotSync
[2010/06/30 09:57:41 | 000,000,000 | ---D | C] -- C:\Users\lqi\AppData\Local\Yahoo
[2010/06/30 09:54:32 | 000,000,000 | ---D | C] -- C:\Users\lqi\AppData\Roaming\Yahoo!
[2010/06/30 09:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/06/30 09:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/06/29 13:55:03 | 000,000,000 | ---D | C] -- C:\Users\lqi\AppData\Roaming\Mozilla
[2010/06/29 13:55:03 | 000,000,000 | ---D | C] -- C:\Users\lqi\AppData\Local\Mozilla
[2010/06/29 13:54:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/06/29 13:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/06/29 13:19:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/06/29 13:19:27 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/06/29 12:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/06/27 09:20:12 | 000,000,000 | ---D | C] -- C:\Users\lqi\Tracing
[2010/06/27 09:17:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/06/27 09:13:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/06/06 14:47:31 | 000,000,000 | ---D | C] -- C:\Users\lqi\AppData\Roaming\Roxio
========== Files - Modified Within 90 Days ==========
[2010/08/09 11:10:41 | 003,145,728 | -HS- | M] () -- C:\Users\lqi\NTUSER.DAT
[2010/08/09 11:09:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\lqi\Desktop\OTL.exe
[2010/08/09 10:52:14 | 000,769,072 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/09 10:52:14 | 000,651,210 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/09 10:52:14 | 000,121,692 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/09 10:45:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/09 10:45:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/09 10:45:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/09 10:45:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/09 10:45:38 | 3112,202,240 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/09 00
04 | 000,524,288 | -HS- | M] () -- C:\Users\lqi\NTUSER.DAT{865d07f1-6a85-11db-acd0-9270719989e3}.TMContainer00000000000000000001.regt rans-ms
[2010/08/09 0004 | 000,065,536 | -HS- | M] () -- C:\Users\lqi\NTUSER.DAT{865d07f1-6a85-11db-acd0-9270719989e3}.TM.blf
[2010/08/08 22:29:53 | 003,208,538 | -H-- | M] () -- C:\Users\lqi\AppData\Local\IconCache.db
[2010/08/08 22:24:35 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\lqi\Desktop\TFC.exe
[2010/08/07 20:53:58 | 000,009,216 | ---- | M] () -- C:\Users\lqi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/07 19:44:07 | 011,358,208 | ---- | M] () -- C:\Users\lqi\AppData\Local\filesync.metadata
[2010/08/05 02:54:02 | 000,422,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/05 02:44:46 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/05 02:43:30 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\lqi\Desktop\mbam-setup.exe
[2010/08/05 02:40:24 | 000,363,520 | ---- | M] () -- C:\Users\lqi\Desktop\rkill.com
[2010/08/05 02:15:29 | 003,815,648 | ---- | M] () -- C:\Users\lqi\Desktop\ComboFix.exe
[2010/08/05 02:13:08 | 000,077,312 | ---- | M] () -- C:\Users\lqi\Desktop\mbr.exe
[2010/08/05 01:06:39 | 000,293,376 | ---- | M] () -- C:\Users\lqi\Desktop\mr81euf8.exe
[2010/07/27 23:37:34 | 000,015,083 | ---- | M] () -- C:\Users\lqi\Desktop\QiXin_itinerary.docx
[2010/07/17 22:34:15 | 000,002,675 | ---- | M] () -- C:\Users\lqi\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010/07/14 03:17:23 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2010/07/10 12:29:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl _01005.Wdf
[2010/07/10 12:29:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_0 1005.Wdf
[2010/07/06 10:28:03 | 000,000,094 | ---- | M] () -- C:\Windows\family.ini
[2010/06/30 14:22:14 | 000,002,319 | ---- | M] () -- C:\Users\lqi\Desktop\StataSE 10.lnk
[2010/06/30 09:54:11 | 000,001,006 | ---- | M] () -- C:\Users\lqi\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/06/30 09:54:11 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/06/29 13:54:59 | 000,001,812 | ---- | M] () -- C:\Users\lqi\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/29 13:54:59 | 000,001,788 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/06/29 12:30:50 | 000,002,025 | ---- | M] () -- C:\Users\lqi\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk
[2010/06/24 22:11:58 | 000,020,778 | ---- | M] () -- C:\Users\lqi\Desktop\booklist.docx
[2010/06/21 12:17:47 | 000,028,768 | ---- | M] () -- C:\Users\lqi\Documents\Itinerary_july24.docx
[2010/05/27 18:10:52 | 000,011,519 | ---- | M] () -- C:\Users\lqi\Desktop\California Baby Sunblock Stick No Fragrance.docx
[2010/05/26 12:53:52 | 000,048,128 | ---- | M] () -- C:\Windows\SysNative\atmlib.dll
[2010/05/26 1053 | 000,366,080 | ---- | M] () -- C:\Windows\SysNative\atmfd.dll
========== Files Created - No Company Name ==========
[2010/08/05 02:53:45 | 3112,202,240 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/05 02:44:46 | 000,000,858 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/05 02:44:43 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/05 02:40:23 | 000,363,520 | ---- | C] () -- C:\Users\lqi\Desktop\rkill.com
[2010/08/05 02:15:26 | 003,815,648 | ---- | C] () -- C:\Users\lqi\Desktop\ComboFix.exe
[2010/08/05 02:13:07 | 000,077,312 | ---- | C] () -- C:\Users\lqi\Desktop\mbr.exe
[2010/08/05 01:06:36 | 000,293,376 | ---- | C] () -- C:\Users\lqi\Desktop\mr81euf8.exe
[2010/08/02 23:05:46 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/07/10 12:29:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl _01005.Wdf
[2010/07/10 12:29:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_0 1005.Wdf
[2010/06/30 09:54:11 | 000,001,006 | ---- | C] () -- C:\Users\lqi\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/06/30 09:54:11 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/06/29 13:54:59 | 000,001,812 | ---- | C] () -- C:\Users\lqi\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/29 13:54:59 | 000,001,788 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/06/29 12:30:50 | 000,002,025 | ---- | C] () -- C:\Users\lqi\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk
[2010/06/24 21:31:50 | 000,020,778 | ---- | C] () -- C:\Users\lqi\Desktop\booklist.docx
[2010/06/24 09:59:43 | 000,015,083 | ---- | C] () -- C:\Users\lqi\Desktop\QiXin_itinerary.docx
[2010/06/24 09:37:05 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/06/24 09:37:05 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/06/24 09:37:05 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/24 09:37:05 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/24 09:37:05 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/06/23 18:20:38 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/06/23 18:20:37 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/06/21 12:17:46 | 000,028,768 | ---- | C] () -- C:\Users\lqi\Documents\Itinerary_july24.docx
[2010/06/09 17:23:10 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/06/09 17:23:10 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/06/09 17:23:08 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
[2010/06/09 17:22:59 | 002,750,976 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/06/09 17:22:51 | 005,690,368 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/06/09 17:22:50 | 007,006,208 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/06/09 17:22:49 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/06/09 17:22:49 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/06/09 17:22:48 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/06/09 17:22:48 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/06/09 17:22:47 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/06/09 17:22:47 | 000,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/09 17:22:47 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/06/09 17:22:47 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/09 17:22:47 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/09 17:22:46 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/06/09 17:22:46 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/06/09 17:22:46 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/06/09 17:22:46 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010/06/09 17:22:46 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2010/06/09 17:22:46 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/09 17:22:46 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/06/09 17:22:15 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/05/27 18:10:51 | 000,011,519 | ---- | C] () -- C:\Users\lqi\Desktop\California Baby Sunblock Stick No Fragrance.docx
[2010/05/25 13:43:35 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/05/11 16:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2009/09/27 22:14:51 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini
[2009/09/23 21:17:42 | 000,000,438 | ---- | C] () -- C:\Windows\{38CE8FAD-2E31-4CA8-B671-1BA7A8A54B28}_WiseFW.ini
[2009/08/19 21:18:27 | 000,000,031 | ---- | C] () -- C:\Windows\WebUpdateSvc4.INI
[2009/08/05 12:59:26 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/05 12:34:47 | 000,056,056 | ---- | C] () -- C:\Windows\SysWow64\DLAAPI_W.DLL
[2009/08/05 12:34:47 | 000,000,132 | ---- | C] () -- C:\Windows\wininit.ini
[2009/08/05 12:31:35 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2009/08/05 12:31:35 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2009/08/05 12:31:35 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2009/08/05 12:31:35 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2009/08/05 12:31:35 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2009/08/05 12:31:35 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/01/20 22:48:25 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:48:07 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2005/01/03 11:10:44 | 000,319,488 | ---- | C] () -- C:\Windows\SysWow64\DLXAPI32.DLL
========== LOP Check ==========
[2009/09/19 21:59:56 | 000,000,000 | ---D | M] -- C:\Users\lqi\AppData\Roaming\com.adobe.mauby.4875E 02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/06 10:28:03 | 000,000,000 | ---D | M] -- C:\Users\lqi\AppData\Roaming\HotSync
[2010/08/08 12:32:11 | 000,000,000 | ---D | M] -- C:\Users\lqi\AppData\Roaming\InterVideo
[2009/09/14 16:17:49 | 000,000,000 | ---D | M] -- C:\Users\lqi\AppData\Roaming\Leadertech
[2009/08/13 21:03:46 | 000,000,000 | ---D | M] -- C:\Users\lqi\AppData\Roaming\Lenovo
[2009/09/15 21:49:19 | 000,000,000 | ---D | M] -- C:\Users\lqi\AppData\Roaming\Quantitative Micro Software
[2009/08/19 20:58:22 | 000,000,000 | ---D | M] -- C:\Users\lqi\AppData\Roaming\Stata10
[2009/08/19 21:55:13 | 000,000,000 | ---D | M] -- C:\Users\lqi\AppData\Roaming\stattransfer10
[2010/07/14 03:17:23 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2010/08/09 0012 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/08/09 10:45:38 | 3112,202,240 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/08/09 10:45:36 | 3425,910,784 | -HS- | M] () -- C:\pagefile.sys
[2010/08/05 02:42:15 | 000,000,348 | ---- | M] () -- C:\rkill.log
[2009/08/05 12:25:00 | 000,000,211 | ---- | M] () -- C:\setup.log
[2010/08/09 10:45:52 | 000,153,076 | ---- | M] () -- C:\sysiclog.txt
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/11/02 11:04:43 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 11:04:43 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 11:04:43 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 11:04:43 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\user32.dll /md5 >
[2008/01/20 22:47:33 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SysWOW64\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/20 22:48:54 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 05:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\SysWOW64\ws2help.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Files - Unicode (All) ==========
[2009/09/23 21:17:51 | 000,000,927 | ---- | M] ()(C:\Users\lqi\Application Data\Microsoft\Internet Explorer\Quick Launch\???????2.0.lnk) -- C:\Users\lqi\Application Data\Microsoft\Internet Explorer\Quick Launch\个人数字图书馆2.0.lnk
[2009/09/23 21:17:51 | 000,000,927 | ---- | C] ()(C:\Users\lqi\Application Data\Microsoft\Internet Explorer\Quick Launch\???????2.0.lnk) -- C:\Users\lqi\Application Data\Microsoft\Internet Explorer\Quick Launch\个人数字图书馆2.0.lnk
[2009/09/23 21:17:51 | 000,000,903 | ---- | M] ()(C:\Users\Public\Desktop\???????2.0.lnk) -- C:\Users\Public\Desktop\个人数字图书馆2.0.lnk
[2009/09/23 21:17:51 | 000,000,903 | ---- | C] ()(C:\Users\Public\Desktop\???????2.0.lnk) -- C:\Users\Public\Desktop\个人数字图书馆2.0.lnk
========== Alternate Data Streams ==========
@Alternate Data Stream - 60 bytes -> C:\Users\lqi\Documents\Li Qi Documents:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Li Qi Documents:AFP_AfpInfo
< End of report >
-
Here is the OTL Extras:
OTL Extras logfile created on: 8/9/2010 11:10:26 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\lqi\Desktop
64bit-Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.65 Gb Total Space | 97.05 Gb Free Space | 43.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 9.77 Gb Total Space | 2.54 Gb Free Space | 26.04% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.68 Gb Free Space | 46.30% Space Free | Partition Type: NTFS
Computer Name: LQI-PC
Current User Name: lqi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 62 71 2D 74 DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{32DECF00-0BF8-477A-9CB0-ADD7F727C0E6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{516008B4-952F-45AD-A049-75ED3590BBE1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{77AE49FB-62A1-4A8E-B4B4-7FB6A2FE12EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{089269F3-67AF-4485-88DC-728777953185}" = protocol=17 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{0BA0B4C6-779A-4A75-8C8A-C0978A0A6516}" = protocol=6 | dir=in | app=c:\program files (x86)\ttkn\cajviewer 7.0\pdl.exe |
"{12D92703-8F31-464C-A205-55619C74DA9C}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{139B4B5E-5731-45CB-83E1-04F1A8522EDF}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{45C571DC-B99C-47A2-9AD8-62F3CBAC0987}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{499D9328-A26C-4E0F-BFA3-FC2FC12C5BEF}" = protocol=17 | dir=in | app=c:\program files (x86)\ttkn\cajviewer 7.0\cajviewer.exe |
"{4AD32F48-39A9-4020-8F6F-683119EF70E3}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5E3A6F38-CCE1-4C16-9171-9D6EC2C11919}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A01C495B-6803-4CCD-9294-72480A0BDEC0}" = protocol=17 | dir=in | app=c:\program files (x86)\ttkn\cajviewer 7.0\pdl.exe |
"{A516F972-D815-461C-BA48-BCDC16FA4549}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{B4E1097C-92E4-4FA9-B7E9-7523404CE195}" = protocol=6 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{B5B27378-EA01-4D63-AAAA-FD49A75A5BDB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C387B99F-36BA-4597-A351-361D5E9E8A26}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C59C87E9-975A-4934-91E0-1112248A9EC3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D62EEDD7-1A07-43AA-AA77-C986DCD24248}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{DA002DB5-8778-4196-9F43-A3E18102A5F5}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{DD5B9B4B-EFCA-44B5-8C3C-DD2B8EADAF18}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F4EB4F68-B459-4035-B314-7E2216D483F9}" = protocol=6 | dir=in | app=c:\program files (x86)\ttkn\cajviewer 7.0\cajviewer.exe |
"TCP Query User{1C9CD8B3-DC6A-4ACA-A064-BC0F66B34E9A}C:\li qi documents\lucy_stefano_segmentmkt_project\zleaf.ex e" = protocol=6 | dir=in | app=c:\li qi documents\lucy_stefano_segmentmkt_project\zleaf.ex e |
"TCP Query User{329FEEC9-DE09-4975-A144-A61C91C6F0AB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{F3D645A6-E36F-4593-8E08-0A48ADF47A09}C:\li qi documents\lucy_stefano_segmentmkt_project\ztree.ex e" = protocol=6 | dir=in | app=c:\li qi documents\lucy_stefano_segmentmkt_project\ztree.ex e |
"UDP Query User{956480F9-D41C-4C7A-B1D2-2BCDD46DE451}C:\li qi documents\lucy_stefano_segmentmkt_project\zleaf.ex e" = protocol=17 | dir=in | app=c:\li qi documents\lucy_stefano_segmentmkt_project\zleaf.ex e |
"UDP Query User{A3B5265F-A412-49E4-9EFD-C4D20CDF4078}C:\li qi documents\lucy_stefano_segmentmkt_project\ztree.ex e" = protocol=17 | dir=in | app=c:\li qi documents\lucy_stefano_segmentmkt_project\ztree.ex e |
"UDP Query User{FF76C213-EF03-46A4-8B49-C49A84A4842D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09A84D86-C709-4825-9548-ACF4838D478D}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F86416012FF}" = Java(TM) 6 Update 12 (64-bit)
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{32508A23-C9EA-4D29-83CA-97A42A13701E}" = Microsoft Sync Framework Services v1.0 (x64)
"{3BBEECF5-7592-4BD5-9849-00D0DD1B0142}" = Client Security - Password Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{53D7A054-4598-4947-A159-E8FCC77720AB}" = Microsoft Sync Framework Runtime v1.0 (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{B25BFFC9-FF51-44F2-9E46-4D93849C836F}" = SyncToy 2.0 (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7C0432A-25DE-4A7E-A023-AED120B96A7B}" = ThinkVantage Status Gadget
"0A7603E3091C168CDE422A2B3481A2F7D17D0954" = Windows Driver Package - Intel hdc (02/20/2008 6.9.1.1001)
"2B053EB8813734570BD5EF69F42789854F082261" = Windows Driver Package - Lenovo 1.52 (09/29/2008 1.52)
"2F2643B72F26121EB770DEFFAFF0DA6E71C8D0A8" = Windows Driver Package - Intel (e1yexpress) Net (08/22/2008 9.52.10.1001)
"3A508078B63BDC7D117BD9B1BD97C7FE8E79672B" = Windows Driver Package - Ricoh (5U875UVC) Image (09/03/2008 1.25.500.0)
"432D918ED17EA51B73E8491A0369730C0076A292" = Windows Driver Package - Intel System (02/20/2008 8.6.1.1002)
"464CE3922A214073AAEE00DEB23EA5C750AF8CE8" = Windows Driver Package - Intel USB (02/05/2007 8.3.0.1011)
"513C7D1BF4530B30EC84716327E4D7E76810DCC5" = Windows Driver Package - Intel System (02/20/2008 8.7.0.1007)
"5A4D4FF375E24E41AE5D2D907E67E0884BE2CAF4" = Windows Driver Package - Intel System (01/30/2008 8.6.1.1001)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
"EC1E678D1EFB79A1D02C312390944027C715CD5C" = Windows Driver Package - Intel (iaStor) hdc (02/11/2009 8.8.0.1009)
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"LENOVO.SMIIF" = Lenovo System Interface Driver
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo System Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TrackPoint" = ThinkPad TrackPoint Driver
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{356C896A-6BE6-487D-AA37-C999F945E6CF}" = Integrated Camera TWAIN
"{38CE8FAD-2E31-4CA8-B671-1BA7A8A54B28}" = CAJViewer
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BB0D53E-1167-4A61-8661-62FB02050D02}" = EViews 6
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{6395D480-9F3B-4930-8204-B91C8882F967}" = Stata 10
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78E9A751-5616-233F-1249-16AC5758C646}" = muvee Reveal Seagate Edition
"{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}" = Verizon Wireless Mobile Broadband Self Activation
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{82EB6CEA-749A-410F-8AD2-372A286BA3BE}" = Integrated Camera Driver Installer Package Ver.1.25.500.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{97BBF90F-A852-4AA0-872B-42D13AA22D94}" = Mobile Broadband Connect
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_930" = Adobe Acrobat 9.3.0 - CPSID_52073
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B3204 85DF8CE.1" = Acrobat.com
"ENTERPRISER" = Microsoft Office Enterprise 2007
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"Lenovo Registration" = Lenovo Registration
"Lenovo Welcome_is1" = Lenovo Welcome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PowerCmd_is1" = PowerCmd 2.1
"PROHYBRIDR" = 2007 Microsoft Office system
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Stat/Transfer" = Stat/Transfer Nine
"Web Update Wizard (Redistributable)" = Web Update Wizard (Redistributable) 4.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/8/2010 10:19:11 PM | Computer Name = lqi-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e 7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdb aa5a083979cc.manifest.
Error - 8/8/2010 10:19:11 PM | Computer Name = lqi-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e 7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdb aa5a083979cc.manifest.
Error - 8/8/2010 10:31:49 PM | Computer Name = lqi-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e 7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdb aa5a083979cc.manifest.
Error - 8/8/2010 10:31:49 PM | Computer Name = lqi-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e 7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdb aa5a083979cc.manifest.
Error - 8/8/2010 10:33:46 PM | Computer Name = lqi-PC | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 14.0.8117.416, time stamp
0x4bc935af, faulting module WLDCore.dll, version 14.0.8117.416, time stamp 0x4bc93503,
exception code 0xc0000005, fault offset 0x00002ee5, process id 0xc8c, application
start time 0x01cb376b06522c86.
Error - 8/8/2010 11:47:53 PM | Computer Name = lqi-PC | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
Error - 8/9/2010 12:13:01 AM | Computer Name = lqi-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e 7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdb aa5a083979cc.manifest.
Error - 8/9/2010 12:13:01 AM | Computer Name = lqi-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e 7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdb aa5a083979cc.manifest.
Error - 8/9/2010 10:46:09 AM | Computer Name = lqi-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e 7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdb aa5a083979cc.manifest.
Error - 8/9/2010 10:46:09 AM | Computer Name = lqi-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e 7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdb aa5a083979cc.manifest.
[ System Events ]
Error - 8/8/2010 10:38:59 PM | Computer Name = lqi-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 8/8/2010 10:39:29 PM | Computer Name = lqi-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 8/8/2010 10:39:59 PM | Computer Name = lqi-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 8/8/2010 10:40:29 PM | Computer Name = lqi-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 8/8/2010 10:41:02 PM | Computer Name = lqi-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 8/8/2010 10:41:32 PM | Computer Name = lqi-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 8/9/2010 10:45:48 AM | Computer Name = lqi-PC | Source = HTTP | ID = 15016
Description =
Error - 8/9/2010 10:45:57 AM | Computer Name = lqi-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 8/9/2010 10:46:01 AM | Computer Name = lqi-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 8/9/2010 11:07:21 AM | Computer Name = lqi-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Users\lqi\AppData\Local\Temp\mbr.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.
< End of report >
-
MBR log, you posted is not the one, I asked for....
Download MBRCheck to your desktop
Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
-
Hi Broni,
Here is the MBRCHECK you requested.
Thank you.
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 7465CTO
Logical Drives Mask: 0x0005000c
Kernel Drivers (total 174):
0x01E50000 \SystemRoot\system32\ntoskrnl.exe
0x01E0A000 \SystemRoot\system32\hal.dll
0x00604000 \SystemRoot\system32\kdcom.dll
0x0060E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0063B000 \SystemRoot\system32\PSHED.dll
0x0064F000 \SystemRoot\system32\CLFS.SYS
0x006AC000 \SystemRoot\system32\CI.dll
0x0080E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F6000 \SystemRoot\system32\drivers\acpi.sys
0x0094C000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00955000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095F000 \SystemRoot\system32\drivers\pci.sys
0x0098F000 \SystemRoot\System32\drivers\partmgr.sys
0x009A4000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x009A8000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009B4000 \SystemRoot\system32\drivers\volmgr.sys
0x0075E000 \SystemRoot\System32\drivers\volmgrx.sys
0x009C8000 \SystemRoot\system32\drivers\pciide.sys
0x009CF000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009DF000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A00000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00B1D000 \SystemRoot\system32\drivers\atapi.sys
0x00B25000 \SystemRoot\system32\drivers\ataport.SYS
0x00B49000 \SystemRoot\system32\drivers\msahci.sys
0x00B53000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B99000 \SystemRoot\system32\drivers\fileinfo.sys
0x00BAD000 \SystemRoot\System32\Drivers\DRVECDB.SYS
0x00BCA000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00C07000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E00000 \SystemRoot\system32\drivers\ndis.sys
0x00C8E000 \SystemRoot\system32\drivers\msrpc.sys
0x00CDE000 \SystemRoot\system32\drivers\NETIO.SYS
0x01000000 \SystemRoot\System32\drivers\tcpip.sys
0x01174000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01201000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01385000 \SystemRoot\system32\drivers\volsnap.sys
0x013C9000 \SystemRoot\System32\DRIVERS\ApsHM64.sys
0x013D3000 \SystemRoot\System32\Drivers\spldr.sys
0x013DB000 \SystemRoot\System32\DRIVERS\Apsx64.sys
0x011A0000 \SystemRoot\System32\Drivers\mup.sys
0x011B2000 \SystemRoot\System32\drivers\ecache.sys
0x011DE000 \SystemRoot\system32\drivers\disk.sys
0x00FC3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x011F2000 \SystemRoot\system32\drivers\crcdisk.sys
0x0232C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02339000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02342000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02405000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02C03000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02CE2000 \SystemRoot\System32\drivers\watchdog.sys
0x02CF1000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x02D02000 \SystemRoot\system32\DRIVERS\serial.sys
0x02D1F000 \SystemRoot\system32\DRIVERS\serenum.sys
0x02D2B000 \SystemRoot\system32\DRIVERS\e1y60x64.sys
0x02D7B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02D87000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02DCD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02DDE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02E06000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
0x032AB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x032C1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x032CF000 \SystemRoot\system32\DRIVERS\tp4track.sys
0x032DB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x032E7000 \SystemRoot\system32\drivers\tpm.sys
0x032F7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x032FC000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x03307000 \SystemRoot\System32\Drivers\DLACDBHE.SYS
0x03326000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03333000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0333C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x03374000 \SystemRoot\system32\DRIVERS\storport.sys
0x033D1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02B92000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02355000 \SystemRoot\system32\DRIVERS\mux.sys
0x033DE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02BB5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x033EA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x023D4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02BE6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x00D36000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x00DD0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02DF1000 \SystemRoot\system32\DRIVERS\psadd.sys
0x023F2000 \SystemRoot\system32\DRIVERS\Tvti2c.sys
0x033FA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x007C4000 \SystemRoot\system32\DRIVERS\ks.sys
0x02200000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x00DE2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03400000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03448000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0345C000 \SystemRoot\system32\drivers\CHDRT64.sys
0x034FB000 \SystemRoot\system32\drivers\portcls.sys
0x03536000 \SystemRoot\system32\drivers\drmk.sys
0x03559000 \SystemRoot\system32\drivers\ksthunk.sys
0x0355F000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
0x04801000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x04A05000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x04AD0000 \SystemRoot\system32\drivers\modem.sys
0x04AF2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x04AFC000 \SystemRoot\System32\Drivers\Null.SYS
0x04B05000 \SystemRoot\System32\Drivers\DLARTL_E.SYS
0x04B17000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04B1F000 \SystemRoot\System32\drivers\vga.sys
0x04B2D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04B52000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04B5B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04B64000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04B6F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04B80000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x04B89000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04BA6000 \SystemRoot\system32\DRIVERS\smb.sys
0x04975000 \SystemRoot\system32\drivers\afd.sys
0x035B2000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04BC1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04BDF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x049E2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04BEE000 \SystemRoot\System32\drivers\Tppwr64v.sys
0x04C06000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04C54000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04C60000 \SystemRoot\system32\DRIVERS\smiifx64.sys
0x04C67000 \SystemRoot\system32\drivers\csc.sys
0x04CDD000 \SystemRoot\System32\Drivers\dfsc.sys
0x04CFA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04D16000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04D18000 \SystemRoot\system32\DRIVERS\5U875.sys
0x04D2F000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x04D70000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0220B000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x00090000 \SystemRoot\System32\win32k.sys
0x04D7E000 \SystemRoot\System32\drivers\Dxapi.sys
0x00400000 \SystemRoot\System32\TSDDD.dll
0x006D0000 \SystemRoot\System32\cdd.dll
0x04D9D000 \SystemRoot\system32\drivers\luafv.sys
0x04DBF000 \SystemRoot\system32\DRIVERS\tvtfilter.sys
0x04DCE000 \SystemRoot\System32\Drivers\DRVEDDM.SYS
0x04DDC000 \SystemRoot\System32\DLA\DLADResE.SYS
0x04DDD000 \SystemRoot\System32\DLA\DLAIFS_E.SYS
0x04BF4000 \SystemRoot\System32\DLA\DLAOPIOE.SYS
0x04C00000 \SystemRoot\System32\DLA\DLAPoolE.SYS
0x04ADF000 \SystemRoot\System32\DLA\DLABMFSE.SYS
0x04AE9000 \SystemRoot\System32\DLA\DLABOIOE.SYS
0x00BD6000 \SystemRoot\System32\DLA\DLAUDFAE.SYS
0x1580F000 \SystemRoot\System32\DLA\DLAUDF_E.SYS
0x15831000 \SystemRoot\system32\drivers\spsys.sys
0x158CB000 \SystemRoot\system32\DRIVERS\irda.sys
0x158EE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x15902000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x15936000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x15941000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x15959000 \SystemRoot\system32\drivers\HTTP.sys
0x15E06000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x15E2E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x15E4C000 \SystemRoot\System32\drivers\mpsdrv.sys
0x15E66000 \SystemRoot\system32\drivers\mrxdav.sys
0x15E8D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x15EB6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x15EFF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x15F1E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x15F50000 \SystemRoot\System32\DRIVERS\srv.sys
0x15FE7000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x16402000 \SystemRoot\system32\drivers\peauth.sys
0x164B8000 \SystemRoot\System32\Drivers\secdrv.SYS
0x164C3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x164D2000 \SystemRoot\system32\DRIVERS\xaudio64.sys
0x164DA000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x008D0000 \SystemRoot\System32\ATMFD.DLL
0x1654B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x1655E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x1657A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x16583000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x16595000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x165A0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x165AA000 \SystemRoot\System32\Drivers\usbaapl64.sys
0x77840000 \Windows\System32\ntdll.dll
Processes (total 109):
0 System Idle Process
4 System
504 C:\Windows\System32\smss.exe
628 csrss.exe
664 C:\Windows\System32\wininit.exe
684 csrss.exe
720 C:\Windows\System32\services.exe
732 C:\Windows\System32\lsass.exe
740 C:\Windows\System32\lsm.exe
844 C:\Windows\System32\winlogon.exe
924 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\ibmpmsvc.exe
328 C:\Windows\System32\svchost.exe
384 C:\Windows\System32\svchost.exe
588 C:\Windows\System32\svchost.exe
708 C:\Windows\System32\svchost.exe
736 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\audiodg.exe
1104 C:\Windows\System32\SLsvc.exe
1164 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\wlanext.exe
1528 C:\Windows\System32\spoolsv.exe
1560 C:\Windows\System32\svchost.exe
1764 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
1792 C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
1844 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1856 C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
1876 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1900 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2004 C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService .exe
1060 C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
1808 C:\Program Files (x86)\Intel\AMT\LMS.exe
2056 C:\Windows\System32\svchost.exe
2080 C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
2124 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2168 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2184 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2228 C:\Windows\System32\svchost.exe
2248 C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
2272 C:\Windows\System32\TPHDEXLG64.exe
2316 C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe
2336 C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrpservice.exe
2368 C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
2384 C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe
2432 C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
2496 C:\Windows\System32\svchost.exe
2520 C:\Windows\System32\SearchIndexer.exe
2580 C:\Windows\System32\drivers\XAudio64.exe
2612 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2624 C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcSvc.exe
2720 C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2952 C:\Program Files (x86)\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
2072 WmiPrvSE.exe
3268 C:\Windows\System32\taskeng.exe
3804 C:\Windows\System32\taskeng.exe
3844 C:\Windows\System32\dwm.exe
3944 C:\Windows\explorer.exe
3428 C:\Program Files\Windows Defender\MSASCui.exe
2972 C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
3928 C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
3176 C:\Windows\System32\TpShocks.exe
2364 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
3148 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
4000 C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
3136 C:\Windows\System32\igfxtray.exe
1784 C:\Windows\System32\hkcmd.exe
3580 C:\Windows\System32\igfxpers.exe
3128 C:\Program Files\Java\jre6\bin\jusched.exe
3156 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
3452 C:\Program Files\Windows Sidebar\sidebar.exe
3708 C:\Program Files (x86)\Digital Line Detect\DLG.exe
2052 C:\Program Files (x86)\RotateImage\RCIMGDIR.exe
4116 C:\Program Files (x86)\Lenovo\NPDIRECT\tpfnf7sp.exe
4136 C:\Program Files (x86)\ThinkPad\Utilities\EZEJMNAP.EXE
4148 C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
4160 C:\Windows\System32\igfxsrvc.exe
4168 C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMGR.EXE
4176 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
4232 C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMLCHK.EXE
4284 C:\Program Files (x86)\ThinkVantage\AMSG\Amsg.exe
4336 C:\Program Files (x86)\Lenovo2\Drag-to-Disc\DrgToDsc.exe
4348 C:\Windows\SysWOW64\rundll32.exe
4360 C:\Windows\System32\rundll32.exe
4396 C:\Program Files (x86)\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
4444 C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACTray.exe
4468 C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACWLIcon.exe
4540 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
4624 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4644 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4664 C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
5060 C:\Program Files\iPod\bin\iPodService.exe
4304 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
2676 C:\Program Files\Windows Sidebar\sidebar.exe
4864 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMUIAux.EXE
4104 C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACGadgetWrapper.ex e
5148 C:\Windows\SysWOW64\conime.exe
5260 C:\Windows\System32\wuauclt.exe
5576 C:\Program Files (x86)\Internet Explorer\ieuser.exe
5820 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5988 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Ac tiveX.exe
3520 C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
1144 WmiPrvSE.exe
540 C:\Program Files (x86)\Safari\Safari.exe
5180 C:\Windows\System32\SearchProtocolHost.exe
4604 C:\Windows\System32\SearchFilterHost.exe
6128 dllhost.exe
5568 dllhost.exe
3576 C:\Users\lqi\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000037`c7a00000 (NTFS)
\\.\S: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
PhysicalDrive0 Model Number: WDCWD2500BEVS-08VAT2, Rev: 14.01A14
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D46C623DC978C47D5224D9183DF5CF1370A53AA5
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
Done!
-
Any reason, why SP2 is not installed?
Rerun MBRCheck.
Enter Y, hit ENTER for more options and select option 2.
When asked for physical disk number, enter 0 (zero).
Next, enter 3 (Windows Vista) for MBR code.
Post resulting log.
-
Hi Broni,
1. I did not realize that I did not have SP2. I have Vista and automatic updates. I thought it was already automatically installed. Shall I go ahead to install SP2?
2. I also followed your link to install AVIRA. But in the installation process, it asked me to turn off Windows Defender (otherwise it warns that there may be compatibility problems.) Should I turn off Windows Defender? Or Windows Defender is a decent ant-virus software to have?
3. I re-ran MBRcheck and here is the result:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 7465CTO
Logical Drives Mask: 0x0005000c
Kernel Drivers (total 173):
0x01E50000 \SystemRoot\system32\ntoskrnl.exe
0x01E0A000 \SystemRoot\system32\hal.dll
0x00604000 \SystemRoot\system32\kdcom.dll
0x0060E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0063B000 \SystemRoot\system32\PSHED.dll
0x0064F000 \SystemRoot\system32\CLFS.SYS
0x006AC000 \SystemRoot\system32\CI.dll
0x0080E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F6000 \SystemRoot\system32\drivers\acpi.sys
0x0094C000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00955000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095F000 \SystemRoot\system32\drivers\pci.sys
0x0098F000 \SystemRoot\System32\drivers\partmgr.sys
0x009A4000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x009A8000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009B4000 \SystemRoot\system32\drivers\volmgr.sys
0x0075E000 \SystemRoot\System32\drivers\volmgrx.sys
0x009C8000 \SystemRoot\system32\drivers\pciide.sys
0x009CF000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009DF000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A00000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00B1D000 \SystemRoot\system32\drivers\atapi.sys
0x00B25000 \SystemRoot\system32\drivers\ataport.SYS
0x00B49000 \SystemRoot\system32\drivers\msahci.sys
0x00B53000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B99000 \SystemRoot\system32\drivers\fileinfo.sys
0x00BAD000 \SystemRoot\System32\Drivers\DRVECDB.SYS
0x00BCA000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00C07000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E00000 \SystemRoot\system32\drivers\ndis.sys
0x00C8E000 \SystemRoot\system32\drivers\msrpc.sys
0x00CDE000 \SystemRoot\system32\drivers\NETIO.SYS
0x01000000 \SystemRoot\System32\drivers\tcpip.sys
0x01174000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01201000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01385000 \SystemRoot\system32\drivers\volsnap.sys
0x013C9000 \SystemRoot\System32\DRIVERS\ApsHM64.sys
0x013D3000 \SystemRoot\System32\Drivers\spldr.sys
0x013DB000 \SystemRoot\System32\DRIVERS\Apsx64.sys
0x011A0000 \SystemRoot\System32\Drivers\mup.sys
0x011B2000 \SystemRoot\System32\drivers\ecache.sys
0x011DE000 \SystemRoot\system32\drivers\disk.sys
0x00FC3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x011F2000 \SystemRoot\system32\drivers\crcdisk.sys
0x0232C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02339000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02342000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02405000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02C03000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02CE2000 \SystemRoot\System32\drivers\watchdog.sys
0x02CF1000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x02D02000 \SystemRoot\system32\DRIVERS\serial.sys
0x02D1F000 \SystemRoot\system32\DRIVERS\serenum.sys
0x02D2B000 \SystemRoot\system32\DRIVERS\e1y60x64.sys
0x02D7B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02D87000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02DCD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02DDE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02E06000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
0x032AB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x032C1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x032CF000 \SystemRoot\system32\DRIVERS\tp4track.sys
0x032DB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x032E7000 \SystemRoot\system32\drivers\tpm.sys
0x032F7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x032FC000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x03307000 \SystemRoot\System32\Drivers\DLACDBHE.SYS
0x03326000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03333000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0333C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x03374000 \SystemRoot\system32\DRIVERS\storport.sys
0x033D1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02B92000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02355000 \SystemRoot\system32\DRIVERS\mux.sys
0x033DE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02BB5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x033EA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x023D4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02BE6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x00D36000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x00DD0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02DF1000 \SystemRoot\system32\DRIVERS\psadd.sys
0x023F2000 \SystemRoot\system32\DRIVERS\Tvti2c.sys
0x033FA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x007C4000 \SystemRoot\system32\DRIVERS\ks.sys
0x02200000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x00DE2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03400000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03448000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0345C000 \SystemRoot\system32\drivers\CHDRT64.sys
0x034FB000 \SystemRoot\system32\drivers\portcls.sys
0x03536000 \SystemRoot\system32\drivers\drmk.sys
0x03559000 \SystemRoot\system32\drivers\ksthunk.sys
0x0355F000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
0x04801000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x04A05000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x04AD0000 \SystemRoot\system32\drivers\modem.sys
0x04AF2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x04AFC000 \SystemRoot\System32\Drivers\Null.SYS
0x04B05000 \SystemRoot\System32\Drivers\DLARTL_E.SYS
0x04B17000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04B1F000 \SystemRoot\System32\drivers\vga.sys
0x04B2D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04B52000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04B5B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04B64000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04B6F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04B80000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x04B89000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04BA6000 \SystemRoot\system32\DRIVERS\smb.sys
0x04975000 \SystemRoot\system32\drivers\afd.sys
0x035B2000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04BC1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04BDF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x049E2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04BEE000 \SystemRoot\System32\drivers\Tppwr64v.sys
0x04C06000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04C54000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04C60000 \SystemRoot\system32\DRIVERS\smiifx64.sys
0x04C67000 \SystemRoot\system32\drivers\csc.sys
0x04CDD000 \SystemRoot\System32\Drivers\dfsc.sys
0x04CFA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04D16000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04D18000 \SystemRoot\system32\DRIVERS\5U875.sys
0x04D2F000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x04D70000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0220B000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x00090000 \SystemRoot\System32\win32k.sys
0x04D7E000 \SystemRoot\System32\drivers\Dxapi.sys
0x00400000 \SystemRoot\System32\TSDDD.dll
0x006D0000 \SystemRoot\System32\cdd.dll
0x04D9D000 \SystemRoot\system32\drivers\luafv.sys
0x04DBF000 \SystemRoot\system32\DRIVERS\tvtfilter.sys
0x04DCE000 \SystemRoot\System32\Drivers\DRVEDDM.SYS
0x04DDC000 \SystemRoot\System32\DLA\DLADResE.SYS
0x04DDD000 \SystemRoot\System32\DLA\DLAIFS_E.SYS
0x04BF4000 \SystemRoot\System32\DLA\DLAOPIOE.SYS
0x04C00000 \SystemRoot\System32\DLA\DLAPoolE.SYS
0x04ADF000 \SystemRoot\System32\DLA\DLABMFSE.SYS
0x04AE9000 \SystemRoot\System32\DLA\DLABOIOE.SYS
0x00BD6000 \SystemRoot\System32\DLA\DLAUDFAE.SYS
0x1580F000 \SystemRoot\System32\DLA\DLAUDF_E.SYS
0x15831000 \SystemRoot\system32\drivers\spsys.sys
0x158CB000 \SystemRoot\system32\DRIVERS\irda.sys
0x158EE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x15902000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x15936000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x15941000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x15959000 \SystemRoot\system32\drivers\HTTP.sys
0x15E06000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x15E2E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x15E4C000 \SystemRoot\System32\drivers\mpsdrv.sys
0x15E66000 \SystemRoot\system32\drivers\mrxdav.sys
0x15E8D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x15EB6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x15EFF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x15F1E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x15F50000 \SystemRoot\System32\DRIVERS\srv.sys
0x15FE7000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x16402000 \SystemRoot\system32\drivers\peauth.sys
0x164B8000 \SystemRoot\System32\Drivers\secdrv.SYS
0x164C3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x164D2000 \SystemRoot\system32\DRIVERS\xaudio64.sys
0x164DA000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x008D0000 \SystemRoot\System32\ATMFD.DLL
0x1654B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x1655E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x1657A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x16583000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x16595000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x165A0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x77840000 \Windows\System32\ntdll.dll
Processes (total 110):
0 System Idle Process
4 System
504 C:\Windows\System32\smss.exe
628 csrss.exe
664 C:\Windows\System32\wininit.exe
684 csrss.exe
720 C:\Windows\System32\services.exe
732 C:\Windows\System32\lsass.exe
740 C:\Windows\System32\lsm.exe
844 C:\Windows\System32\winlogon.exe
924 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\ibmpmsvc.exe
328 C:\Windows\System32\svchost.exe
384 C:\Windows\System32\svchost.exe
588 C:\Windows\System32\svchost.exe
708 C:\Windows\System32\svchost.exe
736 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\audiodg.exe
1104 C:\Windows\System32\SLsvc.exe
1164 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\wlanext.exe
1528 C:\Windows\System32\spoolsv.exe
1560 C:\Windows\System32\svchost.exe
1764 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
1792 C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
1844 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1856 C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
1876 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1900 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2004 C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService .exe
1060 C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
1808 C:\Program Files (x86)\Intel\AMT\LMS.exe
2056 C:\Windows\System32\svchost.exe
2080 C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
2124 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2168 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2184 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2228 C:\Windows\System32\svchost.exe
2248 C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
2272 C:\Windows\System32\TPHDEXLG64.exe
2316 C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe
2336 C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrpservice.exe
2368 C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
2384 C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe
2432 C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
2496 C:\Windows\System32\svchost.exe
2520 C:\Windows\System32\SearchIndexer.exe
2580 C:\Windows\System32\drivers\XAudio64.exe
2612 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2624 C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcSvc.exe
2720 C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2952 C:\Program Files (x86)\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
2072 WmiPrvSE.exe
3268 C:\Windows\System32\taskeng.exe
3804 C:\Windows\System32\taskeng.exe
3844 C:\Windows\System32\dwm.exe
3944 C:\Windows\explorer.exe
3428 C:\Program Files\Windows Defender\MSASCui.exe
2972 C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
3928 C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
3176 C:\Windows\System32\TpShocks.exe
2364 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
3148 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
4000 C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
3136 C:\Windows\System32\igfxtray.exe
1784 C:\Windows\System32\hkcmd.exe
3580 C:\Windows\System32\igfxpers.exe
3128 C:\Program Files\Java\jre6\bin\jusched.exe
3156 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
3452 C:\Program Files\Windows Sidebar\sidebar.exe
3708 C:\Program Files (x86)\Digital Line Detect\DLG.exe
2052 C:\Program Files (x86)\RotateImage\RCIMGDIR.exe
4116 C:\Program Files (x86)\Lenovo\NPDIRECT\tpfnf7sp.exe
4136 C:\Program Files (x86)\ThinkPad\Utilities\EZEJMNAP.EXE
4148 C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
4160 C:\Windows\System32\igfxsrvc.exe
4168 C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMGR.EXE
4176 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
4232 C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMLCHK.EXE
4284 C:\Program Files (x86)\ThinkVantage\AMSG\Amsg.exe
4336 C:\Program Files (x86)\Lenovo2\Drag-to-Disc\DrgToDsc.exe
4348 C:\Windows\SysWOW64\rundll32.exe
4360 C:\Windows\System32\rundll32.exe
4396 C:\Program Files (x86)\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
4444 C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACTray.exe
4468 C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACWLIcon.exe
4540 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
4624 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4644 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4664 C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
5060 C:\Program Files\iPod\bin\iPodService.exe
4304 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
2676 C:\Program Files\Windows Sidebar\sidebar.exe
4864 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMUIAux.EXE
4104 C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACGadgetWrapper.ex e
5148 C:\Windows\SysWOW64\conime.exe
5260 C:\Windows\System32\wuauclt.exe
5988 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Ac tiveX.exe
4604 C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
4220 C:\Program Files (x86)\Safari\Safari.exe
576 C:\Program Files (x86)\Internet Explorer\ieuser.exe
3240 C:\Program Files (x86)\Internet Explorer\iexplore.exe
6120 C:\Windows\servicing\TrustedInstaller.exe
5636 C:\Windows\System32\msiexec.exe
5532 C:\Windows\System32\SearchProtocolHost.exe
5168 C:\Windows\System32\SearchFilterHost.exe
5468 dllhost.exe
3548 dllhost.exe
544 C:\Users\lqi\Desktop\anti_virus\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000037`c7a00000 (NTFS)
\\.\S: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
PhysicalDrive0 Model Number: WDCWD2500BEVS-08VAT2, Rev: 14.01A14
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D46C623DC978C47D5224D9183DF5CF1370A53AA5
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.
Done!
Full Member
