JMayhem

I did all these last 3 steps but all Combofix, Malwarebytes newest version, and ESet say "no threats found". However, when I try to run Google Chrome it still reroutes to "searchnu.com/406"

Hello - here is the combofix log ComboFix 12-04-01.02 - Jenny 04/02/2012 9:41.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.2346 [GMT -6:00] Running from: c:\users\Jenny\Downloads\ComboFix.exe AV: AVG Anti-Virus 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\TEMP\mia1\mEXEFunc.dll . . ((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 ))))))))))))))))))))))))))))))) . . 2012-04-02 15:46 . 2012-04-02 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-31 23:50 . 2012-03-31 23:50 -------- d-----r- c:\program files (x86)\Skype 2012-03-31 23:50 . 2012-04-02 15:47 -------- d-----w- c:\users\Jenny\AppData\Roaming\Skype 2012-03-30 16:37 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51FFEBAF-B11F-4259-8319-DEFB51C49B29}\mpengine.dll 2012-03-30 03:31 . 2012-01-09 08:26 24360 ----a-w- c:\windows\system32\drivers\avhips.sys 2012-03-30 03:31 . 2012-01-09 08:26 20264 ----a-w- c:\windows\system32\drivers\avfsmn.sys 2012-03-30 03:31 . 2012-03-30 03:31 -------- d-----w- c:\program files (x86)\Anvisoft 2012-03-28 02:44 . 2012-03-28 02:44 -------- d-----w- c:\users\Jenny\AppData\Roaming\Malwarebytes 2012-03-28 02:44 . 2012-03-28 02:44 -------- d-----w- c:\programdata\Malwarebytes 2012-03-28 02:44 . 2012-03-28 02:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-28 02:44 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-27 03:30 . 2012-03-27 03:30 -------- d-----w- c:\program files\iTunes 2012-03-27 03:30 . 2012-03-27 03:30 -------- d-----w- c:\program files (x86)\iTunes 2012-03-27 03:30 . 2012-03-27 03:30 -------- d-----w- c:\program files\iPod 2012-03-24 16:42 . 2012-03-24 16:42 -------- d-----w- c:\users\Jenny\AppData\Local\Ilivid Player 2012-03-24 16:41 . 2012-03-24 16:47 -------- d-----w- c:\programdata\boost_interprocess 2012-03-22 03:43 . 2012-04-02 02:54 -------- d-----w- C:\FarmVilleBot_2.1 2012-03-17 03:21 . 2012-03-17 03:21 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-03-14 23:15 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-14 23:15 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-14 23:15 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-14 03:37 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 03:37 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 03:37 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 03:36 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 03:36 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-14 03:36 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 03:36 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-14 03:36 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 03:36 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 03:36 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-19 04:19 . 2011-08-11 03:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-17 03:20 . 2011-08-29 01:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-02-23 15:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-15 17:01 . 2012-02-15 17:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-02-15 17:01 . 2012-02-15 17:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-01-04 10:44 . 2012-02-15 03:13 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-01-04 08:58 . 2012-02-15 03:13 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 14940040] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-02-15 297280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736] "Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-02-03 715048] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216] "KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-12-12 2234288] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-31 352848] R4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912] R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584] R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672] R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624] R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-02-15 257344] R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S1 avfsmn;avfsmn;c:\windows\system32\DRIVERS\avfsmn.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-02-03 296232] S2 avhips;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\avhips.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-23 873064] S2 HawkesUpdater;Hawkes Unattended Updater;c:\program files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [2003-04-18 8192] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-03-04 c:\windows\Tasks\DLL-files.com Fixer_MONTHLY.job - c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2011-08-29 00:03] . 2012-03-28 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job - c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2011-08-29 00:03] . 2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3767778522-3456462054-3616011533-1001Core.job - c:\users\Jenny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 03:53] . 2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3767778522-3456462054-3616011533-1001UA.job - c:\users\Jenny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 03:53] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-18 11779176] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-23 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-23 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-23 415256] "Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 1796200] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.searchnu.com/406 mStart Page = hxxp://acer.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 129.123.0.2 129.123.0.1 FF - ProfilePath - c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\1p9nc0u4.default\ FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406 FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q= . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) Wow6432Node-HKCU-Run-RDReminder - (no file) Toolbar-Locked - (no file) Toolbar-10 - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe . ************************************************************************** . Completion time: 2012-04-02 09:54:20 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-02 15:54 . Pre-Run: 428,191,154,176 bytes free Post-Run: 427,821,064,192 bytes free . - - End Of File - - 6CA4CAB19EA13CE5ADBCD687D0CF1936

Thank you, here are the files copied & pasted, and the MBR.dat attached 20:55:20.0143 7736 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18 20:55:20.0620 7736 ============================================================ 20:55:20.0620 7736 Current date / time: 2012/04/01 20:55:20.0620 20:55:20.0620 7736 SystemInfo: 20:55:20.0620 7736 20:55:20.0621 7736 OS Version: 6.1.7601 ServicePack: 1.0 20:55:20.0621 7736 Product type: Workstation 20:55:20.0621 7736 ComputerName: JENNY-PC 20:55:20.0621 7736 UserName: Jenny 20:55:20.0621 7736 Windows directory: C:\Windows 20:55:20.0621 7736 System windows directory: C:\Windows 20:55:20.0621 7736 Running under WOW64 20:55:20.0621 7736 Processor architecture: Intel x64 20:55:20.0621 7736 Number of processors: 2 20:55:20.0621 7736 Page size: 0x1000 20:55:20.0621 7736 Boot type: Normal boot 20:55:20.0621 7736 ============================================================ 20:55:21.0240 7736 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:55:21.0256 7736 \Device\Harddisk0\DR0: 20:55:21.0256 7736 MBR used 20:55:21.0256 7736 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000 20:55:21.0256 7736 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x38353000 20:55:21.0287 7736 Initialize success 20:55:21.0287 7736 ============================================================ 20:55:43.0136 7920 ============================================================ 20:55:43.0136 7920 Scan started 20:55:43.0136 7920 Mode: Manual; TDLFS; 20:55:43.0136 7920 ============================================================ 20:55:43.0817 7920 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 20:55:43.0817 7920 1394ohci - ok 20:55:43.0864 7920 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 20:55:43.0864 7920 ACPI - ok 20:55:43.0895 7920 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 20:55:43.0895 7920 AcpiPmi - ok 20:55:44.0005 7920 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 20:55:44.0005 7920 AdobeARMservice - ok 20:55:44.0161 7920 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 20:55:44.0176 7920 adp94xx - ok 20:55:44.0223 7920 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 20:55:44.0239 7920 adpahci - ok 20:55:44.0270 7920 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 20:55:44.0270 7920 adpu320 - ok 20:55:44.0317 7920 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 20:55:44.0317 7920 AeLookupSvc - ok 20:55:44.0379 7920 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 20:55:44.0395 7920 AFD - ok 20:55:44.0457 7920 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 20:55:44.0457 7920 agp440 - ok 20:55:44.0504 7920 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 20:55:44.0504 7920 ALG - ok 20:55:44.0535 7920 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 20:55:44.0535 7920 aliide - ok 20:55:44.0566 7920 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 20:55:44.0566 7920 amdide - ok 20:55:44.0597 7920 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 20:55:44.0597 7920 AmdK8 - ok 20:55:44.0613 7920 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 20:55:44.0613 7920 AmdPPM - ok 20:55:44.0660 7920 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 20:55:44.0675 7920 amdsata - ok 20:55:44.0691 7920 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 20:55:44.0691 7920 amdsbs - ok 20:55:44.0722 7920 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 20:55:44.0722 7920 amdxata - ok 20:55:44.0753 7920 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 20:55:44.0753 7920 AppID - ok 20:55:44.0785 7920 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 20:55:44.0800 7920 AppIDSvc - ok 20:55:44.0816 7920 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 20:55:44.0816 7920 Appinfo - ok 20:55:44.0925 7920 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:55:44.0941 7920 Apple Mobile Device - ok 20:55:45.0050 7920 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 20:55:45.0050 7920 arc - ok 20:55:45.0081 7920 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 20:55:45.0081 7920 arcsas - ok 20:55:45.0159 7920 asdsrv (2be4aa54c7728b7a432713961b09fa89) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe 20:55:45.0237 7920 asdsrv - ok 20:55:45.0315 7920 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 20:55:45.0315 7920 AsyncMac - ok 20:55:45.0346 7920 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 20:55:45.0346 7920 atapi - ok 20:55:45.0471 7920 athr (cc406da84e7dd3fa3ad20340dbc66cf2) C:\Windows\system32\DRIVERS\athrx.sys 20:55:45.0565 7920 athr - ok 20:55:45.0674 7920 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 20:55:45.0689 7920 AudioEndpointBuilder - ok 20:55:45.0705 7920 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 20:55:45.0705 7920 AudioSrv - ok 20:55:45.0861 7920 avfsmn (7f5ea096d5edbaa9caeedf07dfae65da) C:\Windows\system32\DRIVERS\avfsmn.sys 20:55:45.0892 7920 avfsmn - ok 20:55:46.0173 7920 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe 20:55:46.0309 7920 AVGIDSAgent - ok 20:55:46.0451 7920 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 20:55:46.0455 7920 AVGIDSDriver - ok 20:55:46.0490 7920 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 20:55:46.0493 7920 AVGIDSEH - ok 20:55:46.0511 7920 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 20:55:46.0514 7920 AVGIDSFilter - ok 20:55:46.0549 7920 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys 20:55:46.0556 7920 Avgldx64 - ok 20:55:46.0604 7920 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys 20:55:46.0607 7920 Avgmfx64 - ok 20:55:46.0684 7920 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys 20:55:46.0687 7920 Avgrkx64 - ok 20:55:46.0729 7920 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys 20:55:46.0738 7920 Avgtdia - ok 20:55:46.0962 7920 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe 20:55:46.0967 7920 avgwd - ok 20:55:47.0047 7920 avhips (e0edb0f31b9755fb8f8017f3326de033) C:\Windows\system32\DRIVERS\avhips.sys 20:55:47.0062 7920 avhips - ok 20:55:47.0094 7920 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 20:55:47.0097 7920 AxInstSV - ok 20:55:47.0140 7920 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 20:55:47.0148 7920 b06bdrv - ok 20:55:47.0186 7920 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 20:55:47.0192 7920 b57nd60a - ok 20:55:47.0338 7920 BCM43XX (85111026f1c5a1c4cce3697f0da7bc1a) C:\Windows\system32\DRIVERS\bcmwl664.sys 20:55:47.0449 7920 BCM43XX - ok 20:55:47.0481 7920 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 20:55:47.0496 7920 BDESVC - ok 20:55:47.0548 7920 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 20:55:47.0549 7920 Beep - ok 20:55:47.0607 7920 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 20:55:47.0621 7920 BFE - ok 20:55:47.0710 7920 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 20:55:47.0745 7920 BITS - ok 20:55:47.0964 7920 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys 20:55:47.0966 7920 blbdrive - ok 20:55:48.0105 7920 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 20:55:48.0115 7920 Bonjour Service - ok 20:55:48.0260 7920 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 20:55:48.0264 7920 bowser - ok 20:55:48.0410 7920 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 20:55:48.0412 7920 BrFiltLo - ok 20:55:48.0654 7920 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 20:55:48.0657 7920 BrFiltUp - ok 20:55:48.0754 7920 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 20:55:48.0758 7920 Browser - ok 20:55:48.0823 7920 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 20:55:48.0831 7920 Brserid - ok 20:55:48.0846 7920 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 20:55:48.0850 7920 BrSerWdm - ok 20:55:48.0861 7920 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 20:55:48.0864 7920 BrUsbMdm - ok 20:55:48.0876 7920 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 20:55:48.0878 7920 BrUsbSer - ok 20:55:48.0890 7920 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 20:55:48.0893 7920 BTHMODEM - ok 20:55:48.0930 7920 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 20:55:48.0932 7920 bthserv - ok 20:55:48.0985 7920 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 20:55:48.0989 7920 cdfs - ok 20:55:49.0107 7920 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 20:55:49.0111 7920 cdrom - ok 20:55:49.0205 7920 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 20:55:49.0208 7920 CertPropSvc - ok 20:55:49.0257 7920 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 20:55:49.0260 7920 circlass - ok 20:55:49.0364 7920 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 20:55:49.0364 7920 CLFS - ok 20:55:49.0442 7920 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:55:49.0442 7920 clr_optimization_v2.0.50727_32 - ok 20:55:49.0473 7920 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:55:49.0473 7920 clr_optimization_v2.0.50727_64 - ok 20:55:49.0614 7920 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:55:49.0614 7920 clr_optimization_v4.0.30319_32 - ok 20:55:49.0645 7920 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:55:49.0645 7920 clr_optimization_v4.0.30319_64 - ok 20:55:49.0739 7920 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 20:55:49.0739 7920 CmBatt - ok 20:55:49.0770 7920 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 20:55:49.0770 7920 cmdide - ok 20:55:49.0879 7920 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 20:55:49.0895 7920 CNG - ok 20:55:49.0941 7920 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 20:55:49.0941 7920 Compbatt - ok 20:55:49.0973 7920 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 20:55:49.0973 7920 CompositeBus - ok 20:55:50.0004 7920 COMSysApp - ok 20:55:50.0019 7920 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 20:55:50.0035 7920 crcdisk - ok 20:55:50.0144 7920 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 20:55:50.0144 7920 CryptSvc - ok 20:55:50.0300 7920 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 20:55:50.0316 7920 cvhsvc - ok 20:55:50.0425 7920 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 20:55:50.0441 7920 DcomLaunch - ok 20:55:50.0472 7920 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 20:55:50.0472 7920 defragsvc - ok 20:55:50.0534 7920 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 20:55:50.0534 7920 DfsC - ok 20:55:50.0597 7920 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 20:55:50.0597 7920 Dhcp - ok 20:55:50.0706 7920 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 20:55:50.0706 7920 discache - ok 20:55:50.0799 7920 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 20:55:50.0799 7920 Disk - ok 20:55:50.0862 7920 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 20:55:50.0862 7920 Dnscache - ok 20:55:50.0909 7920 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 20:55:50.0924 7920 dot3svc - ok 20:55:50.0955 7920 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 20:55:50.0955 7920 DPS - ok 20:55:51.0080 7920 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 20:55:51.0080 7920 drmkaud - ok 20:55:51.0174 7920 DsiWMIService (32c2cd16dc801aef9edaafea0dbd769e) C:\Program Files (x86)\Launch Manager\dsiwmis.exe 20:55:51.0189 7920 DsiWMIService - ok 20:55:51.0314 7920 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 20:55:51.0345 7920 DXGKrnl - ok 20:55:51.0392 7920 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 20:55:51.0392 7920 EapHost - ok 20:55:51.0517 7920 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 20:55:51.0616 7920 ebdrv - ok 20:55:51.0714 7920 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 20:55:51.0719 7920 EFS - ok 20:55:51.0804 7920 EgisTec Ticket Service (03e6888da1a85acf14ac2a3c328a9e62) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe 20:55:51.0809 7920 EgisTec Ticket Service - ok 20:55:51.0882 7920 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 20:55:51.0900 7920 ehRecvr - ok 20:55:51.0949 7920 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 20:55:51.0953 7920 ehSched - ok 20:55:52.0030 7920 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 20:55:52.0040 7920 elxstor - ok 20:55:52.0191 7920 ePowerSvc (eb1c213a8550f066b2ccc29c9f41e2ae) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe 20:55:52.0222 7920 ePowerSvc - ok 20:55:52.0325 7920 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 20:55:52.0327 7920 ErrDev - ok 20:55:52.0441 7920 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 20:55:52.0450 7920 EventSystem - ok 20:55:52.0508 7920 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 20:55:52.0513 7920 exfat - ok 20:55:52.0545 7920 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 20:55:52.0561 7920 fastfat - ok 20:55:52.0670 7920 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 20:55:52.0698 7920 Fax - ok 20:55:52.0745 7920 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 20:55:52.0748 7920 fdc - ok 20:55:52.0785 7920 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 20:55:52.0788 7920 fdPHost - ok 20:55:52.0808 7920 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 20:55:52.0811 7920 FDResPub - ok 20:55:52.0855 7920 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 20:55:52.0858 7920 FileInfo - ok 20:55:52.0889 7920 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 20:55:52.0892 7920 Filetrace - ok 20:55:53.0011 7920 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 20:55:53.0026 7920 FLEXnet Licensing Service - ok 20:55:53.0114 7920 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 20:55:53.0117 7920 flpydisk - ok 20:55:53.0151 7920 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 20:55:53.0158 7920 FltMgr - ok 20:55:53.0227 7920 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 20:55:53.0262 7920 FontCache - ok 20:55:53.0348 7920 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:55:53.0348 7920 FontCache3.0.0.0 - ok 20:55:53.0410 7920 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 20:55:53.0410 7920 FsDepends - ok 20:55:53.0442 7920 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 20:55:53.0442 7920 Fs_Rec - ok 20:55:53.0473 7920 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 20:55:53.0488 7920 fvevol - ok 20:55:53.0520 7920 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 20:55:53.0520 7920 gagp30kx - ok 20:55:53.0691 7920 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 20:55:53.0707 7920 GamesAppService - ok 20:55:53.0816 7920 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 20:55:53.0832 7920 GEARAspiWDM - ok 20:55:53.0910 7920 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 20:55:53.0941 7920 gpsvc - ok 20:55:54.0066 7920 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe 20:55:54.0066 7920 GREGService - ok 20:55:54.0159 7920 HawkesUpdater (4635935fc972c582632bf45c26bfcb0e) C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe 20:55:54.0175 7920 HawkesUpdater - ok 20:55:54.0284 7920 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 20:55:54.0284 7920 hcw85cir - ok 20:55:54.0346 7920 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 20:55:54.0346 7920 HdAudAddService - ok 20:55:54.0409 7920 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 20:55:54.0409 7920 HDAudBus - ok 20:55:54.0471 7920 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\drivers\HECIx64.sys 20:55:54.0471 7920 HECIx64 - ok 20:55:54.0502 7920 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 20:55:54.0502 7920 HidBatt - ok 20:55:54.0518 7920 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 20:55:54.0534 7920 HidBth - ok 20:55:54.0534 7920 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 20:55:54.0549 7920 HidIr - ok 20:55:54.0586 7920 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 20:55:54.0589 7920 hidserv - ok 20:55:54.0667 7920 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 20:55:54.0669 7920 HidUsb - ok 20:55:54.0705 7920 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 20:55:54.0710 7920 hkmsvc - ok 20:55:54.0740 7920 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 20:55:54.0748 7920 HomeGroupListener - ok 20:55:54.0790 7920 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 20:55:54.0797 7920 HomeGroupProvider - ok 20:55:54.0868 7920 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 20:55:54.0872 7920 HpSAMD - ok 20:55:54.0930 7920 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 20:55:54.0963 7920 HTTP - ok 20:55:54.0987 7920 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 20:55:54.0990 7920 hwpolicy - ok 20:55:55.0032 7920 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 20:55:55.0036 7920 i8042prt - ok 20:55:55.0084 7920 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\drivers\iaStor.sys 20:55:55.0091 7920 iaStor - ok 20:55:55.0208 7920 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 20:55:55.0211 7920 IAStorDataMgrSvc - ok 20:55:55.0305 7920 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 20:55:55.0314 7920 iaStorV - ok 20:55:55.0417 7920 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:55:55.0451 7920 idsvc - ok 20:55:55.0767 7920 igfx (31569a2e836c12014148bf7342716946) C:\Windows\system32\DRIVERS\igdkmd64.sys 20:55:56.0016 7920 igfx - ok 20:55:56.0079 7920 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 20:55:56.0094 7920 iirsp - ok 20:55:56.0141 7920 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 20:55:56.0172 7920 IKEEXT - ok 20:55:56.0281 7920 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys 20:55:56.0281 7920 Impcd - ok 20:55:56.0422 7920 IntcAzAudAddService (650d06e28a43e365a01ec4ee0946fc24) C:\Windows\system32\drivers\RTKVHD64.sys 20:55:56.0531 7920 IntcAzAudAddService - ok 20:55:56.0593 7920 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 20:55:56.0593 7920 intelide - ok 20:55:56.0640 7920 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 20:55:56.0656 7920 intelppm - ok 20:55:56.0671 7920 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 20:55:56.0687 7920 IPBusEnum - ok 20:55:56.0703 7920 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:55:56.0703 7920 IpFilterDriver - ok 20:55:56.0734 7920 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 20:55:56.0749 7920 iphlpsvc - ok 20:55:56.0765 7920 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 20:55:56.0765 7920 IPMIDRV - ok 20:55:56.0765 7920 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 20:55:56.0781 7920 IPNAT - ok 20:55:56.0921 7920 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe 20:55:56.0952 7920 iPod Service - ok 20:55:56.0999 7920 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 20:55:56.0999 7920 IRENUM - ok 20:55:57.0015 7920 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 20:55:57.0015 7920 isapnp - ok 20:55:57.0046 7920 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 20:55:57.0046 7920 iScsiPrt - ok 20:55:57.0093 7920 k57nd60a (0469bff65bbdee9e46d0c45ee32a08bd) C:\Windows\system32\DRIVERS\k57nd60a.sys 20:55:57.0108 7920 k57nd60a - ok 20:55:57.0139 7920 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 20:55:57.0139 7920 kbdclass - ok 20:55:57.0171 7920 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 20:55:57.0171 7920 kbdhid - ok 20:55:57.0202 7920 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:55:57.0217 7920 KeyIso - ok 20:55:57.0342 7920 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe 20:55:57.0358 7920 Kodak AiO Network Discovery Service - ok 20:55:57.0373 7920 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 20:55:57.0373 7920 KSecDD - ok 20:55:57.0389 7920 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 20:55:57.0405 7920 KSecPkg - ok 20:55:57.0451 7920 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 20:55:57.0451 7920 ksthunk - ok 20:55:57.0498 7920 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 20:55:57.0514 7920 KtmRm - ok 20:55:57.0565 7920 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 20:55:57.0572 7920 LanmanServer - ok 20:55:57.0617 7920 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 20:55:57.0622 7920 LanmanWorkstation - ok 20:55:57.0690 7920 Live Updater Service (6bcee9c766815bfff89de7d81af34ce1) C:\Program Files\Acer\Acer Updater\UpdaterService.exe 20:55:57.0696 7920 Live Updater Service - ok 20:55:57.0769 7920 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 20:55:57.0772 7920 lltdio - ok 20:55:57.0816 7920 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 20:55:57.0825 7920 lltdsvc - ok 20:55:57.0853 7920 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 20:55:57.0857 7920 lmhosts - ok 20:55:57.0962 7920 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 20:55:57.0968 7920 LMS - ok 20:55:58.0013 7920 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 20:55:58.0017 7920 LSI_FC - ok 20:55:58.0030 7920 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 20:55:58.0034 7920 LSI_SAS - ok 20:55:58.0046 7920 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 20:55:58.0049 7920 LSI_SAS2 - ok 20:55:58.0061 7920 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 20:55:58.0064 7920 LSI_SCSI - ok 20:55:58.0103 7920 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 20:55:58.0106 7920 luafv - ok 20:55:58.0150 7920 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 20:55:58.0154 7920 Mcx2Svc - ok 20:55:58.0164 7920 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 20:55:58.0166 7920 megasas - ok 20:55:58.0201 7920 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 20:55:58.0206 7920 MegaSR - ok 20:55:58.0226 7920 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 20:55:58.0229 7920 MMCSS - ok 20:55:58.0240 7920 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 20:55:58.0242 7920 Modem - ok 20:55:58.0258 7920 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 20:55:58.0260 7920 monitor - ok 20:55:58.0285 7920 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 20:55:58.0287 7920 mouclass - ok 20:55:58.0313 7920 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 20:55:58.0315 7920 mouhid - ok 20:55:58.0370 7920 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 20:55:58.0374 7920 mountmgr - ok 20:55:58.0401 7920 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 20:55:58.0405 7920 mpio - ok 20:55:58.0427 7920 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 20:55:58.0430 7920 mpsdrv - ok 20:55:58.0477 7920 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 20:55:58.0491 7920 MpsSvc - ok 20:55:58.0502 7920 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 20:55:58.0505 7920 MRxDAV - ok 20:55:58.0535 7920 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 20:55:58.0538 7920 mrxsmb - ok 20:55:58.0579 7920 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:55:58.0584 7920 mrxsmb10 - ok 20:55:58.0598 7920 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:55:58.0602 7920 mrxsmb20 - ok 20:55:58.0612 7920 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 20:55:58.0614 7920 msahci - ok 20:55:58.0640 7920 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 20:55:58.0644 7920 msdsm - ok 20:55:58.0662 7920 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 20:55:58.0667 7920 MSDTC - ok 20:55:58.0691 7920 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 20:55:58.0693 7920 Msfs - ok 20:55:58.0717 7920 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 20:55:58.0719 7920 mshidkmdf - ok 20:55:58.0737 7920 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 20:55:58.0739 7920 msisadrv - ok 20:55:58.0787 7920 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 20:55:58.0792 7920 MSiSCSI - ok 20:55:58.0800 7920 msiserver - ok 20:55:58.0827 7920 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 20:55:58.0830 7920 MSKSSRV - ok 20:55:58.0863 7920 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 20:55:58.0865 7920 MSPCLOCK - ok 20:55:58.0882 7920 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 20:55:58.0884 7920 MSPQM - ok 20:55:58.0910 7920 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 20:55:58.0917 7920 MsRPC - ok 20:55:58.0940 7920 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 20:55:58.0942 7920 mssmbios - ok 20:55:58.0961 7920 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 20:55:58.0963 7920 MSTEE - ok 20:55:58.0976 7920 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 20:55:58.0978 7920 MTConfig - ok 20:55:58.0998 7920 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 20:55:59.0001 7920 Mup - ok 20:55:59.0035 7920 mwlPSDFilter (9b1eac6faf6f37305e822f5588dc8056) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 20:55:59.0037 7920 mwlPSDFilter - ok 20:55:59.0057 7920 mwlPSDNServ (ad55c1524b296280ed9c6e0d730d35da) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 20:55:59.0059 7920 mwlPSDNServ - ok 20:55:59.0079 7920 mwlPSDVDisk (2b599e6ec8843637bdd62e7f8f3ba201) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 20:55:59.0082 7920 mwlPSDVDisk - ok 20:55:59.0126 7920 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 20:55:59.0135 7920 napagent - ok 20:55:59.0179 7920 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 20:55:59.0184 7920 NativeWifiP - ok 20:55:59.0256 7920 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 20:55:59.0291 7920 NDIS - ok 20:55:59.0313 7920 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 20:55:59.0316 7920 NdisCap - ok 20:55:59.0346 7920 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 20:55:59.0346 7920 NdisTapi - ok 20:55:59.0378 7920 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 20:55:59.0378 7920 Ndisuio - ok 20:55:59.0393 7920 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 20:55:59.0393 7920 NdisWan - ok 20:55:59.0424 7920 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 20:55:59.0424 7920 NDProxy - ok 20:55:59.0440 7920 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 20:55:59.0440 7920 NetBIOS - ok 20:55:59.0471 7920 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 20:55:59.0471 7920 NetBT - ok 20:55:59.0525 7920 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:55:59.0527 7920 Netlogon - ok 20:55:59.0592 7920 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 20:55:59.0601 7920 Netman - ok 20:55:59.0619 7920 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 20:55:59.0632 7920 netprofm - ok 20:55:59.0720 7920 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:55:59.0724 7920 NetTcpPortSharing - ok 20:55:59.0807 7920 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 20:55:59.0810 7920 nfrd960 - ok 20:55:59.0884 7920 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 20:55:59.0893 7920 NlaSvc - ok 20:56:00.0027 7920 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe 20:56:00.0104 7920 NOBU - ok 20:56:00.0259 7920 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 20:56:00.0261 7920 Npfs - ok 20:56:00.0331 7920 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 20:56:00.0334 7920 nsi - ok 20:56:00.0362 7920 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 20:56:00.0364 7920 nsiproxy - ok 20:56:00.0453 7920 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 20:56:00.0498 7920 Ntfs - ok 20:56:00.0571 7920 NTI IScheduleSvc (773eed20bbf50809437373c0285bfa5e) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe 20:56:00.0634 7920 NTI IScheduleSvc - ok 20:56:00.0774 7920 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys 20:56:00.0774 7920 NTIDrvr - ok 20:56:00.0821 7920 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 20:56:00.0821 7920 Null - ok 20:56:00.0868 7920 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 20:56:00.0868 7920 nvraid - ok 20:56:00.0914 7920 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 20:56:00.0914 7920 nvstor - ok 20:56:00.0946 7920 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 20:56:00.0946 7920 nv_agp - ok 20:56:00.0961 7920 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 20:56:00.0977 7920 ohci1394 - ok 20:56:01.0102 7920 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:56:01.0117 7920 ose - ok 20:56:01.0289 7920 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 20:56:01.0414 7920 osppsvc - ok 20:56:01.0585 7920 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 20:56:01.0585 7920 p2pimsvc - ok 20:56:01.0671 7920 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 20:56:01.0682 7920 p2psvc - ok 20:56:01.0713 7920 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 20:56:01.0717 7920 Parport - ok 20:56:01.0740 7920 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 20:56:01.0744 7920 partmgr - ok 20:56:01.0834 7920 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 20:56:01.0840 7920 PcaSvc - ok 20:56:01.0894 7920 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 20:56:01.0899 7920 pci - ok 20:56:01.0920 7920 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 20:56:01.0923 7920 pciide - ok 20:56:01.0941 7920 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 20:56:01.0947 7920 pcmcia - ok 20:56:01.0984 7920 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 20:56:01.0987 7920 pcw - ok 20:56:02.0041 7920 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 20:56:02.0058 7920 PEAUTH - ok 20:56:02.0205 7920 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 20:56:02.0209 7920 PerfHost - ok 20:56:02.0309 7920 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 20:56:02.0356 7920 pla - ok 20:56:02.0440 7920 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 20:56:02.0451 7920 PlugPlay - ok 20:56:02.0501 7920 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 20:56:02.0506 7920 PNRPAutoReg - ok 20:56:02.0533 7920 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 20:56:02.0540 7920 PNRPsvc - ok 20:56:02.0591 7920 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 20:56:02.0602 7920 PolicyAgent - ok 20:56:02.0632 7920 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 20:56:02.0639 7920 Power - ok 20:56:02.0689 7920 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 20:56:02.0693 7920 PptpMiniport - ok 20:56:02.0725 7920 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 20:56:02.0728 7920 Processor - ok 20:56:02.0755 7920 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 20:56:02.0762 7920 ProfSvc - ok 20:56:02.0804 7920 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:56:02.0807 7920 ProtectedStorage - ok 20:56:02.0839 7920 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 20:56:02.0844 7920 Psched - ok 20:56:02.0902 7920 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 20:56:02.0949 7920 ql2300 - ok 20:56:02.0962 7920 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 20:56:02.0967 7920 ql40xx - ok 20:56:02.0990 7920 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 20:56:02.0994 7920 QWAVE - ok 20:56:03.0013 7920 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 20:56:03.0015 7920 QWAVEdrv - ok 20:56:03.0024 7920 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 20:56:03.0026 7920 RasAcd - ok 20:56:03.0059 7920 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 20:56:03.0062 7920 RasAgileVpn - ok 20:56:03.0090 7920 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 20:56:03.0094 7920 RasAuto - ok 20:56:03.0114 7920 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 20:56:03.0117 7920 Rasl2tp - ok 20:56:03.0151 7920 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 20:56:03.0158 7920 RasMan - ok 20:56:03.0193 7920 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 20:56:03.0195 7920 RasPppoe - ok 20:56:03.0217 7920 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 20:56:03.0219 7920 RasSstp - ok 20:56:03.0240 7920 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 20:56:03.0245 7920 rdbss - ok 20:56:03.0267 7920 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 20:56:03.0269 7920 rdpbus - ok 20:56:03.0299 7920 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 20:56:03.0301 7920 RDPCDD - ok 20:56:03.0334 7920 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 20:56:03.0336 7920 RDPENCDD - ok 20:56:03.0360 7920 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 20:56:03.0362 7920 RDPREFMP - ok 20:56:03.0408 7920 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 20:56:03.0414 7920 RDPWD - ok 20:56:03.0476 7920 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 20:56:03.0482 7920 rdyboost - ok 20:56:03.0516 7920 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 20:56:03.0521 7920 RemoteAccess - ok 20:56:03.0550 7920 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 20:56:03.0557 7920 RemoteRegistry - ok 20:56:03.0578 7920 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 20:56:03.0583 7920 RpcEptMapper - ok 20:56:03.0617 7920 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 20:56:03.0621 7920 RpcLocator - ok 20:56:03.0652 7920 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 20:56:03.0661 7920 RpcSs - ok 20:56:03.0749 7920 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 20:56:03.0752 7920 rspndr - ok 20:56:03.0824 7920 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\Windows\System32\Drivers\RtsUStor.sys 20:56:03.0831 7920 RSUSBSTOR - ok 20:56:03.0870 7920 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:56:03.0873 7920 SamSs - ok 20:56:03.0927 7920 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 20:56:03.0931 7920 sbp2port - ok 20:56:03.0986 7920 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 20:56:03.0991 7920 SCardSvr - ok 20:56:04.0056 7920 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 20:56:04.0059 7920 scfilter - ok 20:56:04.0192 7920 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 20:56:04.0223 7920 Schedule - ok 20:56:04.0255 7920 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 20:56:04.0255 7920 SCPolicySvc - ok 20:56:04.0301 7920 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 20:56:04.0317 7920 SDRSVC - ok 20:56:04.0405 7920 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 20:56:04.0408 7920 secdrv - ok 20:56:04.0454 7920 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 20:56:04.0460 7920 seclogon - ok 20:56:04.0488 7920 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 20:56:04.0494 7920 SENS - ok 20:56:04.0520 7920 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 20:56:04.0524 7920 SensrSvc - ok 20:56:04.0589 7920 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 20:56:04.0592 7920 Serenum - ok 20:56:04.0619 7920 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 20:56:04.0624 7920 Serial - ok 20:56:04.0649 7920 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 20:56:04.0651 7920 sermouse - ok 20:56:04.0721 7920 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 20:56:04.0727 7920 SessionEnv - ok 20:56:04.0792 7920 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 20:56:04.0795 7920 sffdisk - ok 20:56:04.0807 7920 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 20:56:04.0809 7920 sffp_mmc - ok 20:56:04.0823 7920 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 20:56:04.0827 7920 sffp_sd - ok 20:56:04.0840 7920 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 20:56:04.0844 7920 sfloppy - ok 20:56:04.0943 7920 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys 20:56:04.0975 7920 Sftfs - ok 20:56:05.0090 7920 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 20:56:05.0104 7920 sftlist - ok 20:56:05.0145 7920 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys 20:56:05.0150 7920 Sftplay - ok 20:56:05.0173 7920 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys 20:56:05.0175 7920 Sftredir - ok 20:56:05.0206 7920 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys 20:56:05.0208 7920 Sftvol - ok 20:56:05.0228 7920 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 20:56:05.0232 7920 sftvsa - ok 20:56:05.0285 7920 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 20:56:05.0294 7920 SharedAccess - ok 20:56:05.0350 7920 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 20:56:05.0366 7920 ShellHWDetection - ok 20:56:05.0444 7920 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 20:56:05.0444 7920 SiSRaid2 - ok 20:56:05.0459 7920 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 20:56:05.0459 7920 SiSRaid4 - ok 20:56:05.0506 7920 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 20:56:05.0506 7920 Smb - ok 20:56:05.0569 7920 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 20:56:05.0569 7920 SNMPTRAP - ok 20:56:05.0600 7920 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 20:56:05.0600 7920 spldr - ok 20:56:05.0631 7920 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 20:56:05.0647 7920 Spooler - ok 20:56:05.0818 7920 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 20:56:05.0881 7920 sppsvc - ok 20:56:05.0943 7920 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 20:56:05.0943 7920 sppuinotify - ok 20:56:06.0083 7920 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 20:56:06.0099 7920 srv - ok 20:56:06.0130 7920 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 20:56:06.0146 7920 srv2 - ok 20:56:06.0208 7920 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 20:56:06.0208 7920 srvnet - ok 20:56:06.0255 7920 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 20:56:06.0271 7920 SSDPSRV - ok 20:56:06.0286 7920 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 20:56:06.0286 7920 SstpSvc - ok 20:56:06.0317 7920 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 20:56:06.0317 7920 stexstor - ok 20:56:06.0406 7920 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 20:56:06.0420 7920 stisvc - ok 20:56:06.0442 7920 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 20:56:06.0445 7920 swenum - ok 20:56:06.0482 7920 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 20:56:06.0499 7920 swprv - ok 20:56:06.0758 7920 SynTP (bc642d540aedf9a253c74d10c848ebd2) C:\Windows\system32\DRIVERS\SynTP.sys 20:56:06.0781 7920 SynTP - ok 20:56:06.0847 7920 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 20:56:06.0908 7920 SysMain - ok 20:56:06.0940 7920 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 20:56:06.0944 7920 TabletInputService - ok 20:56:06.0975 7920 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 20:56:06.0982 7920 TapiSrv - ok 20:56:07.0009 7920 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 20:56:07.0012 7920 TBS - ok 20:56:07.0106 7920 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 20:56:07.0188 7920 Tcpip - ok 20:56:07.0260 7920 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 20:56:07.0278 7920 TCPIP6 - ok 20:56:07.0325 7920 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 20:56:07.0327 7920 tcpipreg - ok 20:56:07.0352 7920 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 20:56:07.0352 7920 TDPIPE - ok 20:56:07.0383 7920 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 20:56:07.0383 7920 TDTCP - ok 20:56:07.0414 7920 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 20:56:07.0414 7920 tdx - ok 20:56:07.0430 7920 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 20:56:07.0430 7920 TermDD - ok 20:56:07.0508 7920 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 20:56:07.0523 7920 TermService - ok 20:56:07.0555 7920 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 20:56:07.0555 7920 Themes - ok 20:56:07.0586 7920 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 20:56:07.0586 7920 THREADORDER - ok 20:56:07.0617 7920 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 20:56:07.0617 7920 TrkWks - ok 20:56:07.0695 7920 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 20:56:07.0695 7920 TrustedInstaller - ok 20:56:07.0742 7920 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 20:56:07.0742 7920 tssecsrv - ok 20:56:07.0773 7920 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 20:56:07.0773 7920 TsUsbFlt - ok 20:56:07.0789 7920 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 20:56:07.0789 7920 TsUsbGD - ok 20:56:07.0835 7920 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 20:56:07.0835 7920 tunnel - ok 20:56:07.0851 7920 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 20:56:07.0851 7920 uagp35 - ok 20:56:07.0882 7920 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys 20:56:07.0882 7920 UBHelper - ok 20:56:07.0913 7920 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 20:56:07.0913 7920 udfs - ok 20:56:07.0960 7920 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 20:56:07.0960 7920 UI0Detect - ok 20:56:07.0991 7920 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 20:56:07.0991 7920 uliagpkx - ok 20:56:08.0023 7920 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 20:56:08.0023 7920 umbus - ok 20:56:08.0038 7920 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 20:56:08.0038 7920 UmPass - ok 20:56:08.0213 7920 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 20:56:08.0281 7920 UNS - ok 20:56:08.0358 7920 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 20:56:08.0368 7920 upnphost - ok 20:56:08.0416 7920 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 20:56:08.0431 7920 USBAAPL64 - ok 20:56:08.0476 7920 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 20:56:08.0480 7920 usbccgp - ok 20:56:08.0519 7920 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 20:56:08.0523 7920 usbcir - ok 20:56:08.0546 7920 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 20:56:08.0549 7920 usbehci - ok 20:56:08.0582 7920 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 20:56:08.0590 7920 usbhub - ok 20:56:08.0630 7920 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 20:56:08.0633 7920 usbohci - ok 20:56:08.0657 7920 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys 20:56:08.0660 7920 usbprint - ok 20:56:08.0698 7920 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS 20:56:08.0702 7920 USBSTOR - ok 20:56:08.0726 7920 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 20:56:08.0729 7920 usbuhci - ok 20:56:08.0752 7920 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys 20:56:08.0757 7920 usbvideo - ok 20:56:08.0794 7920 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 20:56:08.0798 7920 UxSms - ok 20:56:08.0836 7920 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:56:08.0839 7920 VaultSvc - ok 20:56:08.0867 7920 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 20:56:08.0869 7920 vdrvroot - ok 20:56:08.0921 7920 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 20:56:08.0939 7920 vds - ok 20:56:08.0958 7920 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 20:56:08.0961 7920 vga - ok 20:56:08.0984 7920 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 20:56:08.0987 7920 VgaSave - ok 20:56:09.0003 7920 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 20:56:09.0008 7920 vhdmp - ok 20:56:09.0019 7920 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 20:56:09.0021 7920 viaide - ok 20:56:09.0045 7920 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 20:56:09.0047 7920 volmgr - ok 20:56:09.0073 7920 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 20:56:09.0078 7920 volmgrx - ok 20:56:09.0092 7920 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 20:56:09.0097 7920 volsnap - ok 20:56:09.0138 7920 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 20:56:09.0142 7920 vsmraid - ok 20:56:09.0196 7920 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 20:56:09.0243 7920 VSS - ok 20:56:09.0274 7920 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 20:56:09.0274 7920 vwifibus - ok 20:56:09.0321 7920 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 20:56:09.0321 7920 vwififlt - ok 20:56:09.0367 7920 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 20:56:09.0367 7920 vwifimp - ok 20:56:09.0430 7920 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 20:56:09.0445 7920 W32Time - ok 20:56:09.0461 7920 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 20:56:09.0461 7920 WacomPen - ok 20:56:09.0508 7920 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 20:56:09.0508 7920 WANARP - ok 20:56:09.0523 7920 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 20:56:09.0540 7920 Wanarpv6 - ok 20:56:09.0633 7920 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 20:56:09.0681 7920 WatAdminSvc - ok 20:56:09.0761 7920 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 20:56:09.0816 7920 wbengine - ok 20:56:09.0847 7920 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 20:56:09.0852 7920 WbioSrvc - ok 20:56:09.0883 7920 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 20:56:09.0891 7920 wcncsvc - ok 20:56:09.0911 7920 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 20:56:09.0915 7920 WcsPlugInService - ok 20:56:09.0965 7920 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 20:56:09.0967 7920 Wd - ok 20:56:10.0001 7920 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 20:56:10.0010 7920 Wdf01000 - ok 20:56:10.0048 7920 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 20:56:10.0052 7920 WdiServiceHost - ok 20:56:10.0056 7920 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 20:56:10.0059 7920 WdiSystemHost - ok 20:56:10.0095 7920 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 20:56:10.0101 7920 WebClient - ok 20:56:10.0138 7920 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 20:56:10.0143 7920 Wecsvc - ok 20:56:10.0169 7920 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 20:56:10.0173 7920 wercplsupport - ok 20:56:10.0207 7920 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 20:56:10.0211 7920 WerSvc - ok 20:56:10.0277 7920 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 20:56:10.0279 7920 WfpLwf - ok 20:56:10.0309 7920 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 20:56:10.0312 7920 WIMMount - ok 20:56:10.0365 7920 WinDefend - ok 20:56:10.0376 7920 WinHttpAutoProxySvc - ok 20:56:10.0446 7920 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 20:56:10.0468 7920 Winmgmt - ok 20:56:10.0539 7920 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 20:56:10.0612 7920 WinRM - ok 20:56:10.0690 7920 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 20:56:10.0690 7920 WinUsb - ok 20:56:10.0737 7920 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 20:56:10.0768 7920 Wlansvc - ok 20:56:10.0877 7920 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 20:56:10.0877 7920 wlcrasvc - ok 20:56:10.0955 7920 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 20:56:11.0033 7920 wlidsvc - ok 20:56:11.0158 7920 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 20:56:11.0158 7920 WmiAcpi - ok 20:56:11.0251 7920 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 20:56:11.0251 7920 wmiApSrv - ok 20:56:11.0314 7920 WMPNetworkSvc - ok 20:56:11.0376 7920 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 20:56:11.0392 7920 WPCSvc - ok 20:56:11.0423 7920 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 20:56:11.0423 7920 WPDBusEnum - ok 20:56:11.0470 7920 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 20:56:11.0470 7920 ws2ifsl - ok 20:56:11.0501 7920 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 20:56:11.0501 7920 wscsvc - ok 20:56:11.0517 7920 WSearch - ok 20:56:11.0595 7920 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 20:56:11.0673 7920 wuauserv - ok 20:56:11.0688 7920 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 20:56:11.0688 7920 WudfPf - ok 20:56:11.0719 7920 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 20:56:11.0719 7920 WUDFRd - ok 20:56:11.0751 7920 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 20:56:11.0751 7920 wudfsvc - ok 20:56:11.0782 7920 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 20:56:11.0782 7920 WwanSvc - ok 20:56:11.0829 7920 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 20:56:12.0047 7920 \Device\Harddisk0\DR0 - ok 20:56:12.0063 7920 Boot (0x1200) (ae39d32621eda57325dfca1ed2be6f53) \Device\Harddisk0\DR0\Partition0 20:56:12.0063 7920 \Device\Harddisk0\DR0\Partition0 - ok 20:56:12.0094 7920 Boot (0x1200) (7efb64bbb9520374c8350f3589d9b65e) \Device\Harddisk0\DR0\Partition1 20:56:12.0094 7920 \Device\Harddisk0\DR0\Partition1 - ok 20:56:12.0094 7920 ============================================================ 20:56:12.0094 7920 Scan finished 20:56:12.0094 7920 ============================================================ 20:56:12.0109 8376 Detected object count: 0 20:56:12.0109 8376 Actual detected object count: 0 20:56:36.0092 9076 Deinitialize success aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-04-01 21:05:02 ----------------------------- 21:05:02.370 OS Version: Windows x64 6.1.7601 Service Pack 1 21:05:02.370 Number of processors: 2 586 0x2505 21:05:02.370 ComputerName: JENNY-PC UserName: Jenny 21:05:03.743 Initialize success 21:05:11.263 AVAST engine defs: 12040101 21:05:15.693 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 21:05:15.709 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3 21:05:15.725 Disk 0 MBR read successfully 21:05:15.725 Disk 0 MBR scan 21:05:15.725 Disk 0 Windows 7 default MBR code 21:05:15.740 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048 21:05:15.771 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480 21:05:15.787 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 460454 MB offset 33761280 21:05:15.803 Disk 0 scanning C:\Windows\system32\drivers 21:05:24.585 Service scanning 21:05:56.191 Modules scanning 21:05:56.191 Disk 0 trace - called modules: 21:05:56.238 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 21:05:56.768 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80068b4060] 21:05:56.768 3 CLASSPNP.SYS[fffff88001b9d43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004985050] 21:05:59.186 AVAST engine scan C:\Windows 21:06:02.088 AVAST engine scan C:\Windows\system32 21:09:37.131 AVAST engine scan C:\Windows\system32\drivers 21:10:02.949 AVAST engine scan C:\Users\Jenny 21:11:06.612 Disk 0 MBR has been saved successfully to "C:\Users\Jenny\Desktop\MBR.dat" 21:11:06.612 The log file has been saved successfully to "C:\Users\Jenny\Desktop\aswMBR.txt" MBR.zip

Hello - I found this forum thread, and I am having the same problem. I performed the steps you listed above, and here are the contents of the otl.txt and extras.txt. What should I do next? OTL.txt OTL logfile created on: 3/30/2012 10:30:29 AM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Jenny\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.68 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 71.18% Memory free 7.36 Gb Paging File | 6.12 Gb Available in Paging File | 83.22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 449.66 Gb Total Space | 398.80 Gb Free Space | 88.69% Space Free | Partition Type: NTFS Computer Name: JENNY-PC | User Name: Jenny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012/03/26 14:38:41 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Jenny\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe PRC - [2012/02/03 01:55:28 | 000,296,232 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe PRC - [2012/02/03 01:55:26 | 000,715,048 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe PRC - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/03/20 15:44:42 | 003,140,288 | ---- | M] (Hawkes Learning Systems ) -- C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe PRC - [2011/02/22 11:02:16 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe PRC - [2011/02/22 11:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe PRC - [2011/02/15 12:35:34 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe PRC - [2010/04/13 10:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010/03/17 22:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe ========== Modules (No Company Name) ========== MOD - [2012/02/16 19:30:38 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e940e77e2e8cfd51f723acc172afeeef\IAStorUtil.ni.dll MOD - [2012/02/15 11:24:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012/02/15 11:23:56 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll MOD - [2012/02/15 11:23:48 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll MOD - [2012/02/15 11:23:28 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012/02/15 11:23:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012/02/15 11:23:22 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2012/01/31 20:15:02 | 000,547,112 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\sqlite3.dll MOD - [2011/10/13 19:41:32 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/02/22 11:01:38 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll MOD - [2011/02/22 11:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe MOD - [2011/02/15 12:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/02/22 22:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2011/01/31 14:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service) SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/02/03 01:55:28 | 000,296,232 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv) SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service) SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/04/27 12:31:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/03/31 06:38:36 | 000,352,848 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2011/02/15 12:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/09/27 19:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service) SRV - [2010/06/01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010/04/13 10:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/17 22:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2010/03/17 22:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe -- (HawkesUpdater) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/01/09 02:26:30 | 000,024,360 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\avhips.sys -- (avhips) DRV:64bit: - [2012/01/09 02:26:30 | 000,020,264 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avfsmn.sys -- (avfsmn) DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/04/18 22:51:36 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2011/04/18 22:51:36 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2011/04/18 22:51:36 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2011/03/17 03:42:38 | 002,712,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/09 22:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2011/03/09 22:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2011/03/01 08:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011/01/17 16:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/08 04:32:28 | 001,395,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/09/21 19:47:10 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/07/19 18:10:40 | 010,603,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/02/26 17:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel® DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 19:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406 IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Search Results" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q=" FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jenny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jenny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/02 22:58:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/24 10:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\Mozilla\Extensions [2012/03/24 10:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\1p9nc0u4.default\extensions [2011/12/19 00:32:06 | 000,001,742 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\1p9nc0u4.default\searchplugins\search-the-web.xml [2012/03/24 10:41:03 | 000,002,519 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\1p9nc0u4.default\searchplugins\Search_Results.xml [2012/03/24 10:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/03/16 21:21:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2011/09/29 00:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/03/24 10:41:03 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml ========== Chrome ========== CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=101&systemid=406&sr=0&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Jenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Jenny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: Fancy Gaming Simplifier = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahcaniaehcjkignnobkmdgacafghkplh\2.0.0.1_0\ CHR - Extension: YouTube = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\ CHR - Extension: FB Photo Zoom = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1109.26.1_0\ CHR - Extension: Gmail = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKCU..\Run: [RDReminder] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.123.0.2 129.123.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FE64291-03FE-4746-BFD8-8E11124EF1F4}: DhcpNameServer = 129.123.0.2 129.123.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/03/30 10:29:08 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe [2012/03/29 21:31:48 | 000,024,360 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\avhips.sys [2012/03/29 21:31:48 | 000,020,264 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\avfsmn.sys [2012/03/29 21:31:48 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft [2012/03/29 21:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft [2012/03/29 21:23:23 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{816B3338-A46F-44E2-923D-DB171634FFE7} [2012/03/27 20:44:32 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Malwarebytes [2012/03/27 20:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/03/27 20:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/03/27 20:44:27 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/03/27 20:44:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/03/26 21:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/03/26 21:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/03/26 21:30:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/03/26 21:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/03/24 10:42:26 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\Ilivid Player [2012/03/24 10:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012/03/21 21:43:48 | 000,000,000 | ---D | C] -- C:\FarmVilleBot_2.1 [2012/03/16 21:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java ========== Files - Modified Within 30 Days ========== [2012/03/30 10:29:10 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe [2012/03/30 10:28:53 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3767778522-3456462054-3616011533-1001UA.job [2012/03/30 10:28:52 | 000,002,405 | ---- | M] () -- C:\Users\Jenny\Desktop\Google Chrome.lnk [2012/03/30 10:28:32 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/03/30 10:28:32 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/03/30 10:28:32 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/03/30 10:26:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/03/29 21:43:17 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/03/29 21:43:17 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/03/29 21:35:30 | 2962,255,872 | -HS- | M] () -- C:\hiberfil.sys [2012/03/29 21:31:48 | 000,001,192 | ---- | M] () -- C:\Users\Jenny\Desktop\Anvi Smart Defender.lnk [2012/03/29 21:00:54 | 000,000,241 | ---- | M] () -- C:\Users\Jenny\Documents\bot accounts.rtf [2012/03/29 14:43:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3767778522-3456462054-3616011533-1001Core.job [2012/03/28 10:25:54 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job [2012/03/27 20:44:28 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/03/26 21:30:30 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/03/21 21:44:43 | 000,000,737 | ---- | M] () -- C:\Users\Jenny\Application Data\Microsoft\Internet Explorer\Quick Launch\FarmVilleBot Lite.lnk [2012/03/21 21:44:43 | 000,000,712 | ---- | M] () -- C:\Users\Jenny\Application Data\Microsoft\Internet Explorer\Quick Launch\FarmVilleBot.lnk [2012/03/21 11:58:15 | 000,000,398 | ---- | M] () -- C:\Users\Jenny\Documents\1.2c Properties of Radicals.SAV [2012/03/21 11:39:38 | 000,000,378 | ---- | M] () -- C:\Users\Jenny\Documents\1.2a Properties of Exponents.SAV [2012/03/19 18:39:37 | 000,000,713 | ---- | M] () -- C:\Users\Public\Desktop\FarmVilleBot Lite.lnk [2012/03/19 18:39:37 | 000,000,688 | ---- | M] () -- C:\Users\Public\Desktop\FarmVilleBot.lnk [2012/03/15 00:17:01 | 000,000,195 | ---- | M] () -- C:\Users\Jenny\Documents\hotel conf.rtf [2012/03/14 17:52:55 | 000,283,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/03/08 12:51:22 | 000,208,204 | ---- | M] () -- C:\Users\Jenny\Documents\CVSHApplication.pdf [2012/03/03 22:57:30 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_MONTHLY.job ========== Files Created - No Company Name ========== [2012/03/29 21:31:48 | 000,001,192 | ---- | C] () -- C:\Users\Jenny\Desktop\Anvi Smart Defender.lnk [2012/03/27 20:44:28 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/03/26 21:30:30 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/03/24 21:37:50 | 000,000,241 | ---- | C] () -- C:\Users\Jenny\Documents\bot accounts.rtf [2012/03/21 11:58:15 | 000,000,398 | ---- | C] () -- C:\Users\Jenny\Documents\1.2c Properties of Radicals.SAV [2012/03/21 11:39:38 | 000,000,378 | ---- | C] () -- C:\Users\Jenny\Documents\1.2a Properties of Exponents.SAV [2012/03/15 00:17:01 | 000,000,195 | ---- | C] () -- C:\Users\Jenny\Documents\hotel conf.rtf [2012/03/08 12:20:27 | 000,208,204 | ---- | C] () -- C:\Users\Jenny\Documents\CVSHApplication.pdf [2011/09/13 22:31:20 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/08/12 17:23:35 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011/04/18 23:06:33 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011/04/18 23:06:33 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011/04/18 23:06:33 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011/04/18 23:06:31 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011/04/18 23:06:29 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin ========== LOP Check ========== [2011/09/09 14:35:20 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Barnes & Noble [2012/01/15 13:23:05 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Charles [2011/08/28 21:24:15 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\dll-files.com [2012/01/15 23:54:36 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Namco [2011/09/09 18:00:33 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PowerCinema [2012/03/27 18:56:47 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\SoftGrid Client [2011/09/02 16:19:43 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Temp [2011/09/13 22:32:09 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\TP [2011/08/31 13:18:22 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Windows Live Writer [2012/03/03 22:57:30 | 000,000,272 | ---- | M] () -- C:\Windows\Tasks\DLL-files.com Fixer_MONTHLY.job [2012/03/28 10:25:54 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job [2012/02/07 15:10:54 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txt OTL Extras logfile created on: 3/30/2012 10:30:29 AM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Jenny\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.68 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 71.18% Memory free 7.36 Gb Paging File | 6.12 Gb Available in Paging File | 83.22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 449.66 Gb Total Space | 398.80 Gb Free Space | 88.69% Space Free | Partition Type: NTFS Computer Name: JENNY-PC | User Name: Jenny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt "{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java 7 (64-bit) "{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer "{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java SE Development Kit 7 (64-bit) "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.01 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3 "{11745B8A-E942-4674-B729-39110F5962AA}_is1" = FarmVilleBot 2.2.3.2 "{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = MediaEspresso "{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr "{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4 "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56BA241F-580C-43D2-8403-947241AAE633}" = center "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2) "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi "{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials "{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Anvi Smart Defender" = Anvi Smart Defender RC2 "BN_DesktopReader" = NOOK for PC "Charles_XK72" = Charles "com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader "Dll-Files.com Fixer_is1" = Dll-Files.com Fixer "Doxillion" = Doxillion Document Converter "ExpressZip" = Express Zip File Compression Software "Hawkes Update Service Manager" = Hawkes Update Service Manager "Identity Card" = Identity Card "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam "InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager "InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi "InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000 "Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US) "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Precalculus (Fall 2011 Student)" = Precalculus (Fall 2011 Student) "Scribe" = Express Scribe "WildTangent acer Master Uninstall" = Acer Games "WinLiveSuite" = Windows Live Essentials "WTA-036dc91c-3596-41cf-afb5-8fe9d76b3bfa" = Dora's World Adventure "WTA-10f999da-3c38-4d87-99a6-08e748bc4ba3" = Zuma's Revenge "WTA-2426fbc3-e9a4-4c29-a0e0-0e1d4e09dac2" = Chuzzle Deluxe "WTA-307d684f-8bcc-4503-bd58-e0668db6dcee" = Bejeweled 2 Deluxe "WTA-33f18576-3d19-4dd3-8aed-e5f1426eec54" = Torchlight "WTA-3ad4add0-74f7-4427-af1c-b53fd4ae149e" = Poker Superstars III "WTA-3aec2ce0-a643-49ae-8194-e6c66943a931" = Polar Golfer "WTA-3fee7dc0-7906-4d83-af4b-9082669c7728" = Penguins! "WTA-55a36a0e-cdb4-40e8-8991-ea915b04200d" = Virtual Villagers 4 - The Tree of Life "WTA-5a6d223e-900a-444b-8c22-6305da7969cb" = Agatha Christie - 4:50 from Paddington "WTA-6416da14-ff05-49d1-b29a-b02e570a0151" = Final Drive: Nitro "WTA-7b109e19-a2a7-4b5e-89d9-97cd63d3c014" = Polar Bowler "WTA-925d71b3-6eb9-4e84-832d-7508c57cde5c" = Mystery P.I. - Stolen in San Francisco "WTA-acf2bd08-527f-443b-9b95-0fe1fe832281" = Build-a-lot 2 "WTA-b66be362-fd3d-4611-b53b-23a494960737" = Plants vs. Zombies - Game of the Year "WTA-c31c13b2-3d44-43d5-a9d1-8506d541cea9" = Diner Dash 2 Restaurant Rescue "WTA-dab7998f-5b94-454a-a1c2-5fc158365431" = Jewel Quest Heritage "WTA-e550e22e-d07b-4a1b-8e1a-7f6d371cf0db" = FATE - The Traitor Soul "WTA-f226e527-daaa-41cf-bc32-d211e6ba9153" = Namco All-Stars: PAC-MAN "Zuma's Revenge!" = Zuma's Revenge! ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >