Page 1 of 3 123 LastLast
Results 1 to 10 of 30
  1. #1
    Member
    Join Date
    Nov 2006
    Posts
    859
    Points
    1

    Default Girlfriend's computer sick

    My girlfriend was trying to put some videos on facebook last night and I think she has installed some unwanted 'software'. Symptoms experienced are:

    MBAM will update OK and when run finds a number of PUPs which I can quarantine.

    SAS update fails. If I try to run a scan, it finds the following PUPs - PC Utilities Pro, Advanced System Protector, Sendori, SavingsBull. It then crashes. There are browser extensions including scorpionsaver, Browser safeguard, MySearchDial, Iminent, funmods toolbar & delta toolbar, SAS then crashes

    Internet explorer doesn't work.

    She is running Widows 8 (or 8.1 I think)


    Can somebody help please?

  2. #2
    Member
    Join Date
    Nov 2006
    Posts
    859
    Points
    1

    Default

    I managed to get IE working and then reinstalled SAS. That is working OK now.

    I think I disabled some IE add ons

  3. #3
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Please download OTL to your Desktop
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.

  4. #4
    Member
    Join Date
    Nov 2006
    Posts
    859
    Points
    1

    Default

    I'm struggling to post the logs?

  5. #5
    Member
    Join Date
    Nov 2006
    Posts
    859
    Points
    1

    Default

    I've tried from 2 different machines. No issues with other websites

  6. #6
    Member
    Join Date
    Nov 2006
    Posts
    859
    Points
    1

    Default

    OTL logfile created on: 23/06/2014 15:09:54 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chell\Desktop
    64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16921)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.89 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 54.54% Memory free
    5.89 Gb Paging File | 4.20 Gb Available in Paging File | 71.19% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 446.95 Gb Total Space | 378.97 Gb Free Space | 84.79% Space Free | Partition Type: NTFS
    Drive F: | 15.03 Gb Total Space | 4.45 Gb Free Space | 29.58% Space Free | Partition Type: FAT32

    Computer Name: LENOVO-PC | User Name: Chell | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/06/23 15:07:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chell\Desktop\OTL.exe
    PRC - [2014/05/13 10:12:02 | 002,012,720 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
    PRC - [2014/03/31 18:34:18 | 000,603,184 | ---- | M] (Lenovo Corporation) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
    PRC - [2014/03/31 07:45:00 | 001,669,976 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
    PRC - [2014/03/20 23:44:30 | 007,545,160 | ---- | M] (Pokki) -- C:\Users\Chell\AppData\Local\Pokki\Engine\HostAppService.exe
    PRC - [2014/03/10 19:08:14 | 000,014,384 | ---- | M] () -- C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
    PRC - [2014/03/10 19:08:12 | 000,470,064 | ---- | M] () -- C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
    PRC - [2014/03/05 19:22:14 | 000,938,032 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
    PRC - [2014/01/17 14:21:51 | 000,740,232 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
    PRC - [2014/01/17 14:21:51 | 000,144,416 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
    PRC - [2013/12/16 12:15:36 | 000,290,864 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
    PRC - [2013/12/16 12:15:30 | 000,319,024 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
    PRC - [2013/10/18 18:33:00 | 000,021,496 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
    PRC - [2013/10/18 18:32:48 | 000,019,960 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Peer Connect\NalService.exe
    PRC - [2013/06/29 00:32:46 | 000,100,712 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    PRC - [2013/06/25 18:12:32 | 001,132,920 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    PRC - [2013/06/24 03:40:48 | 000,110,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
    PRC - [2013/06/18 04:08:56 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
    PRC - [2013/05/16 09:05:56 | 000,366,552 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2013/05/16 09:05:52 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    PRC - [2013/04/24 00:50:46 | 001,153,400 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    PRC - [2013/03/07 06:49:22 | 000,110,144 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    PRC - [2013/02/02 09:40:58 | 000,375,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    PRC - [2011/09/01 08:23:00 | 000,447,104 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/05/23 11:53:06 | 000,922,112 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Dire573b08f5#\849db09761eefa83bb70aae5075c2e97\System.DirectoryServices.AccountManagement.ni.dll
    MOD - [2014/03/10 19:08:14 | 000,014,384 | ---- | M] () -- C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
    MOD - [2014/03/06 10:18:30 | 000,384,512 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Devices\942639415d687f00e32169c842ae0514\Windows.Devices.ni.dll
    MOD - [2014/03/06 10:18:30 | 000,184,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\1141dab55e0fcf5212915fdbe88af8ac\Windows.Foundation.ni.dll
    MOD - [2014/03/06 10:18:29 | 000,011,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtbff93e24#\900fe51c3f843bb78555a7d69f04979f\System.Runtime.InteropServices.WindowsRuntime.ni.dll
    MOD - [2014/03/06 10:18:28 | 000,491,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Networking\802024e2439ee2d55a3d6bc065088cb1\Windows.Networking.ni.dll
    MOD - [2014/03/04 19:35:27 | 007,660,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d7aaae3b1c95a1a658446d302b9a7f88\System.Xml.ni.dll
    MOD - [2014/03/04 19:34:48 | 000,975,872 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ffb7bbc6548ff34bc125a8fec79315dc\System.Configuration.ni.dll
    MOD - [2014/03/04 19:34:25 | 007,041,536 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\bca236f576ea12db3a9191f4586a445a\System.Core.ni.dll
    MOD - [2014/03/04 19:34:20 | 010,051,072 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\f0602360211041a6be208f0b4138dddd\System.ni.dll
    MOD - [2014/03/04 19:34:14 | 016,953,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\391541c89ed7585fc7e8936c43cee387\mscorlib.ni.dll
    MOD - [2014/01/17 17:32:58 | 001,400,846 | ---- | M] () -- C:\Users\Chell\AppData\Local\Pokki\Engine\avcodec-54.dll
    MOD - [2014/01/17 17:32:58 | 000,569,856 | ---- | M] () -- C:\Users\Chell\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
    MOD - [2014/01/17 17:32:56 | 000,222,734 | ---- | M] () -- C:\Users\Chell\AppData\Local\Pokki\Engine\avformat-54.dll
    MOD - [2014/01/17 17:32:56 | 000,151,054 | ---- | M] () -- C:\Users\Chell\AppData\Local\Pokki\Engine\avutil-51.dll
    MOD - [2014/01/17 14:21:51 | 000,033,520 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
    MOD - [2013/03/07 06:52:00 | 000,015,424 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    MOD - [2013/03/07 06:49:06 | 000,626,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2014/05/13 10:12:02 | 002,012,720 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe -- (Lenovo Settings Service)
    SRV:64bit: - [2014/04/12 10:08:17 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
    SRV:64bit: - [2014/03/31 18:34:26 | 000,703,024 | ---- | M] (Lenovo Corporation) [On_Demand | Stopped] -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM)
    SRV:64bit: - [2014/03/31 18:34:20 | 000,527,920 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
    SRV:64bit: - [2014/03/31 18:34:00 | 000,511,536 | ---- | M] (Lenovo Corporation) [On_Demand | Stopped] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
    SRV:64bit: - [2014/03/31 18:33:46 | 000,574,000 | ---- | M] (Lenovo Corporation) [On_Demand | Stopped] -- C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe -- (AVControlCenter)
    SRV:64bit: - [2014/03/29 09:05:59 | 000,016,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV:64bit: - [2014/03/05 19:21:58 | 000,474,160 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe -- (LnvHotSpotSvc)
    SRV:64bit: - [2014/02/27 02:52:12 | 000,068,440 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
    SRV:64bit: - [2014/02/19 21:29:40 | 001,662,424 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe -- (LSCWinService)
    SRV:64bit: - [2014/01/17 14:30:50 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
    SRV:64bit: - [2014/01/17 14:30:50 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
    SRV:64bit: - [2013/11/11 19:28:50 | 000,283,296 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe -- (BrcmSetSecurity)
    SRV:64bit: - [2013/10/18 18:33:00 | 000,021,496 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe -- (lnvDiscoveryWinSvc)
    SRV:64bit: - [2013/10/10 23:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2013/08/28 17:24:04 | 003,378,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
    SRV:64bit: - [2013/08/28 17:23:48 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2013/08/28 17:23:40 | 000,626,416 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2013/08/28 17:23:20 | 000,149,744 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2013/08/16 06:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
    SRV:64bit: - [2013/07/26 00:17:42 | 000,054,976 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe -- (intelsba)
    SRV:64bit: - [2013/06/24 23:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
    SRV:64bit: - [2013/06/24 03:40:48 | 000,110,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
    SRV:64bit: - [2013/06/21 01:49:36 | 000,049,920 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
    SRV:64bit: - [2013/06/20 07:05:50 | 000,125,432 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
    SRV:64bit: - [2013/06/18 04:08:50 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
    SRV:64bit: - [2013/06/06 00:46:56 | 000,562,504 | ---- | M] (LENOVO INCORPORATED.) [Auto | Running] -- C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe -- (Lenovo System Agent Service)
    SRV:64bit: - [2013/06/06 00:46:12 | 000,219,976 | ---- | M] (LENOVO INCORPORATED.) [Auto | Running] -- C:\Program Files\Lenovo\QuickSnipService\QuickSnipService.exe -- (Lenovo QuickSnip Service)
    SRV:64bit: - [2013/06/01 10:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
    SRV:64bit: - [2013/04/16 00:45:08 | 000,182,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
    SRV:64bit: - [2013/04/09 05:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
    SRV:64bit: - [2013/03/02 03:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
    SRV:64bit: - [2013/03/02 03:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
    SRV:64bit: - [2013/02/13 21:47:04 | 000,820,184 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
    SRV:64bit: - [2013/02/13 21:46:48 | 000,731,648 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
    SRV:64bit: - [2013/01/10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
    SRV:64bit: - [2012/12/12 08:38:40 | 000,205,560 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
    SRV:64bit: - [2012/11/06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV:64bit: - [2012/09/20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
    SRV:64bit: - [2012/08/11 05:49:38 | 000,136,288 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
    SRV:64bit: - [2012/07/26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
    SRV:64bit: - [2012/07/26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
    SRV:64bit: - [2012/07/26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
    SRV:64bit: - [2012/07/26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
    SRV:64bit: - [2012/07/26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
    SRV:64bit: - [2012/07/26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
    SRV:64bit: - [2012/07/26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
    SRV:64bit: - [2012/07/26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
    SRV:64bit: - [2012/07/26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
    SRV:64bit: - [2012/07/26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
    SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
    SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
    SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
    SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
    SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
    SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
    SRV - [2014/06/22 23:29:59 | 000,068,608 | ---- | M] (globalUpdate) [On_Demand | Stopped] -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdatem)
    SRV - [2014/06/22 23:29:59 | 000,068,608 | ---- | M] (globalUpdate) [Auto | Stopped] -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdate)
    SRV - [2014/03/31 07:45:00 | 001,669,976 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
    SRV - [2014/03/10 19:08:12 | 000,470,064 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe -- (LocationTaskManager)
    SRV - [2014/02/28 11:32:36 | 000,174,368 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe -- (iumsvc)
    SRV - [2014/02/21 14:39:52 | 000,024,120 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
    SRV - [2014/01/17 14:21:51 | 000,144,416 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService)
    SRV - [2013/12/16 12:15:42 | 000,059,440 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe -- (QuickControlMasterSvc)
    SRV - [2013/12/16 12:15:30 | 000,319,024 | ---- | M] (Lenovo Group Limited) [On_Demand | Running] -- C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe -- (QuickControlService)
    SRV - [2013/08/20 07:47:08 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
    SRV - [2013/08/20 04:07:34 | 000,155,448 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe -- (Intel(R)
    SRV - [2013/06/25 18:12:32 | 001,132,920 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
    SRV - [2013/06/18 04:08:56 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
    SRV - [2013/05/16 09:05:56 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2013/05/16 09:05:52 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
    SRV - [2013/04/24 00:50:46 | 001,153,400 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
    SRV - [2012/11/06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV - [2012/07/26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
    SRV - [2011/09/01 08:23:00 | 000,447,104 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2014/06/23 13:57:21 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
    DRV:64bit: - [2014/04/08 21:32:36 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\wStLibG64.sys -- (wStLibG64)
    DRV:64bit: - [2014/04/08 20:00:06 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2014/03/31 07:45:00 | 000,020,736 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\TPPWR64V.SYS -- (TPPWRIF)
    DRV:64bit: - [2014/03/28 20:19:38 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
    DRV:64bit: - [2014/03/23 23:11:52 | 000,269,592 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
    DRV:64bit: - [2014/03/18 15:12:04 | 000,041,768 | ---- | M] (SecureAssist) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SAWFP64.sys -- (SAWFP)
    DRV:64bit: - [2014/02/27 02:52:12 | 000,057,144 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ibmpmdrv.sys -- (IBMPMDRV)
    DRV:64bit: - [2014/02/24 21:39:30 | 000,552,176 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2014/02/24 21:39:28 | 000,031,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
    DRV:64bit: - [2014/01/17 14:34:02 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2014/01/17 14:32:50 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
    DRV:64bit: - [2014/01/17 14:32:50 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
    DRV:64bit: - [2014/01/17 14:30:50 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
    DRV:64bit: - [2014/01/17 14:21:51 | 000,068,128 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\Fastboot.sys -- (Fastboot)
    DRV:64bit: - [2013/11/11 19:28:42 | 000,035,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\intelaud.sys -- (intaud_WaveExtensible)
    DRV:64bit: - [2013/11/11 19:28:42 | 000,025,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iwdbus.sys -- (iwdbus)
    DRV:64bit: - [2013/10/10 12:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
    DRV:64bit: - [2013/10/08 23:52:34 | 003,648,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew02.sys -- (NETwNe64)
    DRV:64bit: - [2013/10/05 07:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
    DRV:64bit: - [2013/10/02 03:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
    DRV:64bit: - [2013/08/20 04:07:34 | 000,113,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ibtusb.sys -- (ibtusb)
    DRV:64bit: - [2013/08/16 06:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
    DRV:64bit: - [2013/08/08 00:53:56 | 000,452,088 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2013/08/08 00:44:52 | 004,448,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2013/08/02 03:20:46 | 001,385,272 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf)
    DRV:64bit: - [2013/08/02 02:40:04 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
    DRV:64bit: - [2013/07/26 08:07:30 | 000,827,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
    DRV:64bit: - [2013/07/09 09:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
    DRV:64bit: - [2013/07/03 07:12:54 | 001,688,280 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2013/06/29 07:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2013/06/24 03:36:52 | 000,418,008 | ---- | M] (Realsil Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsPer.sys -- (RTSPER)
    DRV:64bit: - [2013/06/21 01:49:36 | 000,150,272 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\ApsX64.sys -- (Shockprf)
    DRV:64bit: - [2013/06/21 01:49:36 | 000,025,856 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\ApsHM64.sys -- (TPDIGIMN)
    DRV:64bit: - [2013/06/20 20:36:56 | 000,206,744 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usb3Hub.sys -- (usb3Hub)
    DRV:64bit: - [2013/06/01 04:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
    DRV:64bit: - [2013/05/16 09:05:54 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2013/04/24 07:47:54 | 000,101,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\IntelPcc.sys -- (IntelHSWPcc)
    DRV:64bit: - [2013/04/24 00:50:24 | 000,132,920 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btmaux.sys -- (btmaux)
    DRV:64bit: - [2013/04/16 00:38:30 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ISCTD64.sys -- (ISCT)
    DRV:64bit: - [2013/04/16 00:38:30 | 000,021,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\imsevent.sys -- (imsevent)
    DRV:64bit: - [2013/04/16 00:38:30 | 000,021,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ikbevent.sys -- (ikbevent)
    DRV:64bit: - [2013/04/09 18:00:52 | 000,164,080 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL)
    DRV:64bit: - [2013/03/21 06:56:14 | 008,243,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtsuvc.sys -- (rtsuvc)
    DRV:64bit: - [2013/03/02 11:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
    DRV:64bit: - [2013/01/10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
    DRV:64bit: - [2012/11/27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
    DRV:64bit: - [2012/11/20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
    DRV:64bit: - [2012/11/06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
    DRV:64bit: - [2012/10/12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/10/11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
    DRV:64bit: - [2012/09/20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2012/09/20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2012/07/26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/07/26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
    DRV:64bit: - [2012/07/26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
    DRV:64bit: - [2012/07/26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
    DRV:64bit: - [2012/07/26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
    DRV:64bit: - [2012/07/26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
    DRV:64bit: - [2012/07/26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
    DRV:64bit: - [2012/07/26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2012/07/26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2012/07/26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
    DRV:64bit: - [2012/07/26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2012/07/26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
    DRV:64bit: - [2012/07/26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
    DRV:64bit: - [2012/07/26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2012/07/26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
    DRV:64bit: - [2012/07/26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2012/07/26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2012/07/26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
    DRV:64bit: - [2012/07/26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
    DRV:64bit: - [2012/07/26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2012/07/26 03:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2012/07/26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
    DRV:64bit: - [2012/07/26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
    DRV:64bit: - [2012/07/26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
    DRV:64bit: - [2012/07/26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
    DRV:64bit: - [2012/07/26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
    DRV:64bit: - [2012/07/26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
    DRV:64bit: - [2012/07/26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
    DRV:64bit: - [2012/07/26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
    DRV:64bit: - [2012/07/26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
    DRV:64bit: - [2012/07/26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
    DRV:64bit: - [2012/07/26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
    DRV:64bit: - [2012/07/26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
    DRV:64bit: - [2012/07/26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
    DRV:64bit: - [2012/07/26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/07/26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
    DRV:64bit: - [2012/07/26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2012/07/26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/07/26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
    DRV:64bit: - [2012/07/26 03:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
    DRV:64bit: - [2012/07/26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
    DRV:64bit: - [2012/07/26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
    DRV:64bit: - [2012/07/26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
    DRV:64bit: - [2012/06/02 15:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2012/06/02 15:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
    DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV - [2013/10/25 16:06:18 | 000,018,176 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Lenovo\SystemUpdate\Session\Repository\j9uj09ww\tpflhlp.sys -- (tpflhlp)
    DRV - [2012/09/12 22:37:54 | 000,033,856 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\tvsuhd64.sys -- (SWIX64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2C563836-391B-4CEC-A466-43E2C6C337C0}
    IE:64bit: - HKLM\..\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDfrtyFevjNFgZcRcFkU5ADhIf7SHj3hKBDQcEjdH1lFmZ2r2LsmPK9kt-zbJ8TMZ-dQh66Q7_d8aojMPiy3zAWMyo5W6IIGhl5ArN4Wk-AYvfI_6WyFHw0cnehrsvMIcwx1s9raAQ8ylzKrFp9YGf4U_2i88qKlg1JTUTzemywA2hGmZA,,&q={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-546598855-1036608391-1468038668-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    IE - HKU\S-1-5-21-546598855-1036608391-1468038668-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Home - Welcome to Lenovo [binary data]
    IE - HKU\S-1-5-21-546598855-1036608391-1468038668-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google
    IE - HKU\S-1-5-21-546598855-1036608391-1468038668-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
    IE - HKU\S-1-5-21-546598855-1036608391-1468038668-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKU\S-1-5-21-546598855-1036608391-1468038668-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
    IE - HKU\S-1-5-21-546598855-1036608391-1468038668-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
    IE - HKU\S-1-5-21-546598855-1036608391-1468038668-1001\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKU\S-1-5-21-546598855-1036608391-1468038668-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDfrtyFevjNFgZcRcFkU5ADhIf7SHj3hKBDQcEjdH1lFmZ2r2LsmPK9kt-zbJ8TMZ-dQh66Q7_d8aojMPiy3zAWMyo5W6IIGhl5ArN4Wk-AYvfI_6WyFHw0cnehrsvMIcwx1s9raAQ8ylzKrFp9YGf4U_2i88qKlg1JTUTzemywA2hGmZA,,&q={searchTerms}
    IE - HKU\S-1-5-21-546598855-1036608391-1468038668-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-546598855-1036608391-1468038668-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
    IE - HKU\S-1-5-21-546598855-1036608391-1468038668-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60510;https=127.0.0.1:60510


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
    FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
    FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{ED75ABA9-372B-880E-9D94-92D475A431DE}: C:\Program Files (x86)\-BlockAndSurfS\174.xpi

    [2014/04/08 20:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

    O1 HOSTS File: ([2012/07/26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
    O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
    O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll (Lenovo Corporation)
    O4:64bit: - HKLM..\Run: [LenovoNal] C:\Program Files\Lenovo\Lenovo Peer Connect\NalService.exe (Lenovo)
    O4:64bit: - HKLM..\Run: [LenovoOptMouseUpdate] C:\Program Files\Lenovo\HOTKEY\extapsup.exe (Lenovo Group Limited)
    O4:64bit: - HKLM..\Run: [LnvMobHotspotClient] C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe (Lenovo)
    O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtsCM] C:\windows\RtsCM64.exe (Realtek Semiconductor Corp.)
    O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
    O4:64bit: - HKLM..\Run: [TpShocks] C:\windows\SysNative\TpShocks.exe (Lenovo.)
    O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo)
    O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
    O4 - HKU\S-1-5-21-546598855-1036608391-1468038668-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
    O4 - HKU\S-1-5-21-546598855-1036608391-1468038668-1001..\Run: [Pokki] C:\windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform File not found
    O4 - HKU\S-1-5-21-546598855-1036608391-1468038668-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
    O4 - HKU\S-1-5-21-546598855-1036608391-1468038668-1001..\RunOnce: [Application Restart #3] C:\Users\Chell\AppData\Local\Pokki\Engine\HostAppService.exe (Pokki)
    O4 - HKU\S-1-5-21-546598855-1036608391-1468038668-1001..\RunOnce: [Application Restart #4] C:\Users\Chell\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Chell\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --enable-touch-events --flag-switches-begin --flag-switches-end --restore-last-session File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{964DC433-BC03-436F-9598-FC46BC23F34D}: DhcpNameServer = 192.168.1.1 0.0.0.0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B269BC5F-ACF5-4251-8C6D-20DADBA80D84}: DhcpNameServer = 150.205.1.2
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O27:64bit: - HKLM IFEO\DatamngrCoordinator.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\DatamngrCoordinator.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O30 - LSA: Security Packages - (livessp) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/06/23 15:07:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chell\Desktop\OTL.exe
    [2014/06/23 12:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2014/06/23 12:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2014/06/23 12:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2014/06/23 10:48:48 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/06/23 10:48:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/06/23 10:48:28 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
    [2014/06/23 10:48:28 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
    [2014/06/23 10:48:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
    [2014/06/22 23:31:45 | 000,000,000 | ---D | C] -- C:\Users\Chell\AppData\Local\com
    [2014/06/22 23:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
    [2014/06/22 23:30:00 | 000,000,000 | ---D | C] -- C:\Users\Chell\AppData\Local\globalUpdate
    [2014/06/22 23:30:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
    [2014/06/22 23:29:41 | 000,000,000 | ---D | C] -- C:\Users\Chell\Documents\Optimizer Pro
    [2014/06/22 23:29:35 | 000,000,000 | ---D | C] -- C:\Users\Chell\AppData\Roaming\VOPackage
    [2014/06/22 23:29:35 | 000,000,000 | ---D | C] -- C:\Users\Chell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
    [2014/06/22 23:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
    [2014/06/22 23:18:57 | 000,041,768 | ---- | C] (SecureAssist) -- C:\windows\SysNative\drivers\SAWFP64.sys
    [2014/06/22 23:17:37 | 000,000,000 | ---D | C] -- C:\Users\Chell\AppData\Roaming\System Speedup
    [2014/06/22 23:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup
    [2014/06/22 23:17:34 | 000,000,000 | ---D | C] -- C:\Users\Chell\AppData\Roaming\systweak
    [2014/06/22 23:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System Speedup
    [2014/06/22 23:16:11 | 000,000,000 | ---D | C] -- C:\temp
    [2014/06/22 23:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\003
    [2014/06/22 23:00:00 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
    [2014/06/22 22:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
    [2014/06/22 22:59:12 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
    [2014/06/22 22:59:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
    [2014/06/22 22:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft OneDrive
    [2014/06/22 22:58:34 | 000,000,000 | R--D | C] -- C:\Users\Chell\OneDrive
    [2014/06/22 22:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive
    [2014/06/22 22:53:13 | 000,000,000 | ---D | C] -- C:\Users\Chell\AppData\Local\Windows Live
    [2014/06/22 22:52:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
    [2014/06/22 17:36:02 | 000,000,000 | ---D | C] -- C:\Users\Chell\AppData\Roaming\vlc
    [2014/06/22 17:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2014/06/22 17:35:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
    [2014/06/16 12:26:03 | 000,000,000 | ---D | C] -- C:\Users\Chell\AppData\Local\ElevatedDiagnostics
    [2014/06/16 12:24:52 | 006,974,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
    [2014/06/16 12:24:52 | 001,824,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
    [2014/06/16 12:24:52 | 001,023,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
    [2014/06/16 12:24:51 | 000,693,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSShared.dll
    [2014/06/16 12:24:51 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSShared.dll
    [2014/06/16 12:24:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
    [2014/06/16 12:24:51 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Robocopy.exe
    [2014/06/16 12:24:51 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
    [2014/06/16 12:24:51 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Robocopy.exe
    [2014/06/16 11:16:44 | 000,000,000 | ---D | C] -- C:\Users\Chell\AppData\Roaming\SUPERAntiSpyware.com
    [2014/06/11 08:58:54 | 001,301,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
    [2014/06/11 08:58:50 | 003,246,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll
    [2014/06/11 08:58:50 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll
    [2014/06/11 08:58:48 | 000,328,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Classpnp.sys
    [2014/06/11 08:58:48 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wusa.exe
    [2014/06/11 08:58:47 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wusa.exe
    [2014/06/11 08:58:35 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
    [2014/06/11 08:58:34 | 001,440,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
    [2014/06/11 08:58:34 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
    [2014/06/11 08:58:34 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
    [2014/06/11 08:58:34 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
    [2014/06/11 08:58:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
    [2014/06/11 08:58:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
    [2014/06/11 08:58:34 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UXInit.dll
    [2014/06/11 08:58:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
    [2014/06/11 08:58:34 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll
    [2014/06/11 08:58:34 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
    [2014/06/11 08:58:33 | 001,508,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
    [2014/06/11 08:58:32 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll
    [2014/06/11 08:58:32 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
    [2014/06/11 08:58:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
    [2014/06/11 08:58:30 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
    [2014/06/11 08:58:28 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
    [2014/06/11 08:58:28 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
    [2014/06/11 08:58:27 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
    [2014/06/11 08:58:18 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
    [2014/06/11 08:58:18 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
    [2014/06/11 08:58:17 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
    [1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
    [1 C:\Users\Chell\AppData\Local\*.tmp files -> C:\Users\Chell\AppData\Local\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/06/23 15:07:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chell\Desktop\OTL.exe
    [2014/06/23 15:03:21 | 000,011,245 | ---- | M] () -- C:\Users\Chell\AppData\Roaming\AbsoluteReminder.xml
    [2014/06/23 15:02:17 | 000,000,304 | ---- | M] () -- C:\windows\tasks\System Speedup_DEFAULT.job
    [2014/06/23 13:59:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2014/06/23 13:57:42 | 000,000,193 | ---- | M] () -- C:\Users\Chell\AppData\Local\RegisteredPackageInformation.xml
    [2014/06/23 13:57:39 | 000,000,942 | ---- | M] () -- C:\windows\tasks\globalUpdateUpdateTaskMachineCore.job
    [2014/06/23 13:57:21 | 000,034,752 | ---- | M] () -- C:\windows\SysNative\drivers\WPRO_41_2001.sys
    [2014/06/23 13:57:17 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
    [2014/06/23 13:57:15 | 3344,224,256 | -HS- | M] () -- C:\hiberfil.sys
    [2014/06/23 13:56:41 | 629,682,176 | -HS- | M] () -- C:\windows\lenovo_fastboot.img
    [2014/06/23 13:51:49 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/06/23 12:29:19 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/06/23 11:35:04 | 000,000,946 | ---- | M] () -- C:\windows\tasks\globalUpdateUpdateTaskMachineUA.job
    [2014/06/23 10:48:35 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/06/23 10:28:19 | 000,000,376 | ---- | M] () -- C:\windows\tasks\APSnotifierPP3.job
    [2014/06/23 10:28:19 | 000,000,376 | ---- | M] () -- C:\windows\tasks\APSnotifierPP2.job
    [2014/06/23 10:28:19 | 000,000,312 | ---- | M] () -- C:\windows\tasks\System Speedup_UPDATES.job
    [2014/06/23 01:03:01 | 000,000,378 | ---- | M] () -- C:\windows\tasks\APSnotifierPP1.job
    [2014/06/23 00:43:29 | 000,000,320 | ---- | M] () -- C:\Users\Chell\AppData\Roaming\aps.uninstall.scan.results
    [2014/06/23 00:21:02 | 000,001,100 | ---- | M] () -- C:\Users\Chell\Desktop\Continue VuuPC Installation.lnk
    [2014/06/22 23:53:14 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2014/06/22 23:25:33 | 000,000,000 | ---- | M] () -- C:\END
    [2014/06/22 23:19:24 | 000,001,212 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
    [2014/06/22 23:19:02 | 000,005,624 | ---- | M] () -- C:\windows\SysNative\SecureAssist.ini
    [2014/06/22 23:19:02 | 000,002,576 | ---- | M] () -- C:\windows\SysWow64\SecureAssistOff.ini
    [2014/06/22 23:19:02 | 000,002,576 | ---- | M] () -- C:\windows\SysNative\SecureAssistOff.ini
    [2014/06/22 17:35:44 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2014/06/22 13:35:53 | 004,568,320 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2014/06/22 13:35:53 | 000,803,478 | ---- | M] () -- C:\windows\SysNative\perfh00C.dat
    [2014/06/22 13:35:53 | 000,799,006 | ---- | M] () -- C:\windows\SysNative\perfh013.dat
    [2014/06/22 13:35:53 | 000,794,432 | ---- | M] () -- C:\windows\SysNative\perfh010.dat
    [2014/06/22 13:35:53 | 000,755,256 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
    [2014/06/22 13:35:53 | 000,723,700 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2014/06/22 13:35:53 | 000,162,810 | ---- | M] () -- C:\windows\SysNative\perfc013.dat
    [2014/06/22 13:35:53 | 000,159,584 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
    [2014/06/22 13:35:53 | 000,159,308 | ---- | M] () -- C:\windows\SysNative\perfc00C.dat
    [2014/06/22 13:35:53 | 000,156,832 | ---- | M] () -- C:\windows\SysNative\perfc010.dat
    [2014/06/22 13:35:53 | 000,136,838 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2014/05/31 06:16:07 | 000,703,992 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
    [2014/05/31 06:16:07 | 000,105,464 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    [1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
    [1 C:\Users\Chell\AppData\Local\*.tmp files -> C:\Users\Chell\AppData\Local\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/06/23 12:29:19 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/06/23 10:48:35 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/06/23 00:43:18 | 000,000,320 | ---- | C] () -- C:\Users\Chell\AppData\Roaming\aps.uninstall.scan.results
    [2014/06/23 00:43:16 | 000,000,376 | ---- | C] () -- C:\windows\tasks\APSnotifierPP3.job
    [2014/06/23 00:43:15 | 000,000,378 | ---- | C] () -- C:\windows\tasks\APSnotifierPP1.job
    [2014/06/23 00:43:15 | 000,000,376 | ---- | C] () -- C:\windows\tasks\APSnotifierPP2.job
    [2014/06/22 23:53:14 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2014/06/22 23:40:38 | 000,001,100 | ---- | C] () -- C:\Users\Chell\Desktop\Continue VuuPC Installation.lnk
    [2014/06/22 23:32:02 | 000,002,554 | ---- | C] () -- C:\Users\Chell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
    [2014/06/22 23:30:01 | 000,000,946 | ---- | C] () -- C:\windows\tasks\globalUpdateUpdateTaskMachineUA.job
    [2014/06/22 23:30:00 | 000,000,942 | ---- | C] () -- C:\windows\tasks\globalUpdateUpdateTaskMachineCore.job
    [2014/06/22 23:25:33 | 000,000,000 | ---- | C] () -- C:\END
    [2014/06/22 23:19:24 | 000,001,212 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
    [2014/06/22 23:19:16 | 000,016,896 | ---- | C] () -- C:\windows\SysNative\sasnative64.exe
    [2014/06/22 23:17:52 | 000,000,304 | ---- | C] () -- C:\windows\tasks\System Speedup_DEFAULT.job
    [2014/06/22 23:17:51 | 000,000,312 | ---- | C] () -- C:\windows\tasks\System Speedup_UPDATES.job
    [2014/06/22 22:59:55 | 000,001,469 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    [2014/06/22 22:59:42 | 000,002,497 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    [2014/06/22 22:58:34 | 000,002,288 | ---- | C] () -- C:\Users\Chell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    [2014/06/22 17:35:44 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2014/06/11 08:58:47 | 000,387,268 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
    [2014/03/21 12:27:16 | 000,005,696 | ---- | C] () -- C:\windows\SysWow64\SecureAssist.ini
    [2014/03/21 12:27:16 | 000,002,576 | ---- | C] () -- C:\windows\SysWow64\SecureAssistOff.ini
    [2014/02/24 22:50:39 | 000,026,807 | ---- | C] () -- C:\Users\Chell\AppData\Local\WiDiSetupLog.20140224.215039.wdl
    [2014/01/24 17:27:27 | 000,011,245 | ---- | C] () -- C:\Users\Chell\AppData\Roaming\AbsoluteReminder.xml
    [2014/01/24 17:26:53 | 000,000,193 | ---- | C] () -- C:\Users\Chell\AppData\Local\RegisteredPackageInformation.xml
    [2014/01/17 14:20:54 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
    [2014/01/17 14:01:21 | 019,587,072 | ---- | C] () -- C:\windows\SysWow64\igdfcl32.dll
    [2014/01/17 14:01:21 | 000,241,152 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
    [2014/01/17 14:01:21 | 000,109,056 | ---- | C] () -- C:\windows\SysWow64\igdail32.dll
    [2014/01/17 13:51:38 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
    [2013/02/13 21:27:54 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
    [2012/07/26 09:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
    [2012/07/26 09:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
    [2012/07/26 08:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
    [2012/07/26 02:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
    [2012/07/25 21:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
    [2012/07/25 21:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
    [2012/07/25 21:22:56 | 000,267,284 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
    [2012/07/25 21:22:54 | 000,963,376 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin

    ========== ZeroAccess Check ==========

    [2014/03/10 11:44:23 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2014/03/28 09:23:06 | 019,759,104 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/03/28 07:18:26 | 017,562,112 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences

    < End of report >

  7. #7
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Forum appears to be very slow, try again later I guess. I could hardly log in

  8. #8
    Member
    Join Date
    Nov 2006
    Posts
    859
    Points
    1

    Default

    OTL Extras logfile created on: 23/06/2014 15:09:54 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chell\Desktop
    64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16921)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.89 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 54.54% Memory free
    5.89 Gb Paging File | 4.20 Gb Available in Paging File | 71.19% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 446.95 Gb Total Space | 378.97 Gb Free Space | 84.79% Space Free | Partition Type: NTFS
    Drive F: | 15.03 Gb Total Space | 4.45 Gb Free Space | 29.58% Space Free | Partition Type: FAT32

    Computer Name: LENOVO-PC | User Name: Chell | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm[@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
    .cpl[@ = cplfile] -- C:\windows\SysNative\control.exe (Microsoft Corporation)
    .hlp[@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
    .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf[@ = inffile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .ini[@ = inifile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
    .js[@ = JSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
    .jse[@ = JSEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
    .reg[@ = regfile] -- C:\windows\regedit.exe (Microsoft Corporation)
    .txt[@ = txtfile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .vbe[@ = VBEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
    .vbs[@ = VBSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsf[@ = WSFFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsh[@ = WSHFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\windows\SysWow64\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\windows\SysWow64\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1"
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1"
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0AF5EF1E-C13E-41A3-B0AC-293AE8E4F56D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
    "{0F0B3DF7-CCEC-460F-A13E-11BCA20D9DA7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{17C6B5E0-C439-4240-83C3-55BE17A91588}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{20CAA7B7-0475-420D-88FC-2FADDC0B121E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{34FE138E-9798-48FC-A753-E4DDA2B67D42}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{50E507AD-A72E-413A-BB96-700A02BD3A22}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
    "{55F638EE-2F37-4C7F-BA81-6D5DEB08098A}" = lport=137 | protocol=17 | dir=in | app=system |
    "{5D77FBE1-BDD3-43DF-89B5-D81BE0145430}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{642F7CE7-297E-457A-8426-057DA4E2F1F3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{6B97B844-C9E2-4C02-9555-43EDC9931FA9}" = rport=139 | protocol=6 | dir=out | app=system |
    "{7945998C-87D4-406A-842E-E4B0B89A03C5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
    "{7F6B0056-3D08-4F98-BDEF-C4BEDECF6444}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{976D45CF-F6FB-404C-A212-11F890D78F47}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AEA17491-1535-4706-B741-8AED7A706400}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B20F6920-EDD1-4E50-AF45-34E932E89ACD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B75623E7-AFF9-4DA0-ABE2-B8742BEBAB0B}" = lport=139 | protocol=6 | dir=in | app=system |
    "{B9F49DCE-F8DE-4083-834B-F8F7A94F44C2}" = rport=138 | protocol=17 | dir=out | app=system |
    "{BCEB379D-580E-4C6A-9BAF-72570DA6CE6E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{E7BA70A1-BE9E-453C-AC2A-5AFA3A2233E8}" = rport=137 | protocol=17 | dir=out | app=system |
    "{ED2F11CF-CE34-4FA0-8E06-449A1E006BFB}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{F1D622D2-8824-4198-ADA4-BD77B03BB0D1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F40582EB-C653-4F41-B064-D6847AC7EFB8}" = lport=138 | protocol=17 | dir=in | app=system |
    "{F9EB15CC-DAA1-405A-9C39-43CDDE70B3A1}" = rport=445 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003A7AB1-8D22-4AE3-95CA-2235F29546F2}" = dir=out | name=@{microsoft.windowsphotos_16.4.4396.311_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
    "{00D6DF95-0320-4A26-A7E1-CAC2C8ABE18A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{024C87F2-BE41-465D-AE44-EC0FF9A7FE87}" = dir=in | name=accuweather for windows 8 |
    "{06011E91-5E0D-48B9-912B-64701BD00FB3}" = dir=out | name=norton studio |
    "{0C5AD414-ACA7-44E5-9BBA-E0BC99579E55}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
    "{18E475E3-FC28-49E1-941D-87B70A5F9919}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{1ABC56A9-23D4-4898-9BEA-CFCA91A00B58}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
    "{1D3A8A21-8F12-49EB-B0AC-0E9ADA4D9CA0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1DA06286-43D2-463F-92F1-147A31973B23}" = dir=out | name=skype |
    "{216FB7A2-16AC-4AC7-9B36-9FD063DB5B06}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{23BBB6CE-237D-4B32-9D62-934ED4E8B9AF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{29DF258D-CD73-49A8-A55C-1317EF219FCD}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{2AF86CF5-82DC-47D2-AABE-7D5796746357}" = dir=out | name=ebay |
    "{2B634688-40C8-4F01-A440-7365EE60D0E8}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4396.311_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
    "{31A52D33-A9FA-45E5-A67D-2B8315193D84}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{349B5BF1-4E34-49CF-8EB6-BD04672103C0}" = dir=out | name=lenovo companion |
    "{360DDD16-661D-484F-A7BF-F8FE620CC7BE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{47B547DA-E0B8-43DA-AEFD-25FD347A8B0B}" = dir=out | name=lenovo support |
    "{4D29CE9A-2DB5-460F-9A27-BC301C5A3D90}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
    "{4E2880DB-EBA4-45CB-99E7-575D84D243AD}" = dir=in | name=rara music with lenovo |
    "{5049721C-4303-4949-90E3-521A59C629CD}" = dir=in | name=@{microsoft.windowsphotos_16.4.4396.311_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
    "{550930A6-EB00-48A4-AFAA-3B10087B122A}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{570C7D21-3EE5-4BB1-A040-F7876D9B67D9}" = dir=out | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
    "{5C646E3F-6CAB-4C04-A8DE-1178E84539C9}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{5DEBF5DF-C4AF-43D4-A954-FD31A94D88CE}" = dir=out | name=windows_ie_ac_001 |
    "{6182C3B3-2096-4AE0-A3B7-38E18C3B5630}" = dir=out | name=evernote touch |
    "{61FF538D-C240-403D-ACCD-02ACE051CC99}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
    "{6A17CC26-DF71-40F2-A652-045772204A6D}" = dir=out | name=lenovo settings |
    "{6A862F44-63AD-4828-BC76-6C9811833F61}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{6CE3A122-4C08-4512-9B7E-8EAEA8FE1CC2}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    "{6EDF9CB6-46B4-46E9-82EC-DB428F1187A6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{6EF66129-9496-4C3F-A7F5-71E88DA08E25}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
    "{71DC1FAE-F18D-43BE-A79E-1003AC1D93C9}" = dir=out | name=zinio |
    "{760433E5-25CA-4C9A-ADAB-44006FFEDF9E}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{76FE35A9-F7EA-498F-AAD9-57C45742D05D}" = dir=out | name=accuweather for windows 8 |
    "{790D9C36-ACD1-4846-AFB2-F90535FD4B42}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
    "{7EEA4718-EF7B-4E01-9402-C507EA29DEC7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    "{8452BFE8-3709-462C-BABF-FFBB9A95BFE8}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
    "{857F6C2E-3A7E-42FA-8CC6-F371975B9B6D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
    "{866AAB26-F0D5-48B1-B9B8-BFC8941C207D}" = dir=out | name=@{microsoft.bingtravel_2.0.0.319_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
    "{889E9640-288E-4661-96D5-E62B7F77F8FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{88FCC19D-B04B-478A-82B5-0E274B05B2F9}" = dir=out | name=rara music with lenovo |
    "{8C697B82-E9E5-477A-B3BF-C55EB9E3CFBA}" = dir=in | name=powerdvd for lenovo think |
    "{8DAF8166-FD36-4D2B-A55B-5FB1310C9BAB}" = dir=in | app=c:\program files (x86)\lenovo\quickcontrol\quickcontrolservice.exe |
    "{912BAC7D-2DC9-46F6-9B49-ACAD13C4BFD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{97E15F27-B32E-4692-A046-E9493AA41E4C}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{991917AE-A158-463E-9BBD-825B564DB711}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9950080F-6DC1-4CB4-8D27-325DA6D05240}" = protocol=6 | dir=out | app=system |
    "{9F8D9FFD-7F2B-47E6-A8AB-7512BC0E93D7}" = dir=out | name=@{microsoft.zunevideo_1.5.902.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
    "{A89B27C7-546D-411A-8E97-6A2C86F20F38}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
    "{ABCD1FFA-1684-411A-90F1-FB6896C11F35}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BCF213A5-0A5E-41BE-9E51-A5B958693AFC}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
    "{BFF2593A-D70B-47F4-B6DB-1E61FD3D9EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{C17545CD-AE87-4C10-BFDF-06F5683C1BA9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{C78D67DB-37B0-4679-B4D7-4528D4C7C24B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CA3B9E44-9A84-478B-882E-6F84887A5EB6}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    "{CA468413-4BCE-41A4-B6C4-8B066DB55B9C}" = dir=in | name=skype |
    "{CAC5763C-196A-48C5-88F0-972EE9A7463A}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
    "{D30B8060-1B67-403C-9ADD-669A6EE55803}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{D3521123-0E70-4C0D-9A3F-0D80645896C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{D53F834E-34F7-41E6-8EA7-3FA1C6C90B73}" = dir=out | app=c:\program files (x86)\lenovo\quickcontrol\quickcontrolservice.exe |
    "{D6319DE8-4F1A-4524-A86D-2AAF79FF4FF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D730EFAA-E093-4904-9FB7-7FF9851B8FB2}" = dir=in | name=evernote touch |
    "{DD0AD2A5-9B17-4027-8D79-95346A7BF365}" = dir=out | name=lenovo quickcast |
    "{E3D82B02-0DDD-4E47-8B8C-9FACB2F7A919}" = dir=in | name=lenovo quickcast |
    "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    "{E9D54A6D-DB63-40C0-9DF3-A6C3A559F492}" = dir=out | name=kindle |
    "{EA57CAA9-605E-4256-B2E9-877DED78A9EF}" = dir=out | name=powerdvd for lenovo think |
    "{EF884D8A-7342-4F61-B72D-0431C98B2E31}" = dir=out | name=lenovo cloud storage by sugarsync |
    "{F6624C61-E9FB-4901-A416-136A3DFD0788}" = dir=in | name=lenovo settings |
    "{F7721214-7522-4D25-BF14-D90C685F49B5}" = dir=out | name=@{microsoft.zunemusic_1.5.216.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
    "{F98C776B-5284-412D-82B4-601C04FEAD97}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{F99D772D-B711-44A4-A207-20A3D2B00F53}" = dir=in | app=c:\users\chell\appdata\local\microsoft\skydrive\skydrive.exe |
    "{FA4DB6F5-9212-438C-B65B-D7E81CAE1B0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FBB540DF-409B-4B19-9C28-8B51C29F7E42}" = dir=out | name=lenovo settings |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{053ACA98-6B07-4DD0-9DB3-F51E3EB1780C}" = Lenovo Patch Utility 64 bit
    "{07E55FB8-966C-4FA5-815D-D1F5AC8B1D87}" = Nitro Pro 8
    "{1334eac7-d6ef-4177-8780-05c963853cd3}" = Intel(R) PRO/Wireless Driver
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{25058321-C33E-496B-8915-6FD64D362CAF}" = Windows Live MIME IFilter
    "{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1" = Lenovo Settings UMDF driver
    "{302600C1-6BDF-4FD1-1307-148929CC1385}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1332.1)
    "{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1" = Lenovo Settings Dependency Package
    "{42603F7D-B08D-436B-B0D8-3E2DEF1AFD41}_is1" = Lenovo Settings Mobile Hotspot
    "{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client
    "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
    "{49A09C2C-FFF4-478E-B397-5E0979F67F5D}" = Lenovo Patch Utility 64 bit
    "{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1" = Lenovo Peer Connect SDK
    "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = Lenovo Settings - Camera Audio
    "{8C6F1EBA-17F1-4481-B688-9777E63E985F}_is1" = Lenovo Settings Service
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{C51863E5-EB09-43A5-9D43-26A32587EEAC}" = Lenovo Solution Center
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D12C40DB-CD7D-4D86-9285-5E2FE23693E4}" = SupraSavings
    "{D61F48DA-627B-404E-9315-32A651B18B64}" = Intel® PROSet/Wireless WiFi Software
    "{DBECAE94-4C04-40AC-9AFB-FA9953258EAF}" = Intel(R) Smart Connect Technology 4.1 x64
    "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
    "{F949AE30-83D1-41B2-92D2-F44478DD058A}" = Intel(R) WiDi
    "907DA143458FE258EFEB416B946DE8DF2B87A0BA" = Windows Driver Package - Lenovo 1.67.00.02 (04/17/2013 1.67.00.02)
    "C8A921233C0C441A4E4EAABC2AB08C872FD77A6E" = Windows Driver Package - Intel Corporation (iaStorA) HDC (08/01/2013 12.8.0.1016)
    "Caramava" = Caramava
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
    "OnScreenDisplay" = On Screen Display
    "Power Management Driver" = Lenovo Power Management Driver
    "SynTPDeinstKey" = ThinkPad UltraNav Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
    "{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer
    "{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update
    "{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}" = Windows Live Writer Resources
    "{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}" = Intel(R) Update Manager
    "{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
    "{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
    "{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
    "{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = WaveEditor
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go 7
    "{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder
    "{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
    "{4855C42F-5197-4AAD-A50D-5066D2CC4647}" = Lenovo QuickControl
    "{48781AC2-0939-4D66-98F2-235328E46790}" = Windows Live Messenger
    "{4BAB923C-1ACA-4697-ACA5-C1B5037091BF}" = Windows Live Mail
    "{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
    "{608E1B9B-A2E8-4A1F-8BAB-874EB0DD25E3}" = Intel(R) Update Manager
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
    "{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
    "{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
    "{6A6D86CD-B004-46b7-8951-7BB75A776F8C}" = Lenovo Solutions for Small Business
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
    "{7171E82A-E90A-4155-9040-6006CEE64DDC}" = Windows Live Writer Resources
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
    "{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
    "{95C33D2E-8892-40CC-B8FB-E8CC68530D8B}" = Windows Live Writer
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A0332229-4EF7-4A36-AED8-E5876EB2DF86}" = Windows Live UX Platform Language Pack
    "{A2DC527D-FA79-46E9-973F-920897CA55E9}" = Windows Live Writer
    "{AFD7B869-3B70-40C7-8983-769256BA3BD2}" = Lenovo Solutions for Small Business Customizations
    "{B1D0122C-6BE2-47A2-82AE-0BB3F6C91C49}" = Photo Common
    "{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
    "{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer 5.5
    "{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
    "{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
    "{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}" = Windows Live Mail
    "{BAD984EE-790E-4513-A428-3BE2D426DCA7}" = Windows Live Messenger
    "{C6FB6B4A-1378-4CD3-9CD3-42BA69FCBD43}" = Lenovo Patch Utility
    "{C79D4402-E622-4922-9C02-89F9080BF081}_is1" = Lenovo Settings - Location Awareness
    "{c9967fbd-e3c3-4ed0-992a-5b33260f2944}" = Intel® PROSet/Wireless Software
    "{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
    "{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
    "{D6E853EC-8960-4D44-AF03-7361BB93227C}" = PowerDVD Create 10
    "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Integrated Camera
    "{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger
    "{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}" = Lenovo Patch Utility
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F8F630A7-6789-44D5-8653-3B27969CF337}" = Windows Live Essentials
    "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
    "{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
    "0E7DAF70-FB54-4B91-B192-7E771C25AEEB" = Intel Collaborative Processor Performance Control
    "Adobe AIR" = Adobe AIR
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Fastboot" = RapidBoot HDD Accelerator
    "InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}" = PowerDVD Create
    "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "Lenovo Dependency Package_is1" = Lenovo Dependency Package
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
    "SugarSync" = SugarSync Manager
    "System Speedup_is1" = System Speedup
    "VLC media player" = VLC media player 2.1.3
    "VOPackage" = Installer
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-546598855-1036608391-1468038668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{41e4d2e7-631d-4d5a-905f-6ef0006a7317}" = Yahoo Community Smartbar Engine
    "OneDriveSetup.exe" = Microsoft OneDrive
    "Pokki" = Start Menu

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 17/06/2014 18:40:26 | Computer Name = Lenovo-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921,
    time stamp: 0x537fc9dc Faulting module name: MSHTML.dll, version: 10.0.9200.16921,
    time stamp: 0x537fddb8 Exception code: 0xc0000602 Fault offset: 0x005bc915 Faulting
    process id: 0x1d24 Faulting application start time: 0x01cf8a7a20f71f6a Faulting application
    path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
    C:\windows\SYSTEM32\MSHTML.dll Report Id: 5f926459-f670-11e3-be85-28d2444f6745 Faulting
    package full name: Faulting package-relative application ID:

    Error - 18/06/2014 05:13:06 | Computer Name = Lenovo-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921,
    time stamp: 0x537fc9dc Faulting module name: MSHTML.dll, version: 10.0.9200.16921,
    time stamp: 0x537fddb8 Exception code: 0xc0000602 Fault offset: 0x005bc915 Faulting
    process id: 0x5f8 Faulting application start time: 0x01cf8a7d26eb4869 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
    C:\windows\SYSTEM32\MSHTML.dll Report Id: c1ca2398-f6c8-11e3-be85-28d2444f6745 Faulting
    package full name: Faulting package-relative application ID:

    Error - 18/06/2014 08:38:46 | Computer Name = Lenovo-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921,
    time stamp: 0x537fc9dc Faulting module name: MSHTML.dll, version: 10.0.9200.16921,
    time stamp: 0x537fddb8 Exception code: 0xc0000602 Fault offset: 0x005bc915 Faulting
    process id: 0x568c Faulting application start time: 0x01cf8ad59aff71dd Faulting application
    path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
    C:\windows\SYSTEM32\MSHTML.dll Report Id: 7cd9cad4-f6e5-11e3-be85-28d2444f6745 Faulting
    package full name: Faulting package-relative application ID:

    Error - 18/06/2014 09:03:08 | Computer Name = Lenovo-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921,
    time stamp: 0x537fc9dc Faulting module name: MSHTML.dll, version: 10.0.9200.16921,
    time stamp: 0x537fddb8 Exception code: 0xc0000602 Fault offset: 0x005bc915 Faulting
    process id: 0x6f58 Faulting application start time: 0x01cf8af2428b98af Faulting application
    path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
    C:\windows\SYSTEM32\MSHTML.dll Report Id: e493efc1-f6e8-11e3-be85-28d2444f6745 Faulting
    package full name: Faulting package-relative application ID:

    Error - 18/06/2014 11:35:49 | Computer Name = Lenovo-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 18/06/2014 12:07:00 | Computer Name = Lenovo-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921,
    time stamp: 0x537fc9dc Faulting module name: MSHTML.dll, version: 10.0.9200.16921,
    time stamp: 0x537fddb8 Exception code: 0xc0000602 Fault offset: 0x005bc915 Faulting
    process id: 0x7048 Faulting application start time: 0x01cf8af242893657 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
    C:\windows\SYSTEM32\MSHTML.dll Report Id: 94267289-f702-11e3-be85-28d2444f6745 Faulting
    package full name: Faulting package-relative application ID:

    Error - 19/06/2014 05:32:35 | Computer Name = Lenovo-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 21/06/2014 12:28:03 | Computer Name = Lenovo-PC | Source = Application Hang | ID = 1002
    Description = The program IEXPLORE.EXE version 10.0.9200.16921 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 2530 Start
    Time: 01cf8cd49bda3a07 Termination Time: 156 Application Path: C:\Program Files (x86)\Internet
    Explorer\IEXPLORE.EXE Report Id: 01419832-f961-11e3-be86-28d2444f6745 Faulting package
    full name: Faulting package-relative application ID:

    Error - 21/06/2014 19:19:15 | Computer Name = Lenovo-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921,
    time stamp: 0x537fc9dc Faulting module name: MSHTML.dll, version: 10.0.9200.16921,
    time stamp: 0x537fddb8 Exception code: 0xc0000602 Fault offset: 0x005bc915 Faulting
    process id: 0x11b0 Faulting application start time: 0x01cf8d6dc63564e8 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
    C:\windows\SYSTEM32\MSHTML.dll Report Id: 75739a83-f99a-11e3-be86-28d2444f6745 Faulting
    package full name: Faulting package-relative application ID:

    Error - 21/06/2014 19:21:35 | Computer Name = Lenovo-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921,
    time stamp: 0x537fc9dc Faulting module name: MSHTML.dll, version: 10.0.9200.16921,
    time stamp: 0x537fddb8 Exception code: 0xc0000602 Fault offset: 0x005bc915 Faulting
    process id: 0x3090 Faulting application start time: 0x01cf8da73c22dc68 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
    C:\windows\SYSTEM32\MSHTML.dll Report Id: c90d4998-f99a-11e3-be86-28d2444f6745 Faulting
    package full name: Faulting package-relative application ID:

    [ System Events ]
    Error - 27/02/2014 07:51:00 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1053

    Error - 27/02/2014 07:51:00 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1053

    Error - 27/02/2014 07:51:00 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1053

    Error - 27/02/2014 07:51:00 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1053

    Error - 27/02/2014 07:51:00 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1053

    Error - 27/02/2014 07:51:00 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1053

    Error - 27/02/2014 07:51:00 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1053

    Error - 27/02/2014 07:51:00 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1053

    Error - 27/02/2014 07:51:00 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1053

    Error - 27/02/2014 07:51:00 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1053


    < End of report >

  9. #9
    Member
    Join Date
    Nov 2006
    Posts
    859
    Points
    1

    Default

    OTL Extras logfile created on: 23/06/2014 15:09:54 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chell\Desktop
    64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16921)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.89 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 54.54% Memory free
    5.89 Gb Paging File | 4.20 Gb Available in Paging File | 71.19% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 446.95 Gb Total Space | 378.97 Gb Free Space | 84.79% Space Free | Partition Type: NTFS
    Drive F: | 15.03 Gb Total Space | 4.45 Gb Free Space | 29.58% Space Free | Partition Type: FAT32

    Computer Name: LENOVO-PC | User Name: Chell | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm[@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
    .cpl[@ = cplfile] -- C:\windows\SysNative\control.exe (Microsoft Corporation)
    .hlp[@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
    .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf[@ = inffile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .ini[@ = inifile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
    .js[@ = JSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
    .jse[@ = JSEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
    .reg[@ = regfile] -- C:\windows\regedit.exe (Microsoft Corporation)
    .txt[@ = txtfile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .vbe[@ = VBEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
    .vbs[@ = VBSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsf[@ = WSFFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsh[@ = WSHFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\windows\SysWow64\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\windows\SysWow64\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1"
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1"
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0AF5EF1E-C13E-41A3-B0AC-293AE8E4F56D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
    "{0F0B3DF7-CCEC-460F-A13E-11BCA20D9DA7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{17C6B5E0-C439-4240-83C3-55BE17A91588}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{20CAA7B7-0475-420D-88FC-2FADDC0B121E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{34FE138E-9798-48FC-A753-E4DDA2B67D42}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{50E507AD-A72E-413A-BB96-700A02BD3A22}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
    "{55F638EE-2F37-4C7F-BA81-6D5DEB08098A}" = lport=137 | protocol=17 | dir=in | app=system |
    "{5D77FBE1-BDD3-43DF-89B5-D81BE0145430}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{642F7CE7-297E-457A-8426-057DA4E2F1F3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{6B97B844-C9E2-4C02-9555-43EDC9931FA9}" = rport=139 | protocol=6 | dir=out | app=system |
    "{7945998C-87D4-406A-842E-E4B0B89A03C5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
    "{7F6B0056-3D08-4F98-BDEF-C4BEDECF6444}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{976D45CF-F6FB-404C-A212-11F890D78F47}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AEA17491-1535-4706-B741-8AED7A706400}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B20F6920-EDD1-4E50-AF45-34E932E89ACD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B75623E7-AFF9-4DA0-ABE2-B8742BEBAB0B}" = lport=139 | protocol=6 | dir=in | app=system |
    "{B9F49DCE-F8DE-4083-834B-F8F7A94F44C2}" = rport=138 | protocol=17 | dir=out | app=system |
    "{BCEB379D-580E-4C6A-9BAF-72570DA6CE6E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{E7BA70A1-BE9E-453C-AC2A-5AFA3A2233E8}" = rport=137 | protocol=17 | dir=out | app=system |
    "{ED2F11CF-CE34-4FA0-8E06-449A1E006BFB}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{F1D622D2-8824-4198-ADA4-BD77B03BB0D1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F40582EB-C653-4F41-B064-D6847AC7EFB8}" = lport=138 | protocol=17 | dir=in | app=system |
    "{F9EB15CC-DAA1-405A-9C39-43CDDE70B3A1}" = rport=445 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003A7AB1-8D22-4AE3-95CA-2235F29546F2}" = dir=out | name=@{microsoft.windowsphotos_16.4.4396.311_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
    "{00D6DF95-0320-4A26-A7E1-CAC2C8ABE18A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{024C87F2-BE41-465D-AE44-EC0FF9A7FE87}" = dir=in | name=accuweather for windows 8 |
    "{06011E91-5E0D-48B9-912B-64701BD00FB3}" = dir=out | name=norton studio |
    "{0C5AD414-ACA7-44E5-9BBA-E0BC99579E55}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
    "{18E475E3-FC28-49E1-941D-87B70A5F9919}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{1ABC56A9-23D4-4898-9BEA-CFCA91A00B58}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
    "{1D3A8A21-8F12-49EB-B0AC-0E9ADA4D9CA0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1DA06286-43D2-463F-92F1-147A31973B23}" = dir=out | name=skype |
    "{216FB7A2-16AC-4AC7-9B36-9FD063DB5B06}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{23BBB6CE-237D-4B32-9D62-934ED4E8B9AF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{29DF258D-CD73-49A8-A55C-1317EF219FCD}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{2AF86CF5-82DC-47D2-AABE-7D5796746357}" = dir=out | name=ebay |
    "{2B634688-40C8-4F01-A440-7365EE60D0E8}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4396.311_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
    "{31A52D33-A9FA-45E5-A67D-2B8315193D84}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{349B5BF1-4E34-49CF-8EB6-BD04672103C0}" = dir=out | name=lenovo companion |
    "{360DDD16-661D-484F-A7BF-F8FE620CC7BE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{47B547DA-E0B8-43DA-AEFD-25FD347A8B0B}" = dir=out | name=lenovo support |
    "{4D29CE9A-2DB5-460F-9A27-BC301C5A3D90}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
    "{4E2880DB-EBA4-45CB-99E7-575D84D243AD}" = dir=in | name=rara music with lenovo |
    "{5049721C-4303-4949-90E3-521A59C629CD}" = dir=in | name=@{microsoft.windowsphotos_16.4.4396.311_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
    "{550930A6-EB00-48A4-AFAA-3B10087B122A}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{570C7D21-3EE5-4BB1-A040-F7876D9B67D9}" = dir=out | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
    "{5C646E3F-6CAB-4C04-A8DE-1178E84539C9}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{5DEBF5DF-C4AF-43D4-A954-FD31A94D88CE}" = dir=out | name=windows_ie_ac_001 |
    "{6182C3B3-2096-4AE0-A3B7-38E18C3B5630}" = dir=out | name=evernote touch |
    "{61FF538D-C240-403D-ACCD-02ACE051CC99}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
    "{6A17CC26-DF71-40F2-A652-045772204A6D}" = dir=out | name=lenovo settings |
    "{6A862F44-63AD-4828-BC76-6C9811833F61}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{6CE3A122-4C08-4512-9B7E-8EAEA8FE1CC2}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    "{6EDF9CB6-46B4-46E9-82EC-DB428F1187A6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{6EF66129-9496-4C3F-A7F5-71E88DA08E25}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
    "{71DC1FAE-F18D-43BE-A79E-1003AC1D93C9}" = dir=out | name=zinio |
    "{760433E5-25CA-4C9A-ADAB-44006FFEDF9E}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{76FE35A9-F7EA-498F-AAD9-57C45742D05D}" = dir=out | name=accuweather for windows 8 |
    "{790D9C36-ACD1-4846-AFB2-F90535FD4B42}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
    "{7EEA4718-EF7B-4E01-9402-C507EA29DEC7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    "{8452BFE8-3709-462C-BABF-FFBB9A95BFE8}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
    "{857F6C2E-3A7E-42FA-8CC6-F371975B9B6D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
    "{866AAB26-F0D5-48B1-B9B8-BFC8941C207D}" = dir=out | name=@{microsoft.bingtravel_2.0.0.319_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
    "{889E9640-288E-4661-96D5-E62B7F77F8FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{88FCC19D-B04B-478A-82B5-0E274B05B2F9}" = dir=out | name=rara music with lenovo |
    "{8C697B82-E9E5-477A-B3BF-C55EB9E3CFBA}" = dir=in | name=powerdvd for lenovo think |
    "{8DAF8166-FD36-4D2B-A55B-5FB1310C9BAB}" = dir=in | app=c:\program files (x86)\lenovo\quickcontrol\quickcontrolservice.exe |
    "{912BAC7D-2DC9-46F6-9B49-ACAD13C4BFD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{97E15F27-B32E-4692-A046-E9493AA41E4C}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{991917AE-A158-463E-9BBD-825B564DB711}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9950080F-6DC1-4CB4-8D27-325DA6D05240}" = protocol=6 | dir=out | app=system |
    "{9F8D9FFD-7F2B-47E6-A8AB-7512BC0E93D7}" = dir=out | name=@{microsoft.zunevideo_1.5.902.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
    "{A89B27C7-546D-411A-8E97-6A2C86F20F38}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
    "{ABCD1FFA-1684-411A-90F1-FB6896C11F35}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BCF213A5-0A5E-41BE-9E51-A5B958693AFC}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
    "{BFF2593A-D70B-47F4-B6DB-1E61FD3D9EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{C17545CD-AE87-4C10-BFDF-06F5683C1BA9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{C78D67DB-37B0-4679-B4D7-4528D4C7C24B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CA3B9E44-9A84-478B-882E-6F84887A5EB6}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    "{CA468413-4BCE-41A4-B6C4-8B066DB55B9C}" = dir=in | name=skype |
    "{CAC5763C-196A-48C5-88F0-972EE9A7463A}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
    "{D30B8060-1B67-403C-9ADD-669A6EE55803}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{D3521123-0E70-4C0D-9A3F-0D80645896C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{D53F834E-34F7-41E6-8EA7-3FA1C6C90B73}" = dir=out | app=c:\program files (x86)\lenovo\quickcontrol\quickcontrolservice.exe |
    "{D6319DE8-4F1A-4524-A86D-2AAF79FF4FF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D730EFAA-E093-4904-9FB7-7FF9851B8FB2}" = dir=in | name=evernote touch |
    "{DD0AD2A5-9B17-4027-8D79-95346A7BF365}" = dir=out | name=lenovo quickcast |
    "{E3D82B02-0DDD-4E47-8B8C-9FACB2F7A919}" = dir=in | name=lenovo quickcast |
    "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    "{E9D54A6D-DB63-40C0-9DF3-A6C3A559F492}" = dir=out | name=kindle |
    "{EA57CAA9-605E-4256-B2E9-877DED78A9EF}" = dir=out | name=powerdvd for lenovo think |
    "{EF884D8A-7342-4F61-B72D-0431C98B2E31}" = dir=out | name=lenovo cloud storage by sugarsync |
    "{F6624C61-E9FB-4901-A416-136A3DFD0788}" = dir=in | name=lenovo settings |
    "{F7721214-7522-4D25-BF14-D90C685F49B5}" = dir=out | name=@{microsoft.zunemusic_1.5.216.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
    "{F98C776B-5284-412D-82B4-601C04FEAD97}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{F99D772D-B711-44A4-A207-20A3D2B00F53}" = dir=in | app=c:\users\chell\appdata\local\microsoft\skydrive\skydrive.exe |
    "{FA4DB6F5-9212-438C-B65B-D7E81CAE1B0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FBB540DF-409B-4B19-9C28-8B51C29F7E42}" = dir=out | name=lenovo settings |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{053ACA98-6B07-4DD0-9DB3-F51E3EB1780C}" = Lenovo Patch Utility 64 bit
    "{07E55FB8-966C-4FA5-815D-D1F5AC8B1D87}" = Nitro Pro 8
    "{1334eac7-d6ef-4177-8780-05c963853cd3}" = Intel(R) PRO/Wireless Driver
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{25058321-C33E-496B-8915-6FD64D362CAF}" = Windows Live MIME IFilter
    "{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1" = Lenovo Settings UMDF driver
    "{302600C1-6BDF-4FD1-1307-148929CC1385}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1332.1)
    "{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1" = Lenovo Settings Dependency Package
    "{42603F7D-B08D-436B-B0D8-3E2DEF1AFD41}_is1" = Lenovo Settings Mobile Hotspot
    "{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client
    "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
    "{49A09C2C-FFF4-478E-B397-5E0979F67F5D}" = Lenovo Patch Utility 64 bit
    "{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1" = Lenovo Peer Connect SDK
    "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = Lenovo Settings - Camera Audio
    "{8C6F1EBA-17F1-4481-B688-9777E63E985F}_is1" = Lenovo Settings Service
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{C51863E5-EB09-43A5-9D43-26A32587EEAC}" = Lenovo Solution Center
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D12C40DB-CD7D-4D86-9285-5E2FE23693E4}" = SupraSavings
    "{D61F48DA-627B-404E-9315-32A651B18B64}" = Intel® PROSet/Wireless WiFi Software
    "{DBECAE94-4C04-40AC-9AFB-FA9953258EAF}" = Intel(R) Smart Connect Technology 4.1 x64
    "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
    "{F949AE30-83D1-41B2-92D2-F44478DD058A}" = Intel(R) WiDi
    "907DA143458FE258EFEB416B946DE8DF2B87A0BA" = Windows Driver Package - Lenovo 1.67.00.02 (04/17/2013 1.67.00.02)
    "C8A921233C0C441A4E4EAABC2AB08C872FD77A6E" = Windows Driver Package - Intel Corporation (iaStorA) HDC (08/01/2013 12.8.0.1016)
    "Caramava" = Caramava
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
    "OnScreenDisplay" = On Screen Display
    "Power Management Driver" = Lenovo Power Management Driver
    "SynTPDeinstKey" = ThinkPad UltraNav Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
    "{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer
    "{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update
    "{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}" = Windows Live Writer Resources
    "{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}" = Intel(R) Update Manager
    "{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
    "{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
    "{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
    "{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = WaveEditor
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go 7
    "{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder
    "{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
    "{4855C42F-5197-4AAD-A50D-5066D2CC4647}" = Lenovo QuickControl
    "{48781AC2-0939-4D66-98F2-235328E46790}" = Windows Live Messenger
    "{4BAB923C-1ACA-4697-ACA5-C1B5037091BF}" = Windows Live Mail
    "{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
    "{608E1B9B-A2E8-4A1F-8BAB-874EB0DD25E3}" = Intel(R) Update Manager
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
    "{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
    "{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
    "{6A6D86CD-B004-46b7-8951-7BB75A776F8C}" = Lenovo Solutions for Small Business
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
    "{7171E82A-E90A-4155-9040-6006CEE64DDC}" = Windows Live Writer Resources
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
    "{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
    "{95C33D2E-8892-40CC-B8FB-E8CC68530D8B}" = Windows Live Writer
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A0332229-4EF7-4A36-AED8-E5876EB2DF86}" = Windows Live UX Platform Language Pack
    "{A2DC527D-FA79-46E9-973F-920897CA55E9}" = Windows Live Writer
    "{AFD7B869-3B70-40C7-8983-769256BA3BD2}" = Lenovo Solutions for Small Business Customizations
    "{B1D0122C-6BE2-47A2-82AE-0BB3F6C91C49}" = Photo Common
    "{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
    "{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer 5.5
    "{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
    "{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
    "{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}" = Windows Live Mail
    "{BAD984EE-790E-4513-A428-3BE2D426DCA7}" = Windows Live Messenger
    "{C6FB6B4A-1378-4CD3-9CD3-42BA69FCBD43}" = Lenovo Patch Utility
    "{C79D4402-E622-4922-9C02-89F9080BF081}_is1" = Lenovo Settings - Location Awareness
    "{c9967fbd-e3c3-4ed0-992a-5b33260f2944}" = Intel® PROSet/Wireless Software
    "{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
    "{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
    "{D6E853EC-8960-4D44-AF03-7361BB93227C}" = PowerDVD Create 10
    "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Integrated Camera
    "{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger
    "{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}" = Lenovo Patch Utility
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F8F630A7-6789-44D5-8653-3B27969CF337}" = Windows Live Essentials
    "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
    "{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
    "0E7DAF70-FB54-4B91-B192-7E771C25AEEB" = Intel Collaborative Processor Performance Control
    "Adobe AIR" = Adobe AIR
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Fastboot" = RapidBoot HDD Accelerator
    "InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}" = PowerDVD Create
    "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "Lenovo Dependency Package_is1" = Lenovo Dependency Package
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
    "SugarSync" = SugarSync Manager
    "System Speedup_is1" = System Speedup
    "VLC media player" = VLC media player 2.1.3
    "VOPackage" = Installer
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-546598855-1036608391-1468038668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{41e4d2e7-631d-4d5a-905f-6ef0006a7317}" = Yahoo Community Smartbar Engine
    "OneDriveSetup.exe" = Microsoft OneDrive
    "Pokki" = Start Menu

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 17/06/2014 18:40:26 | Computer Name = Lenovo-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921,
    time stamp: 0x537fc9dc Faulting module name: MSHTML.dll, version: 10.0.9200.16921,
    time stamp: 0x537fddb8 Exception code: 0xc0000602 Fault offset: 0x005bc915 Faulting
    process id: 0x1d24 Faulting application start time: 0x01cf8a7a20f71f6a Faulting application
    path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
    C:\windows\SYSTEM32\MSHTML.dll Report Id: 5f926459-f670-11e3-be85-28d2444f6745 Faulting
    package full name: Faulting package-relative application ID:

    Error - 18/06/2014 05:13:06 | Computer Name = Lenovo-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921,
    time stamp: 0x537fc9dc Faulting module name: MSHTML.dll, version: 10.0.9200.16921,
    time stamp: 0x537fddb8 Exception code: 0xc0000602 Fault offset: 0x005bc915 Faulting
    process id: 0x5f8 Faulting application start time: 0x01cf8a7d26eb4869 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
    C:\windows\SYSTEM32\MSHTML.dll Report Id: c1ca2398-f6c8-11e3-be85-28d2444f6745 Faulting
    package full name: Faulting package-relative application ID:

    Error - 18/06/2014 08:38:46 | Computer Name = Lenovo-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921,
    time stamp: 0x537fc9dc Faulting module name: MSHTML.dll, version: 10.0.9200.16921,
    time stamp: 0x537fddb8 Exception code: 0xc0000602 Fault offset: 0x005bc915 Faulting
    process id: 0x568c Faulting application start time: 0x01cf8ad59aff71dd Faulting application
    path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
    C:\windows\SYSTEM32\MSHTML.dll Report Id: 7cd9cad4-f6e5-11e3-be85-28d2444f6745 Faulting
    package full name: Faulting package-relative application ID:

    Error - 18/06/2014 09:03:08 | Computer Name = Lenovo-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921,
    time stamp: 0x537fc9dc Faulting module name: MSHTML.dll, version: 10.0.9200.16921,
    time stamp: 0x537fddb8 Exception code: 0xc0000602 Fault offset: 0x005bc915 Faulting
    process id: 0x6f58 Faulting application start time: 0x01cf8af2428b98af Faulting application
    path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
    C:\windows\SYSTEM32\MSHTML.dll Report Id: e493efc1-f6e8-11e3-be85-28d2444f6745 Faulting
    package full name: Faulting package-relative application ID:

    Error - 18/06/2014 11:35:49 | Computer Name = Lenovo-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 18/06/2014 12:07:00 | Computer Name = Lenovo-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921,
    time stamp: 0x537fc9dc Faulting module name: MSHTML.dll, version: 10.0.9200.16921,
    time stamp: 0x537fddb8 Exception code: 0xc0000602 Fault offset: 0x005bc915 Faulting
    process id: 0x7048 Faulting application start time: 0x01cf8af242893657 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
    C:\windows\SYSTEM32\MSHTML.dll Report Id: 94267289-f702-11e3-be85-28d2444f6745 Faulting
    package full name: Faulting package-relative application ID:

    Error - 19/06/2014 05:32:35 | Computer Name = Lenovo-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 21/06/2014 12:28:03 | Computer Name = Lenovo-PC | Source = Application Hang | ID = 1002
    Description = The program IEXPLORE.EXE version 10.0.9200.16921 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 2530 Start
    Time: 01cf8cd49bda3a07 Termination Time: 156 Application Path: C:\Program Files (x86)\Internet
    Explorer\IEXPLORE.EXE Report Id: 01419832-f961-11e3-be86-28d2444f6745 Faulting package
    full name: Faulting package-relative application ID:

    Error - 21/06/2014 19:19:15 | Computer Name = Lenovo-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921,
    time stamp: 0x537fc9dc Faulting module name: MSHTML.dll, version: 10.0.9200.16921,
    time stamp: 0x537fddb8 Exception code: 0xc0000602 Fault offset: 0x005bc915 Faulting
    process id: 0x11b0 Faulting application start time: 0x01cf8d6dc63564e8 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
    C:\windows\SYSTEM32\MSHTML.dll Report Id: 75739a83-f99a-11e3-be86-28d2444f6745 Faulting
    package full name: Faulting package-relative application ID:

    Error - 21/06/2014 19:21:35 | Computer Name = Lenovo-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921,
    time stamp: 0x537fc9dc Faulting module name: MSHTML.dll, version: 10.0.9200.16921,
    time stamp: 0x537fddb8 Exception code: 0xc0000602 Fault offset: 0x005bc915 Faulting
    process id: 0x3090 Faulting application start time: 0x01cf8da73c22dc68 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
    C:\windows\SYSTEM32\MSHTML.dll Report Id: c90d4998-f99a-11e3-be86-28d2444f6745 Faulting
    package full name: Faulting package-relative application ID:

    [ System Events ]
    Error - 27/02/2014 07:51:00 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1053

    Error - 27/02/2014 07:51:00 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1053

    Error - 27/02/2014 07:51:00 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1053

    Error - 27/02/2014 07:51:00 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1053

    Error - 27/02/2014 07:51:00 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1053

    Error - 27/02/2014 07:51:00 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1053

    Error - 27/02/2014 07:51:00 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1053

    Error - 27/02/2014 07:51:00 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1053

    Error - 27/02/2014 07:51:00 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1053

    Error - 27/02/2014 07:51:00 | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7000
    Description = The Multimedia Class Scheduler service failed to start due to the
    following error: %%1053


    < End of report >

  10. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Remove this program from program an features.
    1- System Speedup

    Then Do the OTL Fix below, post the log and the quick scan log. Then do adwCleaner, and JRT.

    We need to do a fix to delete some files using OTL

    • Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following


      Code:
      :COMMANDS
      [CREATERESTOREPOINT]
      
      :OTL
      IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
      IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDfrtyFevjNFgZcRcFkU5ADhIf7SHj3hKBDQcEjdH1lFmZ2r2LsmPK9kt-zbJ8TMZ-dQh66Q7_d8aojMPiy3zAWMyo5W6IIGhl5ArN4Wk-AYvfI_6WyFHw0cnehrsvMIcwx1s9raAQ8ylzKrFp9YGf4U_2i88qKlg1JTUTzemywA2hGmZA,,&q={searchTerms}
      IE - HKU\S-1-5-21-546598855-1036608391-1468038668-1001\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
      IE - HKU\S-1-5-21-546598855-1036608391-1468038668-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDfrtyFevjNFgZcRcFkU5ADhIf7SHj3hKBDQcEjdH1lFmZ2r2LsmPK9kt-zbJ8TMZ-dQh66Q7_d8aojMPiy3zAWMyo5W6IIGhl5ArN4Wk-AYvfI_6WyFHw0cnehrsvMIcwx1s9raAQ8ylzKrFp9YGf4U_2i88qKlg1JTUTzemywA2hGmZA,,&q={searchTerms}
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O4 - HKU\S-1-5-21-546598855-1036608391-1468038668-1001..\RunOnce: [Application Restart #3] C:\Users\Chell\AppData\Local\Pokki\Engine\HostAppService.exe (Pokki)
      O4 - HKU\S-1-5-21-546598855-1036608391-1468038668-1001..\RunOnce: [Application Restart #4] C:\Users\Chell\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Chell\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --enable-touch-events --flag-switches-begin --flag-switches-end --restore-last-session File not found
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
      O27:64bit: - HKLM IFEO\DatamngrCoordinator.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
      O27 - HKLM IFEO\DatamngrCoordinator.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
      [2014/06/22 23:29:41 | 000,000,000 | ---D | C] -- C:\Users\Chell\Documents\Optimizer Pro
      [2014/06/22 23:29:35 | 000,000,000 | ---D | C] -- C:\Users\Chell\AppData\Roaming\VOPackage
      [2014/06/22 23:29:35 | 000,000,000 | ---D | C] -- C:\Users\Chell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
      [2014/06/22 23:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
      [2014/06/22 23:18:57 | 000,041,768 | ---- | C] (SecureAssist) -- C:\windows\SysNative\drivers\SAWFP64.sys
      [2014/06/22 23:17:37 | 000,000,000 | ---D | C] -- C:\Users\Chell\AppData\Roaming\System Speedup
      [2014/06/22 23:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup
      [2014/06/22 23:17:34 | 000,000,000 | ---D | C] -- C:\Users\Chell\AppData\Roaming\systweak
      [2014/06/22 23:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System Speedup
      [1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
      [1 C:\Users\Chell\AppData\Local\*.tmp files -> C:\Users\Chell\AppData\Local\*.tmp -> ]
      [2014/06/23 10:28:19 | 000,000,376 | ---- | M] () -- C:\windows\tasks\APSnotifierPP3.job
      [2014/06/23 10:28:19 | 000,000,376 | ---- | M] () -- C:\windows\tasks\APSnotifierPP2.job
      [2014/06/23 10:28:19 | 000,000,312 | ---- | M] () -- C:\windows\tasks\System Speedup_UPDATES.job
      [2014/06/23 01:03:01 | 000,000,378 | ---- | M] () -- C:\windows\tasks\APSnotifierPP1.job
      [2014/06/23 00:43:16 | 000,000,376 | ---- | C] () -- C:\windows\tasks\APSnotifierPP3.job
      [2014/06/23 00:43:15 | 000,000,378 | ---- | C] () -- C:\windows\tasks\APSnotifierPP1.job
      [2014/06/23 00:43:15 | 000,000,376 | ---- | C] () -- C:\windows\tasks\APSnotifierPP2.job
      [2014/06/22 23:17:52 | 000,000,304 | ---- | C] () -- C:\windows\tasks\System Speedup_DEFAULT.job
      [2014/06/22 23:17:51 | 000,000,312 | ---- | C] () -- C:\windows\tasks\System Speedup_UPDATES.job
      
      :Files
      
      ipconfig /flushdns /c
      
      :Commands
      [emptytemp]
      [resethosts]
    • Make sure all other windows are closed.
    • Click the Run Fix button at the top
    • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
    • Post the log that is found in C:\_OTL\Moved Files in your next reply.
    • Open OTL again and click the Quick Scan button.



    Next

    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the Report button and the report will open in Notepad.
    • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
    • Click on the Clean button follow the prompts.[/*]
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner


    Next

    Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    1 Post the OTL Fix log
    2- Post a new OTL after quick scan
    3- Post the adwCleaner log
    4- Post the JRT Log.txt

Page 1 of 3 123 LastLast