Jump to content

JMayhem


Recommended Posts

Hello - I found this forum thread, and I am having the same problem. I performed the steps you listed above, and here are the contents of the otl.txt and extras.txt. What should I do next?

OTL.txt

OTL logfile created on: 3/30/2012 10:30:29 AM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Jenny\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 71.18% Memory free

7.36 Gb Paging File | 6.12 Gb Available in Paging File | 83.22% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 449.66 Gb Total Space | 398.80 Gb Free Space | 88.69% Space Free | Partition Type: NTFS

Computer Name: JENNY-PC | User Name: Jenny | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --

PRC - [2012/03/26 14:38:41 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Jenny\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe

PRC - [2012/02/03 01:55:28 | 000,296,232 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe

PRC - [2012/02/03 01:55:26 | 000,715,048 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe

PRC - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/03/20 15:44:42 | 003,140,288 | ---- | M] (Hawkes Learning Systems ) -- C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe

PRC - [2011/02/22 11:02:16 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

PRC - [2011/02/22 11:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

PRC - [2011/02/15 12:35:34 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

PRC - [2010/04/13 10:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/03/17 22:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/16 19:30:38 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e940e77e2e8cfd51f723acc172afeeef\IAStorUtil.ni.dll

MOD - [2012/02/15 11:24:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll

MOD - [2012/02/15 11:23:56 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll

MOD - [2012/02/15 11:23:48 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll

MOD - [2012/02/15 11:23:28 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012/02/15 11:23:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2012/02/15 11:23:22 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2012/01/31 20:15:02 | 000,547,112 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\sqlite3.dll

MOD - [2011/10/13 19:41:32 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/02/22 11:01:38 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll

MOD - [2011/02/22 11:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

MOD - [2011/02/15 12:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/22 22:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV:64bit: - [2011/01/31 14:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/02/03 01:55:28 | 000,296,232 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)

SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)

SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/04/27 12:31:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/03/31 06:38:36 | 000,352,848 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)

SRV - [2011/02/15 12:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/09/27 19:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)

SRV - [2010/06/01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)

SRV - [2010/04/13 10:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/17 22:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2010/03/17 22:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe -- (HawkesUpdater)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/01/09 02:26:30 | 000,024,360 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\avhips.sys -- (avhips)

DRV:64bit: - [2012/01/09 02:26:30 | 000,020,264 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avfsmn.sys -- (avfsmn)

DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/04/18 22:51:36 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2011/04/18 22:51:36 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2011/04/18 22:51:36 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2011/03/17 03:42:38 | 002,712,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/09 22:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2011/03/09 22:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2011/03/01 08:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2011/01/17 16:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink

DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/08 04:32:28 | 001,395,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/09/21 19:47:10 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/07/19 18:10:40 | 010,603,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/02/26 17:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406

IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search Results"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q="

FF - prefs.js..browser.search.defaultenginename: "Search Results"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jenny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jenny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/02 22:58:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/24 10:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\Mozilla\Extensions

[2012/03/24 10:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\1p9nc0u4.default\extensions

[2011/12/19 00:32:06 | 000,001,742 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\1p9nc0u4.default\searchplugins\search-the-web.xml

[2012/03/24 10:41:03 | 000,002,519 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\1p9nc0u4.default\searchplugins\Search_Results.xml

[2012/03/24 10:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/03/16 21:21:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION

[2011/09/29 00:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/03/24 10:41:03 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)

CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=101&systemid=406&sr=0&q={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Jenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jenny\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Jenny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - Extension: Fancy Gaming Simplifier = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahcaniaehcjkignnobkmdgacafghkplh\2.0.0.1_0\

CHR - Extension: YouTube = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\

CHR - Extension: FB Photo Zoom = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1109.26.1_0\

CHR - Extension: Gmail = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKCU..\Run: [RDReminder] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.123.0.2 129.123.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FE64291-03FE-4746-BFD8-8E11124EF1F4}: DhcpNameServer = 129.123.0.2 129.123.0.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/30 10:29:08 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe

[2012/03/29 21:31:48 | 000,024,360 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\avhips.sys

[2012/03/29 21:31:48 | 000,020,264 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\avfsmn.sys

[2012/03/29 21:31:48 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft

[2012/03/29 21:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft

[2012/03/29 21:23:23 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{816B3338-A46F-44E2-923D-DB171634FFE7}

[2012/03/27 20:44:32 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Malwarebytes

[2012/03/27 20:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/03/27 20:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/03/27 20:44:27 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/03/27 20:44:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/03/26 21:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/03/26 21:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/03/26 21:30:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/03/26 21:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/03/24 10:42:26 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\Ilivid Player

[2012/03/24 10:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2012/03/21 21:43:48 | 000,000,000 | ---D | C] -- C:\FarmVilleBot_2.1

[2012/03/16 21:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

========== Files - Modified Within 30 Days ==========

[2012/03/30 10:29:10 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe

[2012/03/30 10:28:53 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3767778522-3456462054-3616011533-1001UA.job

[2012/03/30 10:28:52 | 000,002,405 | ---- | M] () -- C:\Users\Jenny\Desktop\Google Chrome.lnk

[2012/03/30 10:28:32 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/03/30 10:28:32 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/03/30 10:28:32 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/03/30 10:26:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/03/29 21:43:17 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/03/29 21:43:17 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/03/29 21:35:30 | 2962,255,872 | -HS- | M] () -- C:\hiberfil.sys

[2012/03/29 21:31:48 | 000,001,192 | ---- | M] () -- C:\Users\Jenny\Desktop\Anvi Smart Defender.lnk

[2012/03/29 21:00:54 | 000,000,241 | ---- | M] () -- C:\Users\Jenny\Documents\bot accounts.rtf

[2012/03/29 14:43:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3767778522-3456462054-3616011533-1001Core.job

[2012/03/28 10:25:54 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job

[2012/03/27 20:44:28 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/26 21:30:30 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/03/21 21:44:43 | 000,000,737 | ---- | M] () -- C:\Users\Jenny\Application Data\Microsoft\Internet Explorer\Quick Launch\FarmVilleBot Lite.lnk

[2012/03/21 21:44:43 | 000,000,712 | ---- | M] () -- C:\Users\Jenny\Application Data\Microsoft\Internet Explorer\Quick Launch\FarmVilleBot.lnk

[2012/03/21 11:58:15 | 000,000,398 | ---- | M] () -- C:\Users\Jenny\Documents\1.2c Properties of Radicals.SAV

[2012/03/21 11:39:38 | 000,000,378 | ---- | M] () -- C:\Users\Jenny\Documents\1.2a Properties of Exponents.SAV

[2012/03/19 18:39:37 | 000,000,713 | ---- | M] () -- C:\Users\Public\Desktop\FarmVilleBot Lite.lnk

[2012/03/19 18:39:37 | 000,000,688 | ---- | M] () -- C:\Users\Public\Desktop\FarmVilleBot.lnk

[2012/03/15 00:17:01 | 000,000,195 | ---- | M] () -- C:\Users\Jenny\Documents\hotel conf.rtf

[2012/03/14 17:52:55 | 000,283,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/03/08 12:51:22 | 000,208,204 | ---- | M] () -- C:\Users\Jenny\Documents\CVSHApplication.pdf

[2012/03/03 22:57:30 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_MONTHLY.job

========== Files Created - No Company Name ==========

[2012/03/29 21:31:48 | 000,001,192 | ---- | C] () -- C:\Users\Jenny\Desktop\Anvi Smart Defender.lnk

[2012/03/27 20:44:28 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/26 21:30:30 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/03/24 21:37:50 | 000,000,241 | ---- | C] () -- C:\Users\Jenny\Documents\bot accounts.rtf

[2012/03/21 11:58:15 | 000,000,398 | ---- | C] () -- C:\Users\Jenny\Documents\1.2c Properties of Radicals.SAV

[2012/03/21 11:39:38 | 000,000,378 | ---- | C] () -- C:\Users\Jenny\Documents\1.2a Properties of Exponents.SAV

[2012/03/15 00:17:01 | 000,000,195 | ---- | C] () -- C:\Users\Jenny\Documents\hotel conf.rtf

[2012/03/08 12:20:27 | 000,208,204 | ---- | C] () -- C:\Users\Jenny\Documents\CVSHApplication.pdf

[2011/09/13 22:31:20 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/08/12 17:23:35 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2011/04/18 23:06:33 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2011/04/18 23:06:33 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2011/04/18 23:06:33 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2011/04/18 23:06:31 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

[2011/04/18 23:06:29 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

========== LOP Check ==========

[2011/09/09 14:35:20 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Barnes & Noble

[2012/01/15 13:23:05 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Charles

[2011/08/28 21:24:15 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\dll-files.com

[2012/01/15 23:54:36 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Namco

[2011/09/09 18:00:33 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PowerCinema

[2012/03/27 18:56:47 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\SoftGrid Client

[2011/09/02 16:19:43 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Temp

[2011/09/13 22:32:09 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\TP

[2011/08/31 13:18:22 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Windows Live Writer

[2012/03/03 22:57:30 | 000,000,272 | ---- | M] () -- C:\Windows\Tasks\DLL-files.com Fixer_MONTHLY.job

[2012/03/28 10:25:54 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job

[2012/02/07 15:10:54 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Extras.txt

OTL Extras logfile created on: 3/30/2012 10:30:29 AM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Jenny\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 71.18% Memory free

7.36 Gb Paging File | 6.12 Gb Available in Paging File | 83.22% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 449.66 Gb Total Space | 398.80 Gb Free Space | 88.69% Space Free | Partition Type: NTFS

Computer Name: JENNY-PC | User Name: Jenny | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt

"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder

"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java 7 (64-bit)

"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer

"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java SE Development Kit 7 (64-bit)

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3

"{11745B8A-E942-4674-B729-39110F5962AA}_is1" = FarmVilleBot 2.2.3.2

"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = MediaEspresso

"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr

"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup

"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{56BA241F-580C-43D2-8403-947241AAE633}" = center

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi

"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials

"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr

"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide

"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Adobe AIR" = Adobe AIR

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Anvi Smart Defender" = Anvi Smart Defender RC2

"BN_DesktopReader" = NOOK for PC

"Charles_XK72" = Charles

"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader

"Dll-Files.com Fixer_is1" = Dll-Files.com Fixer

"Doxillion" = Doxillion Document Converter

"ExpressZip" = Express Zip File Compression Software

"Hawkes Update Service Manager" = Hawkes Update Service Manager

"Identity Card" = Identity Card

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam

"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager

"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite

"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi

"InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso

"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Precalculus (Fall 2011 Student)" = Precalculus (Fall 2011 Student)

"Scribe" = Express Scribe

"WildTangent acer Master Uninstall" = Acer Games

"WinLiveSuite" = Windows Live Essentials

"WTA-036dc91c-3596-41cf-afb5-8fe9d76b3bfa" = Dora's World Adventure

"WTA-10f999da-3c38-4d87-99a6-08e748bc4ba3" = Zuma's Revenge

"WTA-2426fbc3-e9a4-4c29-a0e0-0e1d4e09dac2" = Chuzzle Deluxe

"WTA-307d684f-8bcc-4503-bd58-e0668db6dcee" = Bejeweled 2 Deluxe

"WTA-33f18576-3d19-4dd3-8aed-e5f1426eec54" = Torchlight

"WTA-3ad4add0-74f7-4427-af1c-b53fd4ae149e" = Poker Superstars III

"WTA-3aec2ce0-a643-49ae-8194-e6c66943a931" = Polar Golfer

"WTA-3fee7dc0-7906-4d83-af4b-9082669c7728" = Penguins!

"WTA-55a36a0e-cdb4-40e8-8991-ea915b04200d" = Virtual Villagers 4 - The Tree of Life

"WTA-5a6d223e-900a-444b-8c22-6305da7969cb" = Agatha Christie - 4:50 from Paddington

"WTA-6416da14-ff05-49d1-b29a-b02e570a0151" = Final Drive: Nitro

"WTA-7b109e19-a2a7-4b5e-89d9-97cd63d3c014" = Polar Bowler

"WTA-925d71b3-6eb9-4e84-832d-7508c57cde5c" = Mystery P.I. - Stolen in San Francisco

"WTA-acf2bd08-527f-443b-9b95-0fe1fe832281" = Build-a-lot 2

"WTA-b66be362-fd3d-4611-b53b-23a494960737" = Plants vs. Zombies - Game of the Year

"WTA-c31c13b2-3d44-43d5-a9d1-8506d541cea9" = Diner Dash 2 Restaurant Rescue

"WTA-dab7998f-5b94-454a-a1c2-5fc158365431" = Jewel Quest Heritage

"WTA-e550e22e-d07b-4a1b-8e1a-7f6d371cf0db" = FATE - The Traitor Soul

"WTA-f226e527-daaa-41cf-bc32-d211e6ba9153" = Namco All-Stars: PAC-MAN

"Zuma's Revenge!" = Zuma's Revenge!

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Link to post
Share on other sites

  • Staff

Hi,

Please do the following:

Please download TDSSKiller.zip

  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
    • Then click Continue > Reboot now

    [*]Copy and paste the log in your next reply

    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

NEXT

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Link to post
Share on other sites

Thank you, here are the files copied & pasted, and the MBR.dat attached

20:55:20.0143 7736 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

20:55:20.0620 7736 ============================================================

20:55:20.0620 7736 Current date / time: 2012/04/01 20:55:20.0620

20:55:20.0620 7736 SystemInfo:

20:55:20.0620 7736

20:55:20.0621 7736 OS Version: 6.1.7601 ServicePack: 1.0

20:55:20.0621 7736 Product type: Workstation

20:55:20.0621 7736 ComputerName: JENNY-PC

20:55:20.0621 7736 UserName: Jenny

20:55:20.0621 7736 Windows directory: C:\Windows

20:55:20.0621 7736 System windows directory: C:\Windows

20:55:20.0621 7736 Running under WOW64

20:55:20.0621 7736 Processor architecture: Intel x64

20:55:20.0621 7736 Number of processors: 2

20:55:20.0621 7736 Page size: 0x1000

20:55:20.0621 7736 Boot type: Normal boot

20:55:20.0621 7736 ============================================================

20:55:21.0240 7736 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:55:21.0256 7736 \Device\Harddisk0\DR0:

20:55:21.0256 7736 MBR used

20:55:21.0256 7736 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000

20:55:21.0256 7736 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x38353000

20:55:21.0287 7736 Initialize success

20:55:21.0287 7736 ============================================================

20:55:43.0136 7920 ============================================================

20:55:43.0136 7920 Scan started

20:55:43.0136 7920 Mode: Manual; TDLFS;

20:55:43.0136 7920 ============================================================

20:55:43.0817 7920 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

20:55:43.0817 7920 1394ohci - ok

20:55:43.0864 7920 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

20:55:43.0864 7920 ACPI - ok

20:55:43.0895 7920 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

20:55:43.0895 7920 AcpiPmi - ok

20:55:44.0005 7920 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

20:55:44.0005 7920 AdobeARMservice - ok

20:55:44.0161 7920 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

20:55:44.0176 7920 adp94xx - ok

20:55:44.0223 7920 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

20:55:44.0239 7920 adpahci - ok

20:55:44.0270 7920 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

20:55:44.0270 7920 adpu320 - ok

20:55:44.0317 7920 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

20:55:44.0317 7920 AeLookupSvc - ok

20:55:44.0379 7920 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

20:55:44.0395 7920 AFD - ok

20:55:44.0457 7920 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

20:55:44.0457 7920 agp440 - ok

20:55:44.0504 7920 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

20:55:44.0504 7920 ALG - ok

20:55:44.0535 7920 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

20:55:44.0535 7920 aliide - ok

20:55:44.0566 7920 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

20:55:44.0566 7920 amdide - ok

20:55:44.0597 7920 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

20:55:44.0597 7920 AmdK8 - ok

20:55:44.0613 7920 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

20:55:44.0613 7920 AmdPPM - ok

20:55:44.0660 7920 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

20:55:44.0675 7920 amdsata - ok

20:55:44.0691 7920 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

20:55:44.0691 7920 amdsbs - ok

20:55:44.0722 7920 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

20:55:44.0722 7920 amdxata - ok

20:55:44.0753 7920 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

20:55:44.0753 7920 AppID - ok

20:55:44.0785 7920 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

20:55:44.0800 7920 AppIDSvc - ok

20:55:44.0816 7920 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

20:55:44.0816 7920 Appinfo - ok

20:55:44.0925 7920 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:55:44.0941 7920 Apple Mobile Device - ok

20:55:45.0050 7920 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

20:55:45.0050 7920 arc - ok

20:55:45.0081 7920 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

20:55:45.0081 7920 arcsas - ok

20:55:45.0159 7920 asdsrv (2be4aa54c7728b7a432713961b09fa89) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe

20:55:45.0237 7920 asdsrv - ok

20:55:45.0315 7920 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

20:55:45.0315 7920 AsyncMac - ok

20:55:45.0346 7920 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

20:55:45.0346 7920 atapi - ok

20:55:45.0471 7920 athr (cc406da84e7dd3fa3ad20340dbc66cf2) C:\Windows\system32\DRIVERS\athrx.sys

20:55:45.0565 7920 athr - ok

20:55:45.0674 7920 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:55:45.0689 7920 AudioEndpointBuilder - ok

20:55:45.0705 7920 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:55:45.0705 7920 AudioSrv - ok

20:55:45.0861 7920 avfsmn (7f5ea096d5edbaa9caeedf07dfae65da) C:\Windows\system32\DRIVERS\avfsmn.sys

20:55:45.0892 7920 avfsmn - ok

20:55:46.0173 7920 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

20:55:46.0309 7920 AVGIDSAgent - ok

20:55:46.0451 7920 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

20:55:46.0455 7920 AVGIDSDriver - ok

20:55:46.0490 7920 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

20:55:46.0493 7920 AVGIDSEH - ok

20:55:46.0511 7920 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

20:55:46.0514 7920 AVGIDSFilter - ok

20:55:46.0549 7920 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys

20:55:46.0556 7920 Avgldx64 - ok

20:55:46.0604 7920 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys

20:55:46.0607 7920 Avgmfx64 - ok

20:55:46.0684 7920 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys

20:55:46.0687 7920 Avgrkx64 - ok

20:55:46.0729 7920 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys

20:55:46.0738 7920 Avgtdia - ok

20:55:46.0962 7920 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

20:55:46.0967 7920 avgwd - ok

20:55:47.0047 7920 avhips (e0edb0f31b9755fb8f8017f3326de033) C:\Windows\system32\DRIVERS\avhips.sys

20:55:47.0062 7920 avhips - ok

20:55:47.0094 7920 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

20:55:47.0097 7920 AxInstSV - ok

20:55:47.0140 7920 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

20:55:47.0148 7920 b06bdrv - ok

20:55:47.0186 7920 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

20:55:47.0192 7920 b57nd60a - ok

20:55:47.0338 7920 BCM43XX (85111026f1c5a1c4cce3697f0da7bc1a) C:\Windows\system32\DRIVERS\bcmwl664.sys

20:55:47.0449 7920 BCM43XX - ok

20:55:47.0481 7920 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

20:55:47.0496 7920 BDESVC - ok

20:55:47.0548 7920 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

20:55:47.0549 7920 Beep - ok

20:55:47.0607 7920 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

20:55:47.0621 7920 BFE - ok

20:55:47.0710 7920 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

20:55:47.0745 7920 BITS - ok

20:55:47.0964 7920 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

20:55:47.0966 7920 blbdrive - ok

20:55:48.0105 7920 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

20:55:48.0115 7920 Bonjour Service - ok

20:55:48.0260 7920 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

20:55:48.0264 7920 bowser - ok

20:55:48.0410 7920 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

20:55:48.0412 7920 BrFiltLo - ok

20:55:48.0654 7920 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

20:55:48.0657 7920 BrFiltUp - ok

20:55:48.0754 7920 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

20:55:48.0758 7920 Browser - ok

20:55:48.0823 7920 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

20:55:48.0831 7920 Brserid - ok

20:55:48.0846 7920 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

20:55:48.0850 7920 BrSerWdm - ok

20:55:48.0861 7920 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:55:48.0864 7920 BrUsbMdm - ok

20:55:48.0876 7920 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

20:55:48.0878 7920 BrUsbSer - ok

20:55:48.0890 7920 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

20:55:48.0893 7920 BTHMODEM - ok

20:55:48.0930 7920 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

20:55:48.0932 7920 bthserv - ok

20:55:48.0985 7920 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

20:55:48.0989 7920 cdfs - ok

20:55:49.0107 7920 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

20:55:49.0111 7920 cdrom - ok

20:55:49.0205 7920 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:55:49.0208 7920 CertPropSvc - ok

20:55:49.0257 7920 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

20:55:49.0260 7920 circlass - ok

20:55:49.0364 7920 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

20:55:49.0364 7920 CLFS - ok

20:55:49.0442 7920 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:55:49.0442 7920 clr_optimization_v2.0.50727_32 - ok

20:55:49.0473 7920 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:55:49.0473 7920 clr_optimization_v2.0.50727_64 - ok

20:55:49.0614 7920 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:55:49.0614 7920 clr_optimization_v4.0.30319_32 - ok

20:55:49.0645 7920 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:55:49.0645 7920 clr_optimization_v4.0.30319_64 - ok

20:55:49.0739 7920 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

20:55:49.0739 7920 CmBatt - ok

20:55:49.0770 7920 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

20:55:49.0770 7920 cmdide - ok

20:55:49.0879 7920 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

20:55:49.0895 7920 CNG - ok

20:55:49.0941 7920 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

20:55:49.0941 7920 Compbatt - ok

20:55:49.0973 7920 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

20:55:49.0973 7920 CompositeBus - ok

20:55:50.0004 7920 COMSysApp - ok

20:55:50.0019 7920 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

20:55:50.0035 7920 crcdisk - ok

20:55:50.0144 7920 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

20:55:50.0144 7920 CryptSvc - ok

20:55:50.0300 7920 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

20:55:50.0316 7920 cvhsvc - ok

20:55:50.0425 7920 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:55:50.0441 7920 DcomLaunch - ok

20:55:50.0472 7920 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

20:55:50.0472 7920 defragsvc - ok

20:55:50.0534 7920 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

20:55:50.0534 7920 DfsC - ok

20:55:50.0597 7920 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

20:55:50.0597 7920 Dhcp - ok

20:55:50.0706 7920 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

20:55:50.0706 7920 discache - ok

20:55:50.0799 7920 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

20:55:50.0799 7920 Disk - ok

20:55:50.0862 7920 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

20:55:50.0862 7920 Dnscache - ok

20:55:50.0909 7920 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

20:55:50.0924 7920 dot3svc - ok

20:55:50.0955 7920 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

20:55:50.0955 7920 DPS - ok

20:55:51.0080 7920 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

20:55:51.0080 7920 drmkaud - ok

20:55:51.0174 7920 DsiWMIService (32c2cd16dc801aef9edaafea0dbd769e) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

20:55:51.0189 7920 DsiWMIService - ok

20:55:51.0314 7920 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

20:55:51.0345 7920 DXGKrnl - ok

20:55:51.0392 7920 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

20:55:51.0392 7920 EapHost - ok

20:55:51.0517 7920 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

20:55:51.0616 7920 ebdrv - ok

20:55:51.0714 7920 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

20:55:51.0719 7920 EFS - ok

20:55:51.0804 7920 EgisTec Ticket Service (03e6888da1a85acf14ac2a3c328a9e62) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

20:55:51.0809 7920 EgisTec Ticket Service - ok

20:55:51.0882 7920 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

20:55:51.0900 7920 ehRecvr - ok

20:55:51.0949 7920 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

20:55:51.0953 7920 ehSched - ok

20:55:52.0030 7920 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

20:55:52.0040 7920 elxstor - ok

20:55:52.0191 7920 ePowerSvc (eb1c213a8550f066b2ccc29c9f41e2ae) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

20:55:52.0222 7920 ePowerSvc - ok

20:55:52.0325 7920 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

20:55:52.0327 7920 ErrDev - ok

20:55:52.0441 7920 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

20:55:52.0450 7920 EventSystem - ok

20:55:52.0508 7920 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

20:55:52.0513 7920 exfat - ok

20:55:52.0545 7920 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

20:55:52.0561 7920 fastfat - ok

20:55:52.0670 7920 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

20:55:52.0698 7920 Fax - ok

20:55:52.0745 7920 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

20:55:52.0748 7920 fdc - ok

20:55:52.0785 7920 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

20:55:52.0788 7920 fdPHost - ok

20:55:52.0808 7920 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

20:55:52.0811 7920 FDResPub - ok

20:55:52.0855 7920 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

20:55:52.0858 7920 FileInfo - ok

20:55:52.0889 7920 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

20:55:52.0892 7920 Filetrace - ok

20:55:53.0011 7920 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

20:55:53.0026 7920 FLEXnet Licensing Service - ok

20:55:53.0114 7920 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

20:55:53.0117 7920 flpydisk - ok

20:55:53.0151 7920 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

20:55:53.0158 7920 FltMgr - ok

20:55:53.0227 7920 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

20:55:53.0262 7920 FontCache - ok

20:55:53.0348 7920 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:55:53.0348 7920 FontCache3.0.0.0 - ok

20:55:53.0410 7920 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

20:55:53.0410 7920 FsDepends - ok

20:55:53.0442 7920 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

20:55:53.0442 7920 Fs_Rec - ok

20:55:53.0473 7920 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

20:55:53.0488 7920 fvevol - ok

20:55:53.0520 7920 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

20:55:53.0520 7920 gagp30kx - ok

20:55:53.0691 7920 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

20:55:53.0707 7920 GamesAppService - ok

20:55:53.0816 7920 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:55:53.0832 7920 GEARAspiWDM - ok

20:55:53.0910 7920 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

20:55:53.0941 7920 gpsvc - ok

20:55:54.0066 7920 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

20:55:54.0066 7920 GREGService - ok

20:55:54.0159 7920 HawkesUpdater (4635935fc972c582632bf45c26bfcb0e) C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe

20:55:54.0175 7920 HawkesUpdater - ok

20:55:54.0284 7920 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

20:55:54.0284 7920 hcw85cir - ok

20:55:54.0346 7920 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

20:55:54.0346 7920 HdAudAddService - ok

20:55:54.0409 7920 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

20:55:54.0409 7920 HDAudBus - ok

20:55:54.0471 7920 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\drivers\HECIx64.sys

20:55:54.0471 7920 HECIx64 - ok

20:55:54.0502 7920 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

20:55:54.0502 7920 HidBatt - ok

20:55:54.0518 7920 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

20:55:54.0534 7920 HidBth - ok

20:55:54.0534 7920 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

20:55:54.0549 7920 HidIr - ok

20:55:54.0586 7920 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

20:55:54.0589 7920 hidserv - ok

20:55:54.0667 7920 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

20:55:54.0669 7920 HidUsb - ok

20:55:54.0705 7920 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

20:55:54.0710 7920 hkmsvc - ok

20:55:54.0740 7920 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

20:55:54.0748 7920 HomeGroupListener - ok

20:55:54.0790 7920 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

20:55:54.0797 7920 HomeGroupProvider - ok

20:55:54.0868 7920 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

20:55:54.0872 7920 HpSAMD - ok

20:55:54.0930 7920 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

20:55:54.0963 7920 HTTP - ok

20:55:54.0987 7920 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

20:55:54.0990 7920 hwpolicy - ok

20:55:55.0032 7920 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

20:55:55.0036 7920 i8042prt - ok

20:55:55.0084 7920 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\drivers\iaStor.sys

20:55:55.0091 7920 iaStor - ok

20:55:55.0208 7920 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

20:55:55.0211 7920 IAStorDataMgrSvc - ok

20:55:55.0305 7920 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

20:55:55.0314 7920 iaStorV - ok

20:55:55.0417 7920 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:55:55.0451 7920 idsvc - ok

20:55:55.0767 7920 igfx (31569a2e836c12014148bf7342716946) C:\Windows\system32\DRIVERS\igdkmd64.sys

20:55:56.0016 7920 igfx - ok

20:55:56.0079 7920 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

20:55:56.0094 7920 iirsp - ok

20:55:56.0141 7920 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

20:55:56.0172 7920 IKEEXT - ok

20:55:56.0281 7920 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

20:55:56.0281 7920 Impcd - ok

20:55:56.0422 7920 IntcAzAudAddService (650d06e28a43e365a01ec4ee0946fc24) C:\Windows\system32\drivers\RTKVHD64.sys

20:55:56.0531 7920 IntcAzAudAddService - ok

20:55:56.0593 7920 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

20:55:56.0593 7920 intelide - ok

20:55:56.0640 7920 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

20:55:56.0656 7920 intelppm - ok

20:55:56.0671 7920 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

20:55:56.0687 7920 IPBusEnum - ok

20:55:56.0703 7920 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:55:56.0703 7920 IpFilterDriver - ok

20:55:56.0734 7920 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

20:55:56.0749 7920 iphlpsvc - ok

20:55:56.0765 7920 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

20:55:56.0765 7920 IPMIDRV - ok

20:55:56.0765 7920 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

20:55:56.0781 7920 IPNAT - ok

20:55:56.0921 7920 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe

20:55:56.0952 7920 iPod Service - ok

20:55:56.0999 7920 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

20:55:56.0999 7920 IRENUM - ok

20:55:57.0015 7920 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

20:55:57.0015 7920 isapnp - ok

20:55:57.0046 7920 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

20:55:57.0046 7920 iScsiPrt - ok

20:55:57.0093 7920 k57nd60a (0469bff65bbdee9e46d0c45ee32a08bd) C:\Windows\system32\DRIVERS\k57nd60a.sys

20:55:57.0108 7920 k57nd60a - ok

20:55:57.0139 7920 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

20:55:57.0139 7920 kbdclass - ok

20:55:57.0171 7920 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

20:55:57.0171 7920 kbdhid - ok

20:55:57.0202 7920 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:55:57.0217 7920 KeyIso - ok

20:55:57.0342 7920 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

20:55:57.0358 7920 Kodak AiO Network Discovery Service - ok

20:55:57.0373 7920 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

20:55:57.0373 7920 KSecDD - ok

20:55:57.0389 7920 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

20:55:57.0405 7920 KSecPkg - ok

20:55:57.0451 7920 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

20:55:57.0451 7920 ksthunk - ok

20:55:57.0498 7920 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

20:55:57.0514 7920 KtmRm - ok

20:55:57.0565 7920 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

20:55:57.0572 7920 LanmanServer - ok

20:55:57.0617 7920 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

20:55:57.0622 7920 LanmanWorkstation - ok

20:55:57.0690 7920 Live Updater Service (6bcee9c766815bfff89de7d81af34ce1) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

20:55:57.0696 7920 Live Updater Service - ok

20:55:57.0769 7920 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

20:55:57.0772 7920 lltdio - ok

20:55:57.0816 7920 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

20:55:57.0825 7920 lltdsvc - ok

20:55:57.0853 7920 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

20:55:57.0857 7920 lmhosts - ok

20:55:57.0962 7920 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

20:55:57.0968 7920 LMS - ok

20:55:58.0013 7920 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

20:55:58.0017 7920 LSI_FC - ok

20:55:58.0030 7920 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

20:55:58.0034 7920 LSI_SAS - ok

20:55:58.0046 7920 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

20:55:58.0049 7920 LSI_SAS2 - ok

20:55:58.0061 7920 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

20:55:58.0064 7920 LSI_SCSI - ok

20:55:58.0103 7920 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

20:55:58.0106 7920 luafv - ok

20:55:58.0150 7920 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

20:55:58.0154 7920 Mcx2Svc - ok

20:55:58.0164 7920 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

20:55:58.0166 7920 megasas - ok

20:55:58.0201 7920 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

20:55:58.0206 7920 MegaSR - ok

20:55:58.0226 7920 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:55:58.0229 7920 MMCSS - ok

20:55:58.0240 7920 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

20:55:58.0242 7920 Modem - ok

20:55:58.0258 7920 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

20:55:58.0260 7920 monitor - ok

20:55:58.0285 7920 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

20:55:58.0287 7920 mouclass - ok

20:55:58.0313 7920 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

20:55:58.0315 7920 mouhid - ok

20:55:58.0370 7920 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

20:55:58.0374 7920 mountmgr - ok

20:55:58.0401 7920 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

20:55:58.0405 7920 mpio - ok

20:55:58.0427 7920 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

20:55:58.0430 7920 mpsdrv - ok

20:55:58.0477 7920 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

20:55:58.0491 7920 MpsSvc - ok

20:55:58.0502 7920 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

20:55:58.0505 7920 MRxDAV - ok

20:55:58.0535 7920 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:55:58.0538 7920 mrxsmb - ok

20:55:58.0579 7920 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:55:58.0584 7920 mrxsmb10 - ok

20:55:58.0598 7920 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:55:58.0602 7920 mrxsmb20 - ok

20:55:58.0612 7920 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

20:55:58.0614 7920 msahci - ok

20:55:58.0640 7920 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

20:55:58.0644 7920 msdsm - ok

20:55:58.0662 7920 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

20:55:58.0667 7920 MSDTC - ok

20:55:58.0691 7920 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

20:55:58.0693 7920 Msfs - ok

20:55:58.0717 7920 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

20:55:58.0719 7920 mshidkmdf - ok

20:55:58.0737 7920 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

20:55:58.0739 7920 msisadrv - ok

20:55:58.0787 7920 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

20:55:58.0792 7920 MSiSCSI - ok

20:55:58.0800 7920 msiserver - ok

20:55:58.0827 7920 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

20:55:58.0830 7920 MSKSSRV - ok

20:55:58.0863 7920 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

20:55:58.0865 7920 MSPCLOCK - ok

20:55:58.0882 7920 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

20:55:58.0884 7920 MSPQM - ok

20:55:58.0910 7920 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

20:55:58.0917 7920 MsRPC - ok

20:55:58.0940 7920 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

20:55:58.0942 7920 mssmbios - ok

20:55:58.0961 7920 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

20:55:58.0963 7920 MSTEE - ok

20:55:58.0976 7920 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

20:55:58.0978 7920 MTConfig - ok

20:55:58.0998 7920 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

20:55:59.0001 7920 Mup - ok

20:55:59.0035 7920 mwlPSDFilter (9b1eac6faf6f37305e822f5588dc8056) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

20:55:59.0037 7920 mwlPSDFilter - ok

20:55:59.0057 7920 mwlPSDNServ (ad55c1524b296280ed9c6e0d730d35da) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

20:55:59.0059 7920 mwlPSDNServ - ok

20:55:59.0079 7920 mwlPSDVDisk (2b599e6ec8843637bdd62e7f8f3ba201) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

20:55:59.0082 7920 mwlPSDVDisk - ok

20:55:59.0126 7920 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

20:55:59.0135 7920 napagent - ok

20:55:59.0179 7920 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

20:55:59.0184 7920 NativeWifiP - ok

20:55:59.0256 7920 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

20:55:59.0291 7920 NDIS - ok

20:55:59.0313 7920 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

20:55:59.0316 7920 NdisCap - ok

20:55:59.0346 7920 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

20:55:59.0346 7920 NdisTapi - ok

20:55:59.0378 7920 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

20:55:59.0378 7920 Ndisuio - ok

20:55:59.0393 7920 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

20:55:59.0393 7920 NdisWan - ok

20:55:59.0424 7920 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

20:55:59.0424 7920 NDProxy - ok

20:55:59.0440 7920 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

20:55:59.0440 7920 NetBIOS - ok

20:55:59.0471 7920 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

20:55:59.0471 7920 NetBT - ok

20:55:59.0525 7920 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:55:59.0527 7920 Netlogon - ok

20:55:59.0592 7920 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

20:55:59.0601 7920 Netman - ok

20:55:59.0619 7920 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

20:55:59.0632 7920 netprofm - ok

20:55:59.0720 7920 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:55:59.0724 7920 NetTcpPortSharing - ok

20:55:59.0807 7920 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

20:55:59.0810 7920 nfrd960 - ok

20:55:59.0884 7920 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

20:55:59.0893 7920 NlaSvc - ok

20:56:00.0027 7920 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

20:56:00.0104 7920 NOBU - ok

20:56:00.0259 7920 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

20:56:00.0261 7920 Npfs - ok

20:56:00.0331 7920 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

20:56:00.0334 7920 nsi - ok

20:56:00.0362 7920 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

20:56:00.0364 7920 nsiproxy - ok

20:56:00.0453 7920 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

20:56:00.0498 7920 Ntfs - ok

20:56:00.0571 7920 NTI IScheduleSvc (773eed20bbf50809437373c0285bfa5e) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

20:56:00.0634 7920 NTI IScheduleSvc - ok

20:56:00.0774 7920 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys

20:56:00.0774 7920 NTIDrvr - ok

20:56:00.0821 7920 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

20:56:00.0821 7920 Null - ok

20:56:00.0868 7920 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

20:56:00.0868 7920 nvraid - ok

20:56:00.0914 7920 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

20:56:00.0914 7920 nvstor - ok

20:56:00.0946 7920 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

20:56:00.0946 7920 nv_agp - ok

20:56:00.0961 7920 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

20:56:00.0977 7920 ohci1394 - ok

20:56:01.0102 7920 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:56:01.0117 7920 ose - ok

20:56:01.0289 7920 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

20:56:01.0414 7920 osppsvc - ok

20:56:01.0585 7920 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:56:01.0585 7920 p2pimsvc - ok

20:56:01.0671 7920 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

20:56:01.0682 7920 p2psvc - ok

20:56:01.0713 7920 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

20:56:01.0717 7920 Parport - ok

20:56:01.0740 7920 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

20:56:01.0744 7920 partmgr - ok

20:56:01.0834 7920 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

20:56:01.0840 7920 PcaSvc - ok

20:56:01.0894 7920 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

20:56:01.0899 7920 pci - ok

20:56:01.0920 7920 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

20:56:01.0923 7920 pciide - ok

20:56:01.0941 7920 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

20:56:01.0947 7920 pcmcia - ok

20:56:01.0984 7920 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

20:56:01.0987 7920 pcw - ok

20:56:02.0041 7920 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

20:56:02.0058 7920 PEAUTH - ok

20:56:02.0205 7920 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

20:56:02.0209 7920 PerfHost - ok

20:56:02.0309 7920 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

20:56:02.0356 7920 pla - ok

20:56:02.0440 7920 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

20:56:02.0451 7920 PlugPlay - ok

20:56:02.0501 7920 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

20:56:02.0506 7920 PNRPAutoReg - ok

20:56:02.0533 7920 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:56:02.0540 7920 PNRPsvc - ok

20:56:02.0591 7920 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

20:56:02.0602 7920 PolicyAgent - ok

20:56:02.0632 7920 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

20:56:02.0639 7920 Power - ok

20:56:02.0689 7920 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

20:56:02.0693 7920 PptpMiniport - ok

20:56:02.0725 7920 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

20:56:02.0728 7920 Processor - ok

20:56:02.0755 7920 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

20:56:02.0762 7920 ProfSvc - ok

20:56:02.0804 7920 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:56:02.0807 7920 ProtectedStorage - ok

20:56:02.0839 7920 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

20:56:02.0844 7920 Psched - ok

20:56:02.0902 7920 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

20:56:02.0949 7920 ql2300 - ok

20:56:02.0962 7920 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

20:56:02.0967 7920 ql40xx - ok

20:56:02.0990 7920 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

20:56:02.0994 7920 QWAVE - ok

20:56:03.0013 7920 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

20:56:03.0015 7920 QWAVEdrv - ok

20:56:03.0024 7920 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

20:56:03.0026 7920 RasAcd - ok

20:56:03.0059 7920 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:56:03.0062 7920 RasAgileVpn - ok

20:56:03.0090 7920 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

20:56:03.0094 7920 RasAuto - ok

20:56:03.0114 7920 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:56:03.0117 7920 Rasl2tp - ok

20:56:03.0151 7920 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

20:56:03.0158 7920 RasMan - ok

20:56:03.0193 7920 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

20:56:03.0195 7920 RasPppoe - ok

20:56:03.0217 7920 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

20:56:03.0219 7920 RasSstp - ok

20:56:03.0240 7920 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

20:56:03.0245 7920 rdbss - ok

20:56:03.0267 7920 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

20:56:03.0269 7920 rdpbus - ok

20:56:03.0299 7920 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:56:03.0301 7920 RDPCDD - ok

20:56:03.0334 7920 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

20:56:03.0336 7920 RDPENCDD - ok

20:56:03.0360 7920 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

20:56:03.0362 7920 RDPREFMP - ok

20:56:03.0408 7920 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

20:56:03.0414 7920 RDPWD - ok

20:56:03.0476 7920 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

20:56:03.0482 7920 rdyboost - ok

20:56:03.0516 7920 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

20:56:03.0521 7920 RemoteAccess - ok

20:56:03.0550 7920 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

20:56:03.0557 7920 RemoteRegistry - ok

20:56:03.0578 7920 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

20:56:03.0583 7920 RpcEptMapper - ok

20:56:03.0617 7920 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

20:56:03.0621 7920 RpcLocator - ok

20:56:03.0652 7920 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:56:03.0661 7920 RpcSs - ok

20:56:03.0749 7920 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

20:56:03.0752 7920 rspndr - ok

20:56:03.0824 7920 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\Windows\System32\Drivers\RtsUStor.sys

20:56:03.0831 7920 RSUSBSTOR - ok

20:56:03.0870 7920 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:56:03.0873 7920 SamSs - ok

20:56:03.0927 7920 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

20:56:03.0931 7920 sbp2port - ok

20:56:03.0986 7920 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

20:56:03.0991 7920 SCardSvr - ok

20:56:04.0056 7920 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

20:56:04.0059 7920 scfilter - ok

20:56:04.0192 7920 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

20:56:04.0223 7920 Schedule - ok

20:56:04.0255 7920 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:56:04.0255 7920 SCPolicySvc - ok

20:56:04.0301 7920 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

20:56:04.0317 7920 SDRSVC - ok

20:56:04.0405 7920 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

20:56:04.0408 7920 secdrv - ok

20:56:04.0454 7920 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

20:56:04.0460 7920 seclogon - ok

20:56:04.0488 7920 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

20:56:04.0494 7920 SENS - ok

20:56:04.0520 7920 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

20:56:04.0524 7920 SensrSvc - ok

20:56:04.0589 7920 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

20:56:04.0592 7920 Serenum - ok

20:56:04.0619 7920 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

20:56:04.0624 7920 Serial - ok

20:56:04.0649 7920 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

20:56:04.0651 7920 sermouse - ok

20:56:04.0721 7920 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

20:56:04.0727 7920 SessionEnv - ok

20:56:04.0792 7920 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

20:56:04.0795 7920 sffdisk - ok

20:56:04.0807 7920 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

20:56:04.0809 7920 sffp_mmc - ok

20:56:04.0823 7920 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

20:56:04.0827 7920 sffp_sd - ok

20:56:04.0840 7920 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

20:56:04.0844 7920 sfloppy - ok

20:56:04.0943 7920 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

20:56:04.0975 7920 Sftfs - ok

20:56:05.0090 7920 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

20:56:05.0104 7920 sftlist - ok

20:56:05.0145 7920 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

20:56:05.0150 7920 Sftplay - ok

20:56:05.0173 7920 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

20:56:05.0175 7920 Sftredir - ok

20:56:05.0206 7920 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

20:56:05.0208 7920 Sftvol - ok

20:56:05.0228 7920 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

20:56:05.0232 7920 sftvsa - ok

20:56:05.0285 7920 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

20:56:05.0294 7920 SharedAccess - ok

20:56:05.0350 7920 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

20:56:05.0366 7920 ShellHWDetection - ok

20:56:05.0444 7920 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

20:56:05.0444 7920 SiSRaid2 - ok

20:56:05.0459 7920 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

20:56:05.0459 7920 SiSRaid4 - ok

20:56:05.0506 7920 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

20:56:05.0506 7920 Smb - ok

20:56:05.0569 7920 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

20:56:05.0569 7920 SNMPTRAP - ok

20:56:05.0600 7920 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

20:56:05.0600 7920 spldr - ok

20:56:05.0631 7920 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

20:56:05.0647 7920 Spooler - ok

20:56:05.0818 7920 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

20:56:05.0881 7920 sppsvc - ok

20:56:05.0943 7920 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

20:56:05.0943 7920 sppuinotify - ok

20:56:06.0083 7920 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

20:56:06.0099 7920 srv - ok

20:56:06.0130 7920 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

20:56:06.0146 7920 srv2 - ok

20:56:06.0208 7920 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

20:56:06.0208 7920 srvnet - ok

20:56:06.0255 7920 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

20:56:06.0271 7920 SSDPSRV - ok

20:56:06.0286 7920 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

20:56:06.0286 7920 SstpSvc - ok

20:56:06.0317 7920 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

20:56:06.0317 7920 stexstor - ok

20:56:06.0406 7920 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

20:56:06.0420 7920 stisvc - ok

20:56:06.0442 7920 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

20:56:06.0445 7920 swenum - ok

20:56:06.0482 7920 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

20:56:06.0499 7920 swprv - ok

20:56:06.0758 7920 SynTP (bc642d540aedf9a253c74d10c848ebd2) C:\Windows\system32\DRIVERS\SynTP.sys

20:56:06.0781 7920 SynTP - ok

20:56:06.0847 7920 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

20:56:06.0908 7920 SysMain - ok

20:56:06.0940 7920 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

20:56:06.0944 7920 TabletInputService - ok

20:56:06.0975 7920 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

20:56:06.0982 7920 TapiSrv - ok

20:56:07.0009 7920 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

20:56:07.0012 7920 TBS - ok

20:56:07.0106 7920 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

20:56:07.0188 7920 Tcpip - ok

20:56:07.0260 7920 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

20:56:07.0278 7920 TCPIP6 - ok

20:56:07.0325 7920 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

20:56:07.0327 7920 tcpipreg - ok

20:56:07.0352 7920 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

20:56:07.0352 7920 TDPIPE - ok

20:56:07.0383 7920 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

20:56:07.0383 7920 TDTCP - ok

20:56:07.0414 7920 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

20:56:07.0414 7920 tdx - ok

20:56:07.0430 7920 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

20:56:07.0430 7920 TermDD - ok

20:56:07.0508 7920 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

20:56:07.0523 7920 TermService - ok

20:56:07.0555 7920 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

20:56:07.0555 7920 Themes - ok

20:56:07.0586 7920 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:56:07.0586 7920 THREADORDER - ok

20:56:07.0617 7920 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

20:56:07.0617 7920 TrkWks - ok

20:56:07.0695 7920 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

20:56:07.0695 7920 TrustedInstaller - ok

20:56:07.0742 7920 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:56:07.0742 7920 tssecsrv - ok

20:56:07.0773 7920 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

20:56:07.0773 7920 TsUsbFlt - ok

20:56:07.0789 7920 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

20:56:07.0789 7920 TsUsbGD - ok

20:56:07.0835 7920 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

20:56:07.0835 7920 tunnel - ok

20:56:07.0851 7920 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

20:56:07.0851 7920 uagp35 - ok

20:56:07.0882 7920 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys

20:56:07.0882 7920 UBHelper - ok

20:56:07.0913 7920 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

20:56:07.0913 7920 udfs - ok

20:56:07.0960 7920 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

20:56:07.0960 7920 UI0Detect - ok

20:56:07.0991 7920 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

20:56:07.0991 7920 uliagpkx - ok

20:56:08.0023 7920 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

20:56:08.0023 7920 umbus - ok

20:56:08.0038 7920 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

20:56:08.0038 7920 UmPass - ok

20:56:08.0213 7920 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

20:56:08.0281 7920 UNS - ok

20:56:08.0358 7920 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

20:56:08.0368 7920 upnphost - ok

20:56:08.0416 7920 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

20:56:08.0431 7920 USBAAPL64 - ok

20:56:08.0476 7920 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

20:56:08.0480 7920 usbccgp - ok

20:56:08.0519 7920 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

20:56:08.0523 7920 usbcir - ok

20:56:08.0546 7920 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

20:56:08.0549 7920 usbehci - ok

20:56:08.0582 7920 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

20:56:08.0590 7920 usbhub - ok

20:56:08.0630 7920 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

20:56:08.0633 7920 usbohci - ok

20:56:08.0657 7920 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

20:56:08.0660 7920 usbprint - ok

20:56:08.0698 7920 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

20:56:08.0702 7920 USBSTOR - ok

20:56:08.0726 7920 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

20:56:08.0729 7920 usbuhci - ok

20:56:08.0752 7920 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

20:56:08.0757 7920 usbvideo - ok

20:56:08.0794 7920 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

20:56:08.0798 7920 UxSms - ok

20:56:08.0836 7920 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:56:08.0839 7920 VaultSvc - ok

20:56:08.0867 7920 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

20:56:08.0869 7920 vdrvroot - ok

20:56:08.0921 7920 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

20:56:08.0939 7920 vds - ok

20:56:08.0958 7920 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

20:56:08.0961 7920 vga - ok

20:56:08.0984 7920 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

20:56:08.0987 7920 VgaSave - ok

20:56:09.0003 7920 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

20:56:09.0008 7920 vhdmp - ok

20:56:09.0019 7920 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

20:56:09.0021 7920 viaide - ok

20:56:09.0045 7920 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

20:56:09.0047 7920 volmgr - ok

20:56:09.0073 7920 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

20:56:09.0078 7920 volmgrx - ok

20:56:09.0092 7920 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

20:56:09.0097 7920 volsnap - ok

20:56:09.0138 7920 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

20:56:09.0142 7920 vsmraid - ok

20:56:09.0196 7920 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

20:56:09.0243 7920 VSS - ok

20:56:09.0274 7920 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

20:56:09.0274 7920 vwifibus - ok

20:56:09.0321 7920 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

20:56:09.0321 7920 vwififlt - ok

20:56:09.0367 7920 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

20:56:09.0367 7920 vwifimp - ok

20:56:09.0430 7920 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

20:56:09.0445 7920 W32Time - ok

20:56:09.0461 7920 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

20:56:09.0461 7920 WacomPen - ok

20:56:09.0508 7920 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:56:09.0508 7920 WANARP - ok

20:56:09.0523 7920 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:56:09.0540 7920 Wanarpv6 - ok

20:56:09.0633 7920 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

20:56:09.0681 7920 WatAdminSvc - ok

20:56:09.0761 7920 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

20:56:09.0816 7920 wbengine - ok

20:56:09.0847 7920 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

20:56:09.0852 7920 WbioSrvc - ok

20:56:09.0883 7920 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

20:56:09.0891 7920 wcncsvc - ok

20:56:09.0911 7920 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

20:56:09.0915 7920 WcsPlugInService - ok

20:56:09.0965 7920 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

20:56:09.0967 7920 Wd - ok

20:56:10.0001 7920 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

20:56:10.0010 7920 Wdf01000 - ok

20:56:10.0048 7920 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:56:10.0052 7920 WdiServiceHost - ok

20:56:10.0056 7920 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:56:10.0059 7920 WdiSystemHost - ok

20:56:10.0095 7920 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

20:56:10.0101 7920 WebClient - ok

20:56:10.0138 7920 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

20:56:10.0143 7920 Wecsvc - ok

20:56:10.0169 7920 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

20:56:10.0173 7920 wercplsupport - ok

20:56:10.0207 7920 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

20:56:10.0211 7920 WerSvc - ok

20:56:10.0277 7920 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

20:56:10.0279 7920 WfpLwf - ok

20:56:10.0309 7920 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

20:56:10.0312 7920 WIMMount - ok

20:56:10.0365 7920 WinDefend - ok

20:56:10.0376 7920 WinHttpAutoProxySvc - ok

20:56:10.0446 7920 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

20:56:10.0468 7920 Winmgmt - ok

20:56:10.0539 7920 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

20:56:10.0612 7920 WinRM - ok

20:56:10.0690 7920 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

20:56:10.0690 7920 WinUsb - ok

20:56:10.0737 7920 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

20:56:10.0768 7920 Wlansvc - ok

20:56:10.0877 7920 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

20:56:10.0877 7920 wlcrasvc - ok

20:56:10.0955 7920 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:56:11.0033 7920 wlidsvc - ok

20:56:11.0158 7920 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

20:56:11.0158 7920 WmiAcpi - ok

20:56:11.0251 7920 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

20:56:11.0251 7920 wmiApSrv - ok

20:56:11.0314 7920 WMPNetworkSvc - ok

20:56:11.0376 7920 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

20:56:11.0392 7920 WPCSvc - ok

20:56:11.0423 7920 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

20:56:11.0423 7920 WPDBusEnum - ok

20:56:11.0470 7920 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

20:56:11.0470 7920 ws2ifsl - ok

20:56:11.0501 7920 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

20:56:11.0501 7920 wscsvc - ok

20:56:11.0517 7920 WSearch - ok

20:56:11.0595 7920 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

20:56:11.0673 7920 wuauserv - ok

20:56:11.0688 7920 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

20:56:11.0688 7920 WudfPf - ok

20:56:11.0719 7920 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:56:11.0719 7920 WUDFRd - ok

20:56:11.0751 7920 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

20:56:11.0751 7920 wudfsvc - ok

20:56:11.0782 7920 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

20:56:11.0782 7920 WwanSvc - ok

20:56:11.0829 7920 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

20:56:12.0047 7920 \Device\Harddisk0\DR0 - ok

20:56:12.0063 7920 Boot (0x1200) (ae39d32621eda57325dfca1ed2be6f53) \Device\Harddisk0\DR0\Partition0

20:56:12.0063 7920 \Device\Harddisk0\DR0\Partition0 - ok

20:56:12.0094 7920 Boot (0x1200) (7efb64bbb9520374c8350f3589d9b65e) \Device\Harddisk0\DR0\Partition1

20:56:12.0094 7920 \Device\Harddisk0\DR0\Partition1 - ok

20:56:12.0094 7920 ============================================================

20:56:12.0094 7920 Scan finished

20:56:12.0094 7920 ============================================================

20:56:12.0109 8376 Detected object count: 0

20:56:12.0109 8376 Actual detected object count: 0

20:56:36.0092 9076 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-01 21:05:02

-----------------------------

21:05:02.370 OS Version: Windows x64 6.1.7601 Service Pack 1

21:05:02.370 Number of processors: 2 586 0x2505

21:05:02.370 ComputerName: JENNY-PC UserName: Jenny

21:05:03.743 Initialize success

21:05:11.263 AVAST engine defs: 12040101

21:05:15.693 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

21:05:15.709 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3

21:05:15.725 Disk 0 MBR read successfully

21:05:15.725 Disk 0 MBR scan

21:05:15.725 Disk 0 Windows 7 default MBR code

21:05:15.740 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048

21:05:15.771 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480

21:05:15.787 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 460454 MB offset 33761280

21:05:15.803 Disk 0 scanning C:\Windows\system32\drivers

21:05:24.585 Service scanning

21:05:56.191 Modules scanning

21:05:56.191 Disk 0 trace - called modules:

21:05:56.238 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

21:05:56.768 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80068b4060]

21:05:56.768 3 CLASSPNP.SYS[fffff88001b9d43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004985050]

21:05:59.186 AVAST engine scan C:\Windows

21:06:02.088 AVAST engine scan C:\Windows\system32

21:09:37.131 AVAST engine scan C:\Windows\system32\drivers

21:10:02.949 AVAST engine scan C:\Users\Jenny

21:11:06.612 Disk 0 MBR has been saved successfully to "C:\Users\Jenny\Desktop\MBR.dat"

21:11:06.612 The log file has been saved successfully to "C:\Users\Jenny\Desktop\aswMBR.txt"

MBR.zip

Link to post
Share on other sites

  • Staff

Hi,

Please do the following

Refer to the ComboFix User's Guide

  1. Download ComboFix from one of these locations:
    Link 1
    Link 2
    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Hello - here is the combofix log

ComboFix 12-04-01.02 - Jenny 04/02/2012 9:41.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.2346 [GMT -6:00]

Running from: c:\users\Jenny\Downloads\ComboFix.exe

AV: AVG Anti-Virus 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\TEMP\mia1\mEXEFunc.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))

.

.

2012-04-02 15:46 . 2012-04-02 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-31 23:50 . 2012-03-31 23:50 -------- d-----r- c:\program files (x86)\Skype

2012-03-31 23:50 . 2012-04-02 15:47 -------- d-----w- c:\users\Jenny\AppData\Roaming\Skype

2012-03-30 16:37 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51FFEBAF-B11F-4259-8319-DEFB51C49B29}\mpengine.dll

2012-03-30 03:31 . 2012-01-09 08:26 24360 ----a-w- c:\windows\system32\drivers\avhips.sys

2012-03-30 03:31 . 2012-01-09 08:26 20264 ----a-w- c:\windows\system32\drivers\avfsmn.sys

2012-03-30 03:31 . 2012-03-30 03:31 -------- d-----w- c:\program files (x86)\Anvisoft

2012-03-28 02:44 . 2012-03-28 02:44 -------- d-----w- c:\users\Jenny\AppData\Roaming\Malwarebytes

2012-03-28 02:44 . 2012-03-28 02:44 -------- d-----w- c:\programdata\Malwarebytes

2012-03-28 02:44 . 2012-03-28 02:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-28 02:44 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-27 03:30 . 2012-03-27 03:30 -------- d-----w- c:\program files\iTunes

2012-03-27 03:30 . 2012-03-27 03:30 -------- d-----w- c:\program files (x86)\iTunes

2012-03-27 03:30 . 2012-03-27 03:30 -------- d-----w- c:\program files\iPod

2012-03-24 16:42 . 2012-03-24 16:42 -------- d-----w- c:\users\Jenny\AppData\Local\Ilivid Player

2012-03-24 16:41 . 2012-03-24 16:47 -------- d-----w- c:\programdata\boost_interprocess

2012-03-22 03:43 . 2012-04-02 02:54 -------- d-----w- C:\FarmVilleBot_2.1

2012-03-17 03:21 . 2012-03-17 03:21 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-03-14 23:15 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 23:15 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 23:15 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 03:37 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 03:37 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 03:37 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 03:36 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 03:36 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 03:36 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 03:36 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-14 03:36 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 03:36 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 03:36 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-19 04:19 . 2011-08-11 03:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-17 03:20 . 2011-08-29 01:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-02-23 15:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-15 17:01 . 2012-02-15 17:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-02-15 17:01 . 2012-02-15 17:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-01-04 10:44 . 2012-02-15 03:13 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-01-04 08:58 . 2012-02-15 03:13 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 14940040]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]

"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-02-15 297280]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]

"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-02-03 715048]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]

"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-12-12 2234288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-31 352848]

R4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]

R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]

R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]

R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]

R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-02-15 257344]

R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 avfsmn;avfsmn;c:\windows\system32\DRIVERS\avfsmn.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-02-03 296232]

S2 avhips;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\avhips.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-23 873064]

S2 HawkesUpdater;Hawkes Unattended Updater;c:\program files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [2003-04-18 8192]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-04 c:\windows\Tasks\DLL-files.com Fixer_MONTHLY.job

- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2011-08-29 00:03]

.

2012-03-28 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job

- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2011-08-29 00:03]

.

2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3767778522-3456462054-3616011533-1001Core.job

- c:\users\Jenny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 03:53]

.

2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3767778522-3456462054-3616011533-1001UA.job

- c:\users\Jenny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 03:53]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-18 11779176]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-23 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-23 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-23 415256]

"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 1796200]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.searchnu.com/406

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 129.123.0.2 129.123.0.1

FF - ProfilePath - c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\1p9nc0u4.default\

FF - prefs.js: browser.search.selectedEngine - Search Results

FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

Wow6432Node-HKCU-Run-RDReminder - (no file)

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

.

**************************************************************************

.

Completion time: 2012-04-02 09:54:20 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-02 15:54

.

Pre-Run: 428,191,154,176 bytes free

Post-Run: 427,821,064,192 bytes free

.

- - End Of File - - 6CA4CAB19EA13CE5ADBCD687D0CF1936

Link to post
Share on other sites

  • Staff

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

DDS::
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchnu.com/406
mLocal Page = c:\windows\SysWOW64\blank.htm

FireFox::
FF - ProfilePath - c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\1p9nc0u4.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q=

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

NEXT

Please advise how the computer is running now and if there are any outstanding issues

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.