Solved Smitfraud trojan virus

[Susan1112]

Hi,

my computer has been infected with a Smitfraud virus and I am not sure that I am tech-savvy enough to remove it on my own. However, your site seems to have very easy to follow concise instruction, so I will give a try . I can ONLY run my computer in SAFE MODE with Network capability. I have Norton Internet Security as my Anti-Virus program but it was disabled since the virus took hold of my computer, I am not aware that I have any other Anti-Virus programs installed.

My Malware Log reads as follows:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.15.01
Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7600.16385
Susan Baby :: SUSANBABY-PC [administrator]
11/14/2012 8:02:13 PM
mbam-log-2012-11-14 (20-02-13).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 335396
Time elapsed: 2 minute(s), 58 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe_old (Heuristics.Reserved.Word.Exploit) -> 2964 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe_old (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
(end)
GMER Log ( NO [FONT=Arial]WARNING!!! about rootkit activity was received)[/FONT]

[FONT=Arial]No Log was created!!!![/FONT]


[FONT=Arial]DDS TEXT[/FONT]

[FONT=Arial]DDS (Ver_2012-11-07.01) - NTFS_AMD64 NETWORK
Internet Explorer: 8.0.7600.17115
Run by Susan Baby at 20:54:24 on 2012-11-14
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3767.2738 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5745&r=27361110c016l0463z135t4721k894
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5745&r=27361110c016l0463z135t4721k894
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5745&r=27361110c016l0463z135t4721k894
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1290214743\ee\AOLSoftware.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRunOnce: [NIS] "C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\20.2.0.19\InstStub.exe" /RELAUNCH /RUNONCE /NOPROMPT /PRODID NIS
mRunOnce: [SpybotDeletingA8834] command.com /c del "C:\Windows\svchost.exe"
mRunOnce: [SpybotDeletingC5255] cmd.exe /c del "C:\Windows\svchost.exe"
mRunOnce: [SpybotDeletingA8970] command.com /c del "C:\Windows\svchost.exe"
mRunOnce: [SpybotDeletingC4672] cmd.exe /c del "C:\Windows\svchost.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
StartupFolder: C:\Users\SUSANB~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AOLDES~1.LNK - C:\Program Files (x86)\Common Files\aol\Launch\aollaunch.exe
StartupFolder: C:\Users\SUSANB~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6F50F40B-7172-4454-AA68-07923038C98E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EAC13957-79C3-426D-B2D8-4F7BD9FDD302} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EAC13957-79C3-426D-B2D8-4F7BD9FDD302}\249676D4F6F63756D27657563747 : DHCPNameServer = 167.206.254.2 167.206.254.1 192.168.33.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Quick View Plus - ShellExecute Hook - {0cab0400-7395-11d0-a5e5-0020afe2fdd9} -
x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5745&r=27361110c016l0463z135t4721k894
x64-mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5745&r=27361110c016l0463z135t4721k894
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [ODDPwr] "C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe"
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-29 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-8-3 76400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-8-3 321104]
S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-9-16 868896]
S2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-3 13336]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
S2 ODDPwrSvc;Acer ODD Power Service;C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-8-3 171040]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-16 2533400]
S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-8-3 243232]
S2 X5XSEx_Pr143;X5XSEx_Pr143;C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.sys [2012-10-21 56136]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-6-9 40448]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-3-30 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-3 158976]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-3 271872]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-21 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-11-15 01:16:47 20480 ----a-w- C:\Windows\svchost.exe
2012-11-15 01:01:20 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-15 01:01:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-15 00:14:23 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-14 23:38:55 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-11-14 23:13:41 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-11-14 23:13:21 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64\0501000.01A
2012-11-14 23:13:21 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64
2012-11-14 03:22:51 -------- d-----w- C:\Program Files\Symantec
2012-11-13 00:18:32 -------- d-----w- C:\Users\Susan Baby\AppData\Local\LogMeIn Rescue Applet
2012-11-12 22:05:06 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-11-12 20:03:29 -------- d-----w- C:\Users\Susan Baby\AppData\Roaming\Malwarebytes
2012-11-12 19:53:46 -------- d-----w- C:\Users\Susan Baby\AppData\Local\Savings Sidekick
2012-11-12 19:52:00 -------- d-----w- C:\Program Files (x86)\Conduit
2012-11-12 19:51:55 -------- d-----w- C:\Program Files (x86)\FLV_Runner
2012-11-12 18:54:38 -------- d-----w- C:\Users\Susan Baby\AppData\Local\NPE
2012-11-12 17:58:18 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2012-11-12 02:27:38 190976 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\20B9.tmp
2012-11-12 02:27:20 190976 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\D9F7.tmp.dat
2012-11-11 04:50:31 0 ----a-w- C:\Windows\SysWow64\sho7268.tmp
2012-11-10 03:14:45 0 ----a-w- C:\Windows\SysWow64\shoEC7.tmp
2012-11-07 12:43:09 0 ----a-w- C:\Windows\SysWow64\shoC88C.tmp
2012-11-06 12:36:06 0 ----a-w- C:\Windows\SysWow64\sho3F9F.tmp
2012-11-04 03:44:32 0 ----a-w- C:\Windows\SysWow64\sho5ADD.tmp
2012-10-28 02:39:40 0 ----a-w- C:\Windows\SysWow64\shoF1D3.tmp
2012-10-26 02:06:41 0 ----a-w- C:\Windows\SysWow64\sho38D0.tmp
2012-10-22 02:08:25 0 ----a-w- C:\Windows\SysWow64\sho6D6.tmp
2012-10-21 22:44:47 -------- d-----w- C:\ProgramData\GAMEON
2012-10-21 22:41:50 -------- d-----w- C:\Remote Programs
2012-10-21 22:41:48 -------- d-----w- C:\ProgramData\Free Ride Games
2012-10-21 22:41:45 57824 ------w- C:\Windows\ExentInfo.exe
2012-10-21 22:41:45 -------- d-----w- C:\Program Files (x86)\Free Ride Games
2012-10-19 11:47:38 0 ----a-w- C:\Windows\SysWow64\shoE4D3.tmp
.
==================== Find3M ====================
.
2012-10-09 23:33:28 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-09 23:33:27 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 01:17:41 0 ----a-w- C:\Windows\SysWow64\shoA79F.tmp
2012-10-02 11:48:46 0 ----a-w- C:\Windows\SysWow64\shoC58F.tmp
2012-10-02 00:29:17 0 ----a-w- C:\Windows\SysWow64\shoFB9.tmp
2012-10-02 00:00:24 0 ----a-w- C:\Windows\SysWow64\shoEC80.tmp
2012-10-01 01:20:27 0 ----a-w- C:\Windows\SysWow64\shoF794.tmp
2012-09-28 11:51:07 0 ----a-w- C:\Windows\SysWow64\shoAC45.tmp
2012-09-28 01:48:05 0 ----a-w- C:\Windows\SysWow64\sho1BBE.tmp
2012-09-24 01:11:15 0 ----a-w- C:\Windows\SysWow64\sho63F4.tmp
2012-09-23 04:19:10 0 ----a-w- C:\Windows\SysWow64\sho326D.tmp
2012-09-20 11:52:36 0 ----a-w- C:\Windows\SysWow64\shoB183.tmp
2012-09-20 01:41:08 0 ----a-w- C:\Windows\SysWow64\sho74B6.tmp
2012-09-19 02:23:51 0 ----a-w- C:\Windows\SysWow64\sho529F.tmp
2012-09-17 03:31:37 0 ----a-w- C:\Windows\SysWow64\shoA9E2.tmp
2012-09-16 04:02:28 0 ----a-w- C:\Windows\SysWow64\sho2FB3.tmp
2012-09-15 03:04:36 0 ----a-w- C:\Windows\SysWow64\shoE92C.tmp
2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-14 11:56:46 0 ----a-w- C:\Windows\SysWow64\sho4ECB.tmp
2012-09-12 02:35:29 0 ----a-w- C:\Windows\SysWow64\sho6B84.tmp
2012-09-05 11:58:46 0 ----a-w- C:\Windows\SysWow64\sho1065.tmp
2012-09-04 01:22:32 0 ----a-w- C:\Windows\SysWow64\shoC111.tmp
2012-09-03 04:39:58 0 ----a-w- C:\Windows\SysWow64\shoE74C.tmp
2012-09-01 03:18:11 0 ----a-w- C:\Windows\SysWow64\shoA4C0.tmp
2012-08-31 18:02:20 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:11:29 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:18:33 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18:33 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-29 01:27:19 0 ----a-w- C:\Windows\SysWow64\shoCCDC.tmp
2012-08-28 03:07:54 0 ----a-w- C:\Windows\SysWow64\shoD94D.tmp
2012-08-27 03:17:51 0 ----a-w- C:\Windows\SysWow64\sho759.tmp
2012-08-26 19:47:44 58696 ----a-w- C:\Windows\SysWow64\AOLParconLink.exe
2012-08-26 02:30:41 0 ----a-w- C:\Windows\SysWow64\sho215F.tmp
2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 18:05:27 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 18:02:20 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-08-24 17:10:47 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 17:08:47 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-08-24 16:45:23 482816 ----a-w- C:\Windows\System32\html.iec
2012-08-24 16:02:45 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 16:01:45 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-08-24 15:27:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-21 01:52:03 0 ----a-w- C:\Windows\SysWow64\shoD71.tmp
2012-08-19 22:45:49 0 ----a-w- C:\Windows\SysWow64\shoE94.tmp
2012-08-19 02:43:13 0 ----a-w- C:\Windows\SysWow64\sho71D6.tmp
2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-18 15:34:13 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 20:57:08.38 ===============[/FONT]


[FONT=Arial]DDS ATTACH[/FONT]
[FONT=Arial].
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/19/2010 7:28:28 PM
System Uptime: 11/14/2012 8:36:30 PM (0 hours ago)
.
Motherboard: Acer | | ZR7
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU | 2394/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 517.604 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet J4680 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet J4680 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet J4680 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet J4680 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP130: 11/11/2012 11:23:21 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
4660_4680_Help
64 Bit HP CIO Components Installer
Acer Arcade Deluxe
Acer Arcade Movie
Acer Backup Manager
Acer Crystal Eye webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Alcor Micro USB Card Reader
AOL Mail and AIM Gadget
AOL Registration
AOL Toolbar
AOL Toolbar for Firefox
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Backup Manager Basic
Bejeweled 2 Deluxe
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
calibre
Carbonite
D3DX10
Destinations
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
DocMgr
DocProc
Download Updater (AOL LLC)
FATE
Fax
Free Ride Games Player
Google Earth
Google Update Helper
GPBaseService2
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP OfficeJet J4600 All-In-One Series
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
Identity Card
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Internet TV for Windows Media Center
iTunes
J4680
Java Auto Updater
Java(TM) 6 Update 23
Jewel Quest - Heritage
Jewel Quest II
Jewel Quest Solitaire 2
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.65.1.1000
MarketResearch
MediaShow Espresso
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher 2003
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
Network64
Norton Bootable Recovery Tool Wizard
OCR Software by I.R.I.S. 13.0
Optical Drive Power Management
Picasa 3
ProductContext
Quick View Plus
QuickTime
Realtek High Definition Audio Driver
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Skype Toolbars
Skype™ 5.10
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
Symantec Technical Support Web Controls
Synaptics Pointing Device Driver
Toolbox
TrayApp
Uninstall AOL Emergency Connect Utility 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Viewpoint Media Player
WebReg
Welcome Center
WildTangent Games App (Acer Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live Upload Tool
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
11/8/2012 7:11:33 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
11/14/2012 8:54:07 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/14/2012 8:42:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
11/14/2012 8:42:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/14/2012 8:38:26 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/14/2012 8:38:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/14/2012 8:38:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/14/2012 8:38:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/14/2012 8:38:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
11/14/2012 8:38:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/14/2012 8:37:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
11/14/2012 8:37:28 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
11/14/2012 8:33:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
11/14/2012 8:33:00 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/14/2012 8:33:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
11/14/2012 8:21:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Rapid Storage Technology service to connect.
11/14/2012 8:21:36 PM, Error: Service Control Manager [7000] - The Intel(R) Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/14/2012 8:20:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
11/14/2012 6:09:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl spldr Wanarpv6
11/14/2012 6:09:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000226367b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111412-52697-01.
11/14/2012 4:25:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NIS discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
11/14/2012 4:14:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/14/2012 4:14:13 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/14/2012 4:13:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Layer Gateway Service service to connect.
11/14/2012 4:13:43 PM, Error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/14/2012 4:13:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NIS SymIRON
11/14/2012 4:13:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
11/14/2012 4:13:10 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
11/14/2012 4:13:10 PM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/14/2012 4:12:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
11/14/2012 4:12:39 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/13/2012 7:21:13 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Dritek WMI Service service to connect.
11/13/2012 7:21:13 AM, Error: Service Control Manager [7000] - The Dritek WMI Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/13/2012 7:20:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the CarboniteService service to connect.
11/13/2012 7:20:43 AM, Error: Service Control Manager [7000] - The CarboniteService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/13/2012 10:44:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NIS discache IDSVia64 spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6
11/13/2012 10:44:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000256714a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111312-52759-01.
11/12/2012 8:28:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000225467b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111212-44491-01.
11/12/2012 5:37:44 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
11/12/2012 4:40:46 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
11/12/2012 4:07:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
11/12/2012 4:03:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.
11/12/2012 4:03:59 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
11/12/2012 4:03:59 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
11/12/2012 4:03:59 PM, Error: Service Control Manager [7000] - The Peer Networking Identity Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/12/2012 3:23:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AOL Connectivity Service service to connect.
11/12/2012 3:23:38 PM, Error: Service Control Manager [7000] - The AOL Connectivity Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/12/2012 2:00:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000225967b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111212-131134-01.
11/11/2012 9:55:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Norton Internet Security service to connect.
11/11/2012 9:55:01 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/11/2012 6:00:16 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
11/11/2012 10:30:48 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/11/2012 10:30:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/11/2012 10:30:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/11/2012 10:30:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_NIS DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
11/11/2012 10:30:09 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/11/2012 10:30:09 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/11/2012 10:30:09 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/11/2012 10:30:09 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/11/2012 10:30:09 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/11/2012 10:30:09 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/11/2012 10:30:08 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/11/2012 10:30:08 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/11/2012 10:30:08 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/11/2012 10:30:08 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/11/2012 10:30:08 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/11/2012 10:26:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Image Acquisition (WIA) service to connect.
11/11/2012 10:26:12 PM, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/11/2012 10:17:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/10/2012 10:20:09 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user SusanBaby-PC\Susan Baby SID (S-1-5-21-3319537312-2756757344-3939033949-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/10/2012 10:20:09 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user SusanBaby-PC\Susan Baby SID (S-1-5-21-3319537312-2756757344-3939033949-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================[/FONT]

[FONT=Arial]Very nervous about this virus, is it true that your personal data can be compromised? Thank you so much to everybody on this forum for your help. [/FONT]

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[Susan1112]

Hi Broni,

I followed your instructions and got to """

• If an infected file is detected, the default action will be Cure, click on Continue."""" but "Continue is not an option th eonly option are "Skip, Copy to Quarantine, Cure, Restore" Which option should I choose???

Thank you, Susan

 

[Broni]

Do you have infected or suspicious file?

• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.

 

[Susan1112]

It's an infected file because the default action shows cure. Do I click on cure first, then continue will be the next option?

 

[Broni]

Yes.

 

[Susan1112]

Thank you

 

[Susan1112]

Hi, I did that and for the first time my computer booted up to Normal MNode. At the same time it rebooted, Norton Internet Security re-installed itself, I had uninstalled and attempted to re-install it it before but it wouldn't work, no it seems to be ok.

What next?

 

[Broni]

Read all of my instructions very carefully.

I need TDSSKiller log.

 

[Susan1112]

There were two TDSSKIller logs, I have attached both. Due to the size of the logs, they are divided into 2 consecutive entries


18:18:03.0881 2488 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:18:04.0770 2488 ============================================================
18:18:04.0770 2488 Current date / time: 2012/11/15 18:18:04.0770
18:18:04.0770 2488 SystemInfo:
18:18:04.0770 2488
18:18:04.0770 2488 OS Version: 6.1.7600 ServicePack: 0.0
18:18:04.0770 2488 Product type: Workstation
18:18:04.0770 2488 ComputerName: SUSANBABY-PC
18:18:04.0770 2488 UserName: Susan Baby
18:18:04.0770 2488 Windows directory: C:\Windows
18:18:04.0770 2488 System windows directory: C:\Windows
18:18:04.0770 2488 Running under WOW64
18:18:04.0770 2488 Processor architecture: Intel x64
18:18:04.0770 2488 Number of processors: 4
18:18:04.0770 2488 Page size: 0x1000
18:18:04.0770 2488 Boot type: Safe boot with network
18:18:04.0770 2488 ============================================================
18:18:05.0581 2488 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:18:05.0581 2488 ============================================================
18:18:05.0581 2488 \Device\Harddisk0\DR0:
18:18:05.0581 2488 MBR partitions:
18:18:05.0581 2488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
18:18:05.0581 2488 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x48C25000
18:18:05.0581 2488 ============================================================
18:18:05.0628 2488 C: <-> \Device\Harddisk0\DR0\Partition2
18:18:05.0628 2488 ============================================================
18:18:05.0628 2488 Initialize success
18:18:05.0628 2488 ============================================================
18:20:03.0127 1308 ============================================================
18:20:03.0127 1308 Scan started
18:20:03.0127 1308 Mode: Manual;
18:20:03.0127 1308 ============================================================
18:20:04.0687 1308 ================ Scan system memory ========================
18:20:04.0687 1308 System memory - ok
18:20:04.0687 1308 ================ Scan services =============================
18:20:05.0108 1308 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
18:20:05.0108 1308 1394ohci - ok
18:20:05.0140 1308 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
18:20:05.0140 1308 ACPI - ok
18:20:05.0202 1308 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
18:20:05.0202 1308 AcpiPmi - ok
18:20:05.0327 1308 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:20:05.0327 1308 AdobeARMservice - ok
18:20:05.0467 1308 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:20:05.0467 1308 AdobeFlashPlayerUpdateSvc - ok
18:20:05.0545 1308 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:20:05.0545 1308 adp94xx - ok
18:20:05.0576 1308 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:20:05.0576 1308 adpahci - ok
18:20:05.0639 1308 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:20:05.0639 1308 adpu320 - ok
18:20:05.0701 1308 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:20:05.0717 1308 AeLookupSvc - ok
18:20:05.0795 1308 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
18:20:05.0795 1308 AFD - ok
18:20:05.0842 1308 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
18:20:05.0842 1308 agp440 - ok
18:20:05.0873 1308 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:20:05.0873 1308 ALG - ok
18:20:05.0888 1308 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
18:20:05.0888 1308 aliide - ok
18:20:05.0920 1308 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
18:20:05.0920 1308 amdide - ok
18:20:05.0951 1308 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:20:05.0951 1308 AmdK8 - ok
18:20:05.0951 1308 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:20:05.0951 1308 AmdPPM - ok
18:20:05.0982 1308 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:20:05.0982 1308 amdsata - ok
18:20:06.0013 1308 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:20:06.0029 1308 amdsbs - ok
18:20:06.0029 1308 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:20:06.0029 1308 amdxata - ok
18:20:06.0091 1308 [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
18:20:06.0091 1308 AmUStor - ok
18:20:06.0200 1308 [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
18:20:06.0200 1308 AOL ACS - ok
18:20:06.0247 1308 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
18:20:06.0247 1308 AppID - ok
18:20:06.0278 1308 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:20:06.0278 1308 AppIDSvc - ok
18:20:06.0310 1308 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
18:20:06.0310 1308 Appinfo - ok
18:20:06.0372 1308 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:20:06.0372 1308 Apple Mobile Device - ok
18:20:06.0403 1308 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:20:06.0419 1308 arc - ok
18:20:06.0419 1308 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:20:06.0434 1308 arcsas - ok
18:20:06.0466 1308 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:20:06.0466 1308 AsyncMac - ok
18:20:06.0497 1308 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
18:20:06.0497 1308 atapi - ok
18:20:06.0575 1308 [ E642491F64E58CD5BC8FB8B347DCF65F ] athr C:\Windows\system32\DRIVERS\athrx.sys
18:20:06.0590 1308 athr - ok
18:20:06.0668 1308 [ 36760519C99C03F8BD1F88414F5D2327 ] ATWPKT2 C:\Windows\system32\drivers\ATWPKT264.SYS
18:20:06.0668 1308 ATWPKT2 - ok
18:20:06.0715 1308 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:20:06.0731 1308 AudioEndpointBuilder - ok
18:20:06.0731 1308 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:20:06.0746 1308 AudioSrv - ok
18:20:06.0793 1308 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:20:06.0793 1308 AxInstSV - ok
18:20:06.0871 1308 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:20:06.0871 1308 b06bdrv - ok
18:20:06.0918 1308 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:20:06.0934 1308 b57nd60a - ok
18:20:06.0965 1308 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:20:06.0965 1308 BDESVC - ok
18:20:06.0980 1308 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:20:06.0980 1308 Beep - ok
18:20:07.0043 1308 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
18:20:07.0043 1308 BFE - ok
18:20:07.0121 1308 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
18:20:07.0230 1308 BITS - ok
18:20:07.0261 1308 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:20:07.0261 1308 blbdrive - ok
18:20:07.0339 1308 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
18:20:07.0339 1308 Bonjour Service - ok
18:20:07.0386 1308 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:20:07.0386 1308 bowser - ok
18:20:07.0433 1308 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:20:07.0433 1308 BrFiltLo - ok
18:20:07.0480 1308 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:20:07.0480 1308 BrFiltUp - ok
18:20:07.0526 1308 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
18:20:07.0526 1308 Browser - ok
18:20:07.0526 1308 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:20:07.0526 1308 Brserid - ok
18:20:07.0558 1308 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:20:07.0558 1308 BrSerWdm - ok
18:20:07.0573 1308 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:20:07.0589 1308 BrUsbMdm - ok
18:20:07.0636 1308 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:20:07.0636 1308 BrUsbSer - ok
18:20:07.0667 1308 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:20:07.0667 1308 BTHMODEM - ok
18:20:07.0729 1308 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:20:07.0729 1308 bthserv - ok
18:20:07.0948 1308 [ 33E43A31AC6AC6BA95D4772D8CCA076F ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
18:20:08.0072 1308 CarboniteService - ok
18:20:08.0119 1308 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:20:08.0119 1308 cdfs - ok
18:20:08.0197 1308 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:20:08.0197 1308 cdrom - ok
18:20:08.0244 1308 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
18:20:08.0244 1308 CertPropSvc - ok
18:20:08.0291 1308 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:20:08.0291 1308 circlass - ok
18:20:08.0306 1308 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:20:08.0306 1308 CLFS - ok
18:20:08.0431 1308 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:20:08.0431 1308 clr_optimization_v2.0.50727_32 - ok
18:20:08.0478 1308 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:20:08.0494 1308 clr_optimization_v2.0.50727_64 - ok
18:20:08.0572 1308 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:20:08.0603 1308 clr_optimization_v4.0.30319_32 - ok
18:20:08.0618 1308 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:20:08.0634 1308 clr_optimization_v4.0.30319_64 - ok
18:20:08.0665 1308 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:20:08.0665 1308 CmBatt - ok
18:20:08.0696 1308 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
18:20:08.0696 1308 cmdide - ok
18:20:08.0728 1308 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
18:20:08.0743 1308 CNG - ok
18:20:08.0837 1308 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:20:08.0837 1308 Compbatt - ok
18:20:08.0837 1308 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:20:08.0837 1308 CompositeBus - ok
18:20:08.0852 1308 COMSysApp - ok
18:20:08.0884 1308 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:20:08.0884 1308 crcdisk - ok
18:20:08.0946 1308 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:20:08.0946 1308 CryptSvc - ok
18:20:09.0055 1308 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:20:09.0071 1308 cvhsvc - ok
18:20:09.0149 1308 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:20:09.0164 1308 DcomLaunch - ok
18:20:09.0227 1308 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:20:09.0242 1308 defragsvc - ok
18:20:09.0274 1308 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:20:09.0274 1308 DfsC - ok
18:20:09.0336 1308 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
18:20:09.0336 1308 Dhcp - ok
18:20:09.0398 1308 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:20:09.0398 1308 discache - ok
18:20:09.0430 1308 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:20:09.0445 1308 Disk - ok
18:20:09.0476 1308 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:20:09.0476 1308 Dnscache - ok
18:20:09.0554 1308 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
18:20:09.0554 1308 dot3svc - ok
18:20:09.0570 1308 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
18:20:09.0570 1308 DPS - ok
18:20:09.0617 1308 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:20:09.0617 1308 drmkaud - ok
18:20:09.0664 1308 [ 1FCA854CEDFC2CCD0C22E46EA4EA18F1 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
18:20:09.0664 1308 DsiWMIService - ok
18:20:09.0710 1308 [ 24CE1ECF9D0AE0301775B07F5FEA175B ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:20:09.0726 1308 DXGKrnl - ok
18:20:09.0757 1308 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:20:09.0757 1308 EapHost - ok
18:20:09.0835 1308 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:20:09.0882 1308 ebdrv - ok
18:20:09.0913 1308 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
18:20:09.0913 1308 EFS - ok
18:20:09.0976 1308 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:20:09.0991 1308 ehRecvr - ok
18:20:10.0022 1308 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:20:10.0022 1308 ehSched - ok
18:20:10.0100 1308 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:20:10.0100 1308 elxstor - ok
18:20:10.0178 1308 [ 3EA2C4F68A782839D97B3C83595575B6 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
18:20:10.0194 1308 ePowerSvc - ok
18:20:10.0210 1308 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
18:20:10.0210 1308 ErrDev - ok
18:20:10.0288 1308 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:20:10.0288 1308 EventSystem - ok
18:20:10.0334 1308 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:20:10.0334 1308 exfat - ok
18:20:10.0350 1308 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:20:10.0350 1308 fastfat - ok
18:20:10.0397 1308 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
18:20:10.0412 1308 Fax - ok
18:20:10.0444 1308 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:20:10.0459 1308 fdc - ok
18:20:10.0490 1308 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:20:10.0490 1308 fdPHost - ok
18:20:10.0506 1308 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:20:10.0506 1308 FDResPub - ok
18:20:10.0522 1308 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:20:10.0522 1308 FileInfo - ok
18:20:10.0537 1308 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:20:10.0537 1308 Filetrace - ok
18:20:10.0600 1308 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:20:10.0600 1308 flpydisk - ok
18:20:10.0646 1308 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:20:10.0646 1308 FltMgr - ok
18:20:10.0693 1308 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
18:20:10.0709 1308 FontCache - ok
18:20:10.0756 1308 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:20:10.0756 1308 FontCache3.0.0.0 - ok
18:20:10.0802 1308 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:20:10.0802 1308 FsDepends - ok
18:20:10.0849 1308 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
18:20:10.0849 1308 fssfltr - ok
18:20:11.0005 1308 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:20:11.0036 1308 fsssvc - ok
18:20:11.0068 1308 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:20:11.0083 1308 Fs_Rec - ok
18:20:11.0130 1308 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:20:11.0130 1308 fvevol - ok
18:20:11.0192 1308 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:20:11.0192 1308 gagp30kx - ok
18:20:11.0317 1308 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:20:11.0317 1308 GamesAppService - ok
18:20:11.0364 1308 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:20:11.0364 1308 GEARAspiWDM - ok
18:20:11.0395 1308 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
18:20:11.0411 1308 gpsvc - ok
18:20:11.0473 1308 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
18:20:11.0473 1308 GREGService - ok
18:20:11.0582 1308 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:20:11.0598 1308 gupdate - ok
18:20:11.0598 1308 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:20:11.0598 1308 gupdatem - ok
18:20:11.0645 1308 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:20:11.0645 1308 gusvc - ok
18:20:11.0676 1308 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:20:11.0676 1308 hcw85cir - ok
18:20:11.0707 1308 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:20:11.0723 1308 HdAudAddService - ok
18:20:11.0770 1308 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:20:11.0770 1308 HDAudBus - ok
18:20:11.0816 1308 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:20:11.0816 1308 HECIx64 - ok
18:20:11.0832 1308 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:20:11.0832 1308 HidBatt - ok
18:20:11.0863 1308 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:20:11.0863 1308 HidBth - ok
18:20:11.0863 1308 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:20:11.0863 1308 HidIr - ok
18:20:11.0894 1308 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:20:11.0894 1308 hidserv - ok
18:20:11.0941 1308 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:20:11.0941 1308 HidUsb - ok
18:20:11.0957 1308 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:20:11.0957 1308 hkmsvc - ok
18:20:11.0988 1308 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:20:11.0988 1308 HomeGroupListener - ok
18:20:12.0019 1308 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:20:12.0019 1308 HomeGroupProvider - ok
18:20:12.0144 1308 [ 08457D8F8149757C70CEA59C71EC5D27 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:20:12.0144 1308 hpqcxs08 - ok
18:20:12.0160 1308 [ 75CC8C5146A3FB76221A7606628778D5 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:20:12.0160 1308 hpqddsvc - ok
18:20:12.0222 1308 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
18:20:12.0222 1308 HpSAMD - ok
18:20:12.0300 1308 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
18:20:12.0394 1308 HPSLPSVC - ok
18:20:12.0456 1308 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:20:12.0456 1308 HTTP - ok
18:20:12.0487 1308 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:20:12.0487 1308 hwpolicy - ok
18:20:12.0550 1308 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:20:12.0550 1308 i8042prt - ok
18:20:12.0612 1308 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:20:12.0612 1308 iaStor - ok
18:20:12.0690 1308 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:20:12.0690 1308 IAStorDataMgrSvc - ok
18:20:12.0721 1308 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:20:12.0737 1308 iaStorV - ok
18:20:12.0784 1308 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:20:12.0799 1308 idsvc - ok
18:20:12.0986 1308 [ 2A22AB054F4630D2EF4BAB2853F6D5F6 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:20:13.0158 1308 igfx - ok
18:20:13.0236 1308 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:20:13.0236 1308 iirsp - ok
18:20:13.0298 1308 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
18:20:13.0298 1308 IKEEXT - ok
18:20:13.0392 1308 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
18:20:13.0408 1308 Impcd - ok
18:20:13.0470 1308 [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:20:13.0517 1308 IntcAzAudAddService - ok
18:20:13.0595 1308 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
18:20:13.0595 1308 IntcDAud - ok
18:20:13.0626 1308 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
18:20:13.0626 1308 intelide - ok
18:20:13.0673 1308 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:20:13.0673 1308 intelppm - ok
18:20:13.0720 1308 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:20:13.0720 1308 IPBusEnum - ok
18:20:13.0735 1308 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:20:13.0735 1308 IpFilterDriver - ok
18:20:13.0766 1308 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:20:13.0782 1308 iphlpsvc - ok
18:20:13.0798 1308 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:20:13.0798 1308 IPMIDRV - ok
18:20:13.0829 1308 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:20:13.0829 1308 IPNAT - ok
18:20:13.0860 1308 [ E94503089DF8976F5C4C9D5168E9765F ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:20:13.0876 1308 iPod Service - ok
18:20:13.0938 1308 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:20:13.0938 1308 IRENUM - ok
18:20:13.0969 1308 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
18:20:13.0969 1308 isapnp - ok
18:20:14.0000 1308 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:20:14.0000 1308 iScsiPrt - ok
18:20:14.0047 1308 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:20:14.0047 1308 kbdclass - ok
18:20:14.0094 1308 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:20:14.0094 1308 kbdhid - ok
18:20:14.0110 1308 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
18:20:14.0110 1308 KeyIso - ok
18:20:14.0172 1308 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:20:14.0172 1308 KSecDD - ok
18:20:14.0219 1308 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:20:14.0219 1308 KSecPkg - ok
18:20:14.0250 1308 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:20:14.0266 1308 ksthunk - ok
18:20:14.0297 1308 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:20:14.0297 1308 KtmRm - ok
18:20:14.0344 1308 [ 0EB28A5F9BD82F0357A77FF11722763F ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
18:20:14.0344 1308 L1C - ok
18:20:14.0422 1308 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:20:14.0422 1308 LanmanServer - ok
18:20:14.0453 1308 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:20:14.0468 1308 LanmanWorkstation - ok
18:20:14.0546 1308 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:20:14.0546 1308 lltdio - ok
18:20:14.0578 1308 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:20:14.0593 1308 lltdsvc - ok
18:20:14.0624 1308 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:20:14.0624 1308 lmhosts - ok
18:20:14.0687 1308 [ 23D990150D56B670A62B21B9ABDD45EE ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:20:14.0687 1308 LMS - ok
18:20:14.0718 1308 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:20:14.0718 1308 LSI_FC - ok
18:20:14.0780 1308 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:20:14.0780 1308 LSI_SAS - ok
18:20:14.0796 1308 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:20:14.0796 1308 LSI_SAS2 - ok
18:20:14.0827 1308 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:20:14.0827 1308 LSI_SCSI - ok
18:20:14.0858 1308 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:20:14.0858 1308 luafv - ok
18:20:14.0905 1308 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:20:14.0905 1308 Mcx2Svc - ok
18:20:14.0936 1308 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:20:14.0936 1308 megasas - ok
18:20:14.0968 1308 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:20:14.0968 1308 MegaSR - ok
18:20:14.0999 1308 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:20:14.0999 1308 MMCSS - ok
18:20:15.0030 1308 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:20:15.0030 1308 Modem - ok
18:20:15.0046 1308 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:20:15.0046 1308 monitor - ok
18:20:15.0092 1308 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:20:15.0092 1308 mouclass - ok
18:20:15.0108 1308 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:20:15.0124 1308 mouhid - ok
18:20:15.0139 1308 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:20:15.0139 1308 mountmgr - ok
18:20:15.0217 1308 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
18:20:15.0233 1308 mpio - ok
18:20:15.0248 1308 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:20:15.0248 1308 mpsdrv - ok
18:20:15.0280 1308 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:20:15.0295 1308 MpsSvc - ok
18:20:15.0326 1308 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:20:15.0326 1308 MRxDAV - ok
18:20:15.0358 1308 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:20:15.0358 1308 mrxsmb - ok
18:20:15.0436 1308 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:20:15.0436 1308 mrxsmb10 - ok
18:20:15.0467 1308 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:20:15.0467 1308 mrxsmb20 - ok
18:20:15.0498 1308 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
18:20:15.0498 1308 msahci - ok
18:20:15.0560 1308 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
18:20:15.0560 1308 msdsm - ok
18:20:15.0592 1308 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:20:15.0592 1308 MSDTC - ok
18:20:15.0607 1308 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:20:15.0623 1308 Msfs - ok
18:20:15.0638 1308 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:20:15.0638 1308 mshidkmdf - ok
18:20:15.0654 1308 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
18:20:15.0654 1308 msisadrv - ok
18:20:15.0716 1308 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:20:15.0716 1308 MSiSCSI - ok
18:20:15.0732 1308 msiserver - ok
18:20:15.0779 1308 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:20:15.0779 1308 MSKSSRV - ok
18:20:15.0826 1308 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:20:15.0826 1308 MSPCLOCK - ok
18:20:15.0841 1308 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:20:15.0841 1308 MSPQM - ok
18:20:15.0857 1308 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:20:15.0857 1308 MsRPC - ok
18:20:15.0888 1308 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:20:15.0888 1308 mssmbios - ok
18:20:15.0904 1308 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:20:15.0904 1308 MSTEE - ok
18:20:15.0919 1308 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:20:15.0919 1308 MTConfig - ok
18:20:15.0966 1308 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:20:15.0982 1308 Mup - ok
18:20:15.0997 1308 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
18:20:16.0013 1308 napagent - ok
18:20:16.0075 1308 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:20:16.0075 1308 NativeWifiP - ok
18:20:16.0138 1308 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
18:20:16.0153 1308 NDIS - ok
18:20:16.0184 1308 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:20:16.0184 1308 NdisCap - ok
18:20:16.0216 1308 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:20:16.0216 1308 NdisTapi - ok
18:20:16.0262 1308 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:20:16.0262 1308 Ndisuio - ok
18:20:16.0278 1308 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:20:16.0278 1308 NdisWan - ok
18:20:16.0294 1308 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:20:16.0294 1308 NDProxy - ok
18:20:16.0356 1308 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:20:16.0387 1308 Net Driver HPZ12 - ok
18:20:16.0418 1308 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:20:16.0418 1308 NetBIOS - ok
18:20:16.0481 1308 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:20:16.0481 1308 NetBT - ok
18:20:16.0496 1308 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
18:20:16.0496 1308 Netlogon - ok
18:20:16.0559 1308 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:20:16.0559 1308 Netman - ok
18:20:16.0574 1308 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:20:16.0574 1308 netprofm - ok
18:20:16.0621 1308 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:20:16.0621 1308 NetTcpPortSharing - ok
18:20:16.0668 1308 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:20:16.0668 1308 nfrd960 - ok
18:20:16.0715 1308 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:20:16.0715 1308 NlaSvc - ok
18:20:16.0730 1308 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:20:16.0730 1308 Npfs - ok
18:20:16.0746 1308 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:20:16.0746 1308 nsi - ok
18:20:16.0762 1308 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:20:16.0762 1308 nsiproxy - ok
18:20:16.0824 1308 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:20:16.0855 1308 Ntfs - ok
18:20:16.0964 1308 [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
18:20:16.0964 1308 NTI IScheduleSvc - ok
18:20:16.0996 1308 [ 710263B44C1D1AEE07525A53401FBE48 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
18:20:16.0996 1308 NTIDrvr - ok
18:20:17.0027 1308 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:20:17.0027 1308 Null - ok
18:20:17.0074 1308 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:20:17.0074 1308 nvraid - ok
18:20:17.0120 1308 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:20:17.0120 1308 nvstor - ok
18:20:17.0214 1308 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
18:20:17.0214 1308 nv_agp - ok
18:20:17.0276 1308 [ BA7DAC1B8A86D9402C3E04E1FCAA600D ] ODDPwrSvc C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
18:20:17.0276 1308 ODDPwrSvc - ok
18:20:17.0370 1308 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:20:17.0370 1308 odserv - ok
18:20:17.0432 1308 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:20:17.0448 1308 ohci1394 - ok
18:20:17.0526 1308 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:20:17.0526 1308 ose - ok
18:20:17.0682 1308 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:20:17.0791 1308 osppsvc - ok
18:20:17.0823 1308 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:20:17.0838 1308 p2pimsvc - ok
18:20:17.0869 1308 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:20:17.0885 1308 p2psvc - ok
18:20:17.0901 1308 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:20:17.0916 1308 Parport - ok
18:20:17.0963 1308 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:20:17.0963 1308 partmgr - ok
18:20:17.0979 1308 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:20:17.0979 1308 PcaSvc - ok
18:20:18.0010 1308 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
18:20:18.0010 1308 pci - ok
18:20:18.0025 1308 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
18:20:18.0041 1308 pciide - ok
18:20:18.0057 1308 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:20:18.0057 1308 pcmcia - ok
18:20:18.0088 1308 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:20:18.0088 1308 pcw - ok
18:20:18.0103 1308 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:20:18.0119 1308 PEAUTH - ok

 

[Susan1112]

18:20:18.0213 1308 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:20:18.0228 1308 PerfHost - ok
18:20:18.0322 1308 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
18:20:18.0369 1308 pla - ok
18:20:18.0415 1308 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:20:18.0415 1308 PlugPlay - ok
18:20:18.0493 1308 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:20:18.0493 1308 Pml Driver HPZ12 - ok
18:20:18.0540 1308 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:20:18.0540 1308 PNRPAutoReg - ok
18:20:18.0571 1308 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:20:18.0571 1308 PNRPsvc - ok
18:20:18.0603 1308 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:20:18.0618 1308 PolicyAgent - ok
18:20:18.0665 1308 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:20:18.0665 1308 Power - ok
18:20:18.0712 1308 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:20:18.0712 1308 PptpMiniport - ok
18:20:18.0743 1308 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:20:18.0743 1308 Processor - ok
18:20:18.0790 1308 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
18:20:18.0790 1308 ProfSvc - ok
18:20:18.0805 1308 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:20:18.0805 1308 ProtectedStorage - ok
18:20:18.0837 1308 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:20:18.0852 1308 Psched - ok
18:20:18.0899 1308 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:20:18.0930 1308 ql2300 - ok
18:20:18.0961 1308 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:20:18.0961 1308 ql40xx - ok
18:20:19.0008 1308 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:20:19.0008 1308 QWAVE - ok
18:20:19.0039 1308 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:20:19.0039 1308 QWAVEdrv - ok
18:20:19.0086 1308 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:20:19.0086 1308 RasAcd - ok
18:20:19.0133 1308 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:20:19.0133 1308 RasAgileVpn - ok
18:20:19.0211 1308 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:20:19.0211 1308 RasAuto - ok
18:20:19.0273 1308 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:20:19.0289 1308 Rasl2tp - ok
18:20:19.0320 1308 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
18:20:19.0320 1308 RasMan - ok
18:20:19.0336 1308 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:20:19.0336 1308 RasPppoe - ok
18:20:19.0383 1308 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:20:19.0383 1308 RasSstp - ok
18:20:19.0414 1308 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:20:19.0414 1308 rdbss - ok
18:20:19.0429 1308 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:20:19.0445 1308 rdpbus - ok
18:20:19.0461 1308 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:20:19.0461 1308 RDPCDD - ok
18:20:19.0492 1308 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:20:19.0492 1308 RDPENCDD - ok
18:20:19.0507 1308 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:20:19.0507 1308 RDPREFMP - ok
18:20:19.0585 1308 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:20:19.0585 1308 RDPWD - ok
18:20:19.0617 1308 [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:20:19.0617 1308 rdyboost - ok
18:20:19.0648 1308 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:20:19.0663 1308 RemoteAccess - ok
18:20:19.0695 1308 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:20:19.0695 1308 RemoteRegistry - ok
18:20:19.0773 1308 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
18:20:19.0773 1308 RichVideo - ok
18:20:19.0819 1308 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:20:19.0819 1308 RpcEptMapper - ok
18:20:19.0851 1308 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:20:19.0851 1308 RpcLocator - ok
18:20:19.0882 1308 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
18:20:19.0882 1308 RpcSs - ok
18:20:19.0929 1308 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:20:19.0929 1308 rspndr - ok
18:20:19.0944 1308 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
18:20:19.0944 1308 SamSs - ok
18:20:19.0975 1308 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
18:20:19.0975 1308 sbp2port - ok
18:20:20.0022 1308 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:20:20.0022 1308 SCardSvr - ok
18:20:20.0069 1308 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:20:20.0069 1308 scfilter - ok
18:20:20.0131 1308 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
18:20:20.0147 1308 Schedule - ok
18:20:20.0178 1308 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:20:20.0178 1308 SCPolicySvc - ok
18:20:20.0209 1308 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:20:20.0209 1308 SDRSVC - ok
18:20:20.0241 1308 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:20:20.0241 1308 secdrv - ok
18:20:20.0272 1308 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
18:20:20.0272 1308 seclogon - ok
18:20:20.0287 1308 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:20:20.0287 1308 SENS - ok
18:20:20.0319 1308 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:20:20.0319 1308 SensrSvc - ok
18:20:20.0350 1308 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:20:20.0350 1308 Serenum - ok
18:20:20.0365 1308 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:20:20.0365 1308 Serial - ok
18:20:20.0381 1308 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:20:20.0381 1308 sermouse - ok
18:20:20.0428 1308 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
18:20:20.0428 1308 SessionEnv - ok
18:20:20.0443 1308 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
18:20:20.0443 1308 sffdisk - ok
18:20:20.0459 1308 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:20:20.0459 1308 sffp_mmc - ok
18:20:20.0490 1308 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
18:20:20.0490 1308 sffp_sd - ok
18:20:20.0506 1308 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:20:20.0506 1308 sfloppy - ok
18:20:20.0553 1308 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
18:20:20.0553 1308 Sftfs - ok
18:20:20.0646 1308 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:20:20.0662 1308 sftlist - ok
18:20:20.0693 1308 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:20:20.0693 1308 Sftplay - ok
18:20:20.0709 1308 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:20:20.0724 1308 Sftredir - ok
18:20:20.0724 1308 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
18:20:20.0724 1308 Sftvol - ok
18:20:20.0740 1308 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:20:20.0740 1308 sftvsa - ok
18:20:20.0787 1308 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:20:20.0787 1308 SharedAccess - ok
18:20:20.0818 1308 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:20:20.0818 1308 ShellHWDetection - ok
18:20:20.0865 1308 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:20:20.0865 1308 SiSRaid2 - ok
18:20:20.0911 1308 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:20:20.0927 1308 SiSRaid4 - ok
18:20:20.0989 1308 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:20:21.0005 1308 SkypeUpdate - ok
18:20:21.0052 1308 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:20:21.0052 1308 Smb - ok
18:20:21.0099 1308 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:20:21.0099 1308 SNMPTRAP - ok
18:20:21.0114 1308 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:20:21.0114 1308 spldr - ok
18:20:21.0270 1308 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
18:20:21.0286 1308 Spooler - ok
18:20:21.0364 1308 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
18:20:21.0442 1308 sppsvc - ok
18:20:21.0457 1308 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:20:21.0457 1308 sppuinotify - ok
18:20:21.0489 1308 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:20:21.0489 1308 srv - ok
18:20:21.0504 1308 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:20:21.0520 1308 srv2 - ok
18:20:21.0551 1308 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:20:21.0551 1308 srvnet - ok
18:20:21.0598 1308 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:20:21.0613 1308 SSDPSRV - ok
18:20:21.0645 1308 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:20:21.0645 1308 SstpSvc - ok
18:20:21.0676 1308 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:20:21.0676 1308 stexstor - ok
18:20:21.0723 1308 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
18:20:21.0723 1308 StillCam - ok
18:20:21.0769 1308 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
18:20:21.0769 1308 stisvc - ok
18:20:21.0785 1308 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:20:21.0785 1308 swenum - ok
18:20:21.0832 1308 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:20:21.0832 1308 swprv - ok
18:20:21.0910 1308 [ 267C914667C94E5F47D342311C1C577F ] Symantec RemoteAssist C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe
18:20:21.0910 1308 Symantec RemoteAssist - ok
18:20:21.0972 1308 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
18:20:21.0972 1308 SymEvent - ok
18:20:22.0035 1308 [ 868DFB220A18312A12CEF01BA9AC069B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:20:22.0035 1308 SynTP - ok
18:20:22.0097 1308 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
18:20:22.0128 1308 SysMain - ok
18:20:22.0159 1308 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:20:22.0159 1308 TabletInputService - ok
18:20:22.0175 1308 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
18:20:22.0175 1308 TapiSrv - ok
18:20:22.0206 1308 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:20:22.0206 1308 TBS - ok
18:20:22.0284 1308 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:20:22.0331 1308 Tcpip - ok
18:20:22.0362 1308 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:20:22.0378 1308 TCPIP6 - ok
18:20:22.0409 1308 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:20:22.0409 1308 tcpipreg - ok
18:20:22.0425 1308 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:20:22.0425 1308 TDPIPE - ok
18:20:22.0440 1308 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:20:22.0456 1308 TDTCP - ok
18:20:22.0487 1308 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:20:22.0487 1308 tdx - ok
18:20:22.0503 1308 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:20:22.0503 1308 TermDD - ok
18:20:22.0612 1308 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
18:20:22.0627 1308 TermService - ok
18:20:22.0643 1308 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:20:22.0643 1308 Themes - ok
18:20:22.0705 1308 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:20:22.0721 1308 THREADORDER - ok
18:20:22.0768 1308 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:20:22.0768 1308 TrkWks - ok
18:20:22.0908 1308 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:20:22.0908 1308 TrustedInstaller - ok
18:20:22.0924 1308 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:20:22.0939 1308 tssecsrv - ok
18:20:23.0017 1308 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:20:23.0017 1308 tunnel - ok
18:20:23.0049 1308 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:20:23.0049 1308 uagp35 - ok
18:20:23.0095 1308 [ 40079B0B801C5432BA435B5AD61CE6E3 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
18:20:23.0095 1308 UBHelper - ok
18:20:23.0189 1308 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:20:23.0205 1308 udfs - ok
18:20:23.0251 1308 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:20:23.0376 1308 UI0Detect - ok
18:20:23.0548 1308 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
18:20:23.0548 1308 uliagpkx - ok
18:20:23.0626 1308 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:20:23.0641 1308 umbus - ok
18:20:23.0657 1308 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:20:23.0657 1308 UmPass - ok
18:20:24.0172 1308 [ CBDEE152D73200EE49031A26310B9D3E ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:20:24.0234 1308 UNS - ok
18:20:24.0281 1308 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
18:20:24.0297 1308 Updater Service - ok
18:20:24.0312 1308 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:20:24.0312 1308 upnphost - ok
18:20:24.0406 1308 [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:20:24.0406 1308 USBAAPL64 - ok
18:20:24.0437 1308 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:20:24.0437 1308 usbccgp - ok
18:20:24.0468 1308 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
18:20:24.0468 1308 usbcir - ok
18:20:24.0484 1308 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:20:24.0484 1308 usbehci - ok
18:20:24.0531 1308 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:20:24.0531 1308 usbhub - ok
18:20:24.0577 1308 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:20:24.0577 1308 usbohci - ok
18:20:24.0593 1308 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:20:24.0593 1308 usbprint - ok
18:20:24.0687 1308 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:20:24.0687 1308 USBSTOR - ok
18:20:24.0702 1308 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:20:24.0702 1308 usbuhci - ok
18:20:24.0765 1308 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:20:24.0765 1308 usbvideo - ok
18:20:24.0811 1308 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:20:24.0811 1308 UxSms - ok
18:20:24.0827 1308 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
18:20:24.0827 1308 VaultSvc - ok
18:20:24.0874 1308 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
18:20:24.0874 1308 vdrvroot - ok
18:20:24.0921 1308 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
18:20:24.0921 1308 vds - ok
18:20:24.0967 1308 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:20:24.0967 1308 vga - ok
18:20:24.0983 1308 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:20:24.0983 1308 VgaSave - ok
18:20:25.0045 1308 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
18:20:25.0045 1308 vhdmp - ok
18:20:25.0077 1308 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
18:20:25.0077 1308 viaide - ok
18:20:25.0123 1308 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
18:20:25.0123 1308 volmgr - ok
18:20:25.0389 1308 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:20:25.0404 1308 volmgrx - ok
18:20:25.0467 1308 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
18:20:25.0467 1308 volsnap - ok
18:20:25.0576 1308 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:20:25.0576 1308 vsmraid - ok
18:20:25.0701 1308 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
18:20:25.0732 1308 VSS - ok
18:20:25.0763 1308 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:20:25.0763 1308 vwifibus - ok
18:20:25.0810 1308 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:20:25.0810 1308 vwififlt - ok
18:20:25.0888 1308 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:20:25.0888 1308 vwifimp - ok
18:20:25.0981 1308 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:20:25.0981 1308 W32Time - ok
18:20:25.0997 1308 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:20:26.0013 1308 WacomPen - ok
18:20:26.0044 1308 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:20:26.0059 1308 WANARP - ok
18:20:26.0075 1308 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:20:26.0075 1308 Wanarpv6 - ok
18:20:26.0122 1308 [ ECEB715BECE47E101DDEC06B11126066 ] wanatw C:\Windows\system32\DRIVERS\wanatw64.sys
18:20:26.0122 1308 wanatw - ok
18:20:26.0200 1308 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:20:26.0231 1308 WatAdminSvc - ok
18:20:26.0309 1308 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
18:20:26.0340 1308 wbengine - ok
18:20:26.0371 1308 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:20:26.0371 1308 WbioSrvc - ok
18:20:26.0418 1308 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:20:26.0418 1308 wcncsvc - ok
18:20:26.0465 1308 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:20:26.0465 1308 WcsPlugInService - ok
18:20:26.0496 1308 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:20:26.0496 1308 Wd - ok
18:20:26.0512 1308 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:20:26.0527 1308 Wdf01000 - ok
18:20:26.0574 1308 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:20:26.0574 1308 WdiServiceHost - ok
18:20:26.0574 1308 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:20:26.0574 1308 WdiSystemHost - ok
18:20:26.0605 1308 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
18:20:26.0621 1308 WebClient - ok
18:20:26.0683 1308 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:20:26.0683 1308 Wecsvc - ok
18:20:26.0715 1308 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:20:26.0715 1308 wercplsupport - ok
18:20:26.0761 1308 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:20:26.0761 1308 WerSvc - ok
18:20:26.0808 1308 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:20:26.0808 1308 WfpLwf - ok
18:20:26.0871 1308 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:20:26.0871 1308 WIMMount - ok
18:20:26.0886 1308 WinDefend - ok
18:20:26.0902 1308 WinHttpAutoProxySvc - ok
18:20:26.0964 1308 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:20:26.0964 1308 Winmgmt - ok
18:20:27.0027 1308 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
18:20:27.0073 1308 WinRM - ok
18:20:27.0136 1308 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:20:27.0136 1308 WinUsb - ok
18:20:27.0198 1308 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:20:27.0214 1308 Wlansvc - ok
18:20:27.0307 1308 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:20:27.0307 1308 wlcrasvc - ok
18:20:27.0448 1308 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:20:27.0651 1308 wlidsvc - ok
18:20:27.0713 1308 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:20:27.0713 1308 WmiAcpi - ok
18:20:27.0744 1308 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:20:27.0744 1308 wmiApSrv - ok
18:20:27.0791 1308 WMPNetworkSvc - ok
18:20:27.0838 1308 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:20:27.0838 1308 WPCSvc - ok
18:20:27.0853 1308 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:20:27.0853 1308 WPDBusEnum - ok
18:20:27.0885 1308 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:20:27.0900 1308 ws2ifsl - ok
18:20:27.0916 1308 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
18:20:27.0916 1308 wscsvc - ok
18:20:27.0916 1308 WSearch - ok
18:20:28.0025 1308 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:20:28.0072 1308 wuauserv - ok
18:20:28.0087 1308 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:20:28.0087 1308 WudfPf - ok
18:20:28.0134 1308 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:20:28.0150 1308 WUDFRd - ok
18:20:28.0181 1308 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:20:28.0181 1308 wudfsvc - ok
18:20:28.0197 1308 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:20:28.0197 1308 WwanSvc - ok
18:20:28.0290 1308 [ C6B289A70A2D36242A2CCAA2715E1747 ] X5XSEx_Pr143 C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys
18:20:28.0290 1308 X5XSEx_Pr143 - ok
18:20:28.0353 1308 ================ Scan global ===============================
18:20:28.0368 1308 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:20:28.0415 1308 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
18:20:28.0431 1308 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
18:20:28.0462 1308 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:20:28.0477 1308 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:20:28.0493 1308 [Global] - ok
18:20:28.0493 1308 ================ Scan MBR ==================================
18:20:28.0509 1308 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:20:28.0509 1308 Suspicious mbr (Forged): \Device\Harddisk0\DR0
18:20:28.0571 1308 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
18:20:28.0571 1308 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
18:20:28.0571 1308 ================ Scan VBR ==================================
18:20:28.0571 1308 [ 2499FCF8F11EDF9A93335E4FE6C0972B ] \Device\Harddisk0\DR0\Partition1
18:20:28.0571 1308 \Device\Harddisk0\DR0\Partition1 - ok
18:20:28.0587 1308 [ 2D60D30145D9ECBCC1E882EA9A12A217 ] \Device\Harddisk0\DR0\Partition2
18:20:28.0587 1308 \Device\Harddisk0\DR0\Partition2 - ok
18:20:28.0587 1308 ============================================================
18:20:28.0587 1308 Scan finished
18:20:28.0587 1308 ============================================================
18:20:28.0587 1652 Detected object count: 1
18:20:28.0587 1652 Actual detected object count: 1
19:53:00.0933 1652 \Device\Harddisk0\DR0\# - copied to quarantine
19:53:00.0933 1652 \Device\Harddisk0\DR0 - copied to quarantine
19:53:01.0011 1652 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:53:01.0011 1652 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
19:53:01.0026 1652 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:53:01.0042 1652 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:53:01.0042 1652 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
19:53:01.0042 1652 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:53:01.0042 1652 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
19:53:01.0042 1652 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:53:01.0042 1652 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:53:01.0042 1652 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
19:53:01.0042 1652 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
19:53:01.0089 1652 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
19:53:01.0135 1652 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
19:53:01.0135 1652 \Device\Harddisk0\DR0 - ok
19:53:01.0213 1652 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
19:54:20.0727 2484 Deinitialize success

2nd Log

19:56:21.0722 3872 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:56:21.0988 3872 ============================================================
19:56:21.0988 3872 Current date / time: 2012/11/15 19:56:21.0988
19:56:21.0988 3872 SystemInfo:
19:56:21.0988 3872
19:56:21.0988 3872 OS Version: 6.1.7600 ServicePack: 0.0
19:56:21.0988 3872 Product type: Workstation
19:56:21.0988 3872 ComputerName: SUSANBABY-PC
19:56:21.0988 3872 UserName: Susan Baby
19:56:21.0988 3872 Windows directory: C:\Windows
19:56:21.0988 3872 System windows directory: C:\Windows
19:56:21.0988 3872 Running under WOW64
19:56:21.0988 3872 Processor architecture: Intel x64
19:56:21.0988 3872 Number of processors: 4
19:56:21.0988 3872 Page size: 0x1000
19:56:21.0988 3872 Boot type: Normal boot
19:56:21.0988 3872 ============================================================
19:56:23.0282 3872 BG loaded
19:56:24.0468 3872 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:56:24.0468 3872 ============================================================
19:56:24.0468 3872 \Device\Harddisk0\DR0:
19:56:24.0468 3872 MBR partitions:
19:56:24.0468 3872 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
19:56:24.0468 3872 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x48C25000
19:56:24.0468 3872 ============================================================
19:56:24.0546 3872 C: <-> \Device\Harddisk0\DR0\Partition2
19:56:24.0546 3872 ============================================================
19:56:24.0546 3872 Initialize success
19:56:24.0546 3872 ============================================================

 

[Broni]

Very good

See if you can start in normal mode now.

If so update MBAM, run it and post new log.

Next....

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==========================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[Susan1112]

Ran updated MBAM, no infections detected, here's the log:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.16.01
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Susan Baby :: SUSANBABY-PC [administrator]
11/15/2012 10:07:25 PM
mbam-log-2012-11-15 (22-07-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 336960
Time elapsed: 5 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

 

[Susan1112]

RogyeKiller Log:

RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Susan Baby [Admin rights]
Mode : Remove -- Date : 11/15/2012 22:19:36
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] splwow64.exe -- C:\Windows\splwow64.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][SUSP PATH] Carbonite Upgrade Check : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent -> DELETED
[TASK][SUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD6400BEVT-22A0RT0 +++++
--- User ---
[MBR] cc50943cd85604963734224263e64db2
[BSP] 247529f8bb167fe1ffdb0dd45c9e3614 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 596042 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_11152012_02d2219.txt >>
RKreport[1]_S_11152012_02d2219.txt ; RKreport[2]_D_11152012_02d2219.txt

 

[Susan1112]

Here the aswMBR Log:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-15 22:23:54
-----------------------------
22:23:54.412 OS Version: Windows x64 6.1.7600
22:23:54.412 Number of processors: 4 586 0x2505
22:23:54.412 ComputerName: SUSANBABY-PC UserName: Susan Baby
22:23:58.281 Initialize success
22:25:09.964 AVAST engine defs: 12111501
22:25:59.760 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:25:59.760 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
22:25:59.775 Disk 0 MBR read successfully
22:25:59.791 Disk 0 MBR scan
22:25:59.822 Disk 0 Windows 7 default MBR code
22:25:59.822 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
22:25:59.853 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
22:25:59.869 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 596042 MB offset 29566976
22:25:59.900 Disk 0 scanning C:\Windows\system32\drivers
22:26:10.321 Service scanning
22:26:51.520 Modules scanning
22:26:51.536 Disk 0 trace - called modules:
22:26:51.552 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:26:51.552 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005201060]
22:26:51.552 3 CLASSPNP.SYS[fffff880013cd43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f6c050]
22:26:55.935 AVAST engine scan C:\Windows
22:27:00.163 AVAST engine scan C:\Windows\system32
22:32:34.627 AVAST engine scan C:\Windows\system32\drivers
22:33:40.772 AVAST engine scan C:\Users\Susan Baby
22:45:52.990 AVAST engine scan C:\ProgramData
22:49:05.635 File: C:\ProgramData\Microsoft\Windows\DRM\20B9.tmp **INFECTED** Win32ownloader-RHO [Trj]
22:49:07.132 File: C:\ProgramData\Microsoft\Windows\DRM\D9F7.tmp.dat **INFECTED** Win32ownloader-RHO [Trj]
22:49:35.992 Scan finished successfully
06:37:02.442 Disk 0 MBR has been saved successfully to "C:\Users\Susan Baby\Desktop\MBR.dat"
06:37:02.458 The log file has been saved successfully to "C:\Users\Susan Baby\Desktop\aswMBR1.txt"

 

[Broni]

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

===================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Susan1112]

I don't know how to disable Malwarebytes, the free version you avised me to use. Do I need to disable that one too?

 

[Broni]

No. Free version doesn't run in real time.

 

[Susan1112]

Here's the ComboFix Log:



ComboFix 12-11-16.02 - Susan Baby 11/16/2012 19:35:31.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3767.2175 [GMT -5:00]
Running from: c:\users\Susan Baby\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\20B9.tmp
c:\users\Susan Baby\AppData\Local\Savings Sidekick
c:\users\Susan Baby\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-17 to 2012-11-17 )))))))))))))))))))))))))))))))
.
.
2012-11-17 00:42 . 2012-11-17 00:42 -------- d-----w- c:\users\S Brown\AppData\Local\temp
2012-11-17 00:42 . 2012-11-17 00:42 -------- d-----w- c:\users\S Brown.SusanBaby-PC\AppData\Local\temp
2012-11-17 00:42 . 2012-11-17 00:42 -------- d-----w- c:\users\John\AppData\Local\temp
2012-11-16 12:48 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 12:48 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 12:48 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 12:48 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 11:40 . 2012-10-18 18:18 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-11-16 11:40 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 11:40 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-16 03:06 . 2012-11-16 03:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-16 03:06 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-16 00:57 . 2012-11-17 00:31 -------- d-----w- c:\program files (x86)\Norton Internet Security
2012-11-16 00:53 . 2012-11-16 00:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-15 00:14 . 2012-11-15 00:14 -------- d-----w- c:\programdata\Malwarebytes
2012-11-14 23:38 . 2012-11-16 02:59 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-11-14 23:13 . 2012-07-26 05:32 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-13 00:18 . 2012-11-15 00:07 -------- d-----w- c:\users\Susan Baby\AppData\Local\LogMeIn Rescue Applet
2012-11-12 22:05 . 2012-11-16 20:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-12 20:03 . 2012-11-12 20:03 -------- d-----w- c:\users\Susan Baby\AppData\Roaming\Malwarebytes
2012-11-12 19:52 . 2012-11-12 19:52 -------- d-----w- c:\program files (x86)\Conduit
2012-11-12 19:51 . 2012-11-15 00:07 -------- d-----w- c:\program files (x86)\FLV_Runner
2012-11-12 18:54 . 2012-11-14 23:02 -------- d-----w- c:\users\Susan Baby\AppData\Local\NPE
2012-11-12 17:58 . 2012-11-17 00:32 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2012-11-11 04:50 . 2012-11-11 04:50 0 ----a-w- c:\windows\SysWow64\sho7268.tmp
2012-11-10 03:14 . 2012-11-10 03:14 0 ----a-w- c:\windows\SysWow64\shoEC7.tmp
2012-11-07 12:43 . 2012-11-07 12:43 0 ----a-w- c:\windows\SysWow64\shoC88C.tmp
2012-11-06 12:36 . 2012-11-06 12:36 0 ----a-w- c:\windows\SysWow64\sho3F9F.tmp
2012-11-04 03:44 . 2012-11-04 03:44 0 ----a-w- c:\windows\SysWow64\sho5ADD.tmp
2012-10-28 02:39 . 2012-10-28 02:39 0 ----a-w- c:\windows\SysWow64\shoF1D3.tmp
2012-10-26 02:06 . 2012-10-26 02:06 0 ----a-w- c:\windows\SysWow64\sho38D0.tmp
2012-10-22 02:08 . 2012-10-22 02:08 0 ----a-w- c:\windows\SysWow64\sho6D6.tmp
2012-10-21 22:44 . 2012-10-21 22:44 -------- d-----w- c:\programdata\GAMEON
2012-10-21 22:41 . 2012-10-21 22:59 -------- d-----w- C:\Remote Programs
2012-10-21 22:41 . 2012-10-21 22:41 -------- d-----w- c:\programdata\Free Ride Games
2012-10-21 22:41 . 2012-11-15 00:05 -------- d-----w- c:\program files (x86)\Free Ride Games
2012-10-21 22:41 . 2012-09-03 14:24 57824 ------w- c:\windows\ExentInfo.exe
2012-10-19 11:47 . 2012-10-19 11:47 0 ----a-w- c:\windows\SysWow64\shoE4D3.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 23:33 . 2012-04-29 03:45 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 23:33 . 2011-08-08 14:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 01:17 . 2012-10-09 01:17 0 ----a-w- c:\windows\SysWow64\shoA79F.tmp
2012-10-02 11:48 . 2012-10-02 11:48 0 ----a-w- c:\windows\SysWow64\shoC58F.tmp
2012-10-02 00:29 . 2012-10-02 00:29 0 ----a-w- c:\windows\SysWow64\shoFB9.tmp
2012-10-02 00:00 . 2012-10-02 00:00 0 ----a-w- c:\windows\SysWow64\shoEC80.tmp
2012-10-01 01:20 . 2012-10-01 01:20 0 ----a-w- c:\windows\SysWow64\shoF794.tmp
2012-09-28 11:51 . 2012-09-28 11:51 0 ----a-w- c:\windows\SysWow64\shoAC45.tmp
2012-09-28 01:48 . 2012-09-28 01:48 0 ----a-w- c:\windows\SysWow64\sho1BBE.tmp
2012-09-24 01:11 . 2012-09-24 01:11 0 ----a-w- c:\windows\SysWow64\sho63F4.tmp
2012-09-23 04:19 . 2012-09-23 04:19 0 ----a-w- c:\windows\SysWow64\sho326D.tmp
2012-09-21 11:26 . 2010-11-21 19:16 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-21 11:25 . 2010-11-21 19:16 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-20 11:52 . 2012-09-20 11:52 0 ----a-w- c:\windows\SysWow64\shoB183.tmp
2012-09-20 01:41 . 2012-09-20 01:41 0 ----a-w- c:\windows\SysWow64\sho74B6.tmp
2012-09-19 02:23 . 2012-09-19 02:23 0 ----a-w- c:\windows\SysWow64\sho529F.tmp
2012-09-17 03:31 . 2012-09-17 03:31 0 ----a-w- c:\windows\SysWow64\shoA9E2.tmp
2012-09-16 04:02 . 2012-09-16 04:02 0 ----a-w- c:\windows\SysWow64\sho2FB3.tmp
2012-09-15 18:04 . 2010-11-21 19:17 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-09-15 03:04 . 2012-09-15 03:04 0 ----a-w- c:\windows\SysWow64\shoE92C.tmp
2012-09-14 19:23 . 2012-10-10 21:59 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:30 . 2012-10-10 21:59 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-14 11:56 . 2012-09-14 11:56 0 ----a-w- c:\windows\SysWow64\sho4ECB.tmp
2012-09-12 02:35 . 2012-09-12 02:35 0 ----a-w- c:\windows\SysWow64\sho6B84.tmp
2012-09-05 11:58 . 2012-09-05 11:58 0 ----a-w- c:\windows\SysWow64\sho1065.tmp
2012-09-04 01:22 . 2012-09-04 01:22 0 ----a-w- c:\windows\SysWow64\shoC111.tmp
2012-09-03 04:39 . 2012-09-03 04:39 0 ----a-w- c:\windows\SysWow64\shoE74C.tmp
2012-09-01 03:18 . 2012-09-01 03:18 0 ----a-w- c:\windows\SysWow64\shoA4C0.tmp
2012-08-31 18:55 . 2010-12-12 15:53 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-31 18:55 . 2010-12-12 15:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-31 18:02 . 2012-10-10 22:00 1656688 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:11 . 2012-10-10 22:00 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:18 . 2012-10-10 22:00 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18 . 2012-10-10 22:00 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-29 01:27 . 2012-08-29 01:27 0 ----a-w- c:\windows\SysWow64\shoCCDC.tmp
2012-08-28 03:07 . 2012-08-28 03:07 0 ----a-w- c:\windows\SysWow64\shoD94D.tmp
2012-08-27 03:17 . 2012-08-27 03:17 0 ----a-w- c:\windows\SysWow64\sho759.tmp
2012-08-26 19:47 . 2007-04-17 20:52 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe
2012-08-26 02:30 . 2012-08-26 02:30 0 ----a-w- c:\windows\SysWow64\sho215F.tmp
2012-08-24 18:05 . 2012-10-10 21:59 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 18:05 . 2012-09-22 12:58 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 18:05 . 2012-09-22 12:58 1501696 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 18:05 . 2012-09-22 12:58 134144 ----a-w- c:\windows\system32\url.dll
2012-08-24 18:03 . 2012-09-22 12:58 1026560 ----a-w- c:\windows\system32\mstime.dll
2012-08-24 18:02 . 2012-09-22 12:58 9375744 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 18:02 . 2012-09-22 12:58 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 18:02 . 2012-09-22 12:58 736256 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 18:02 . 2012-09-22 12:58 82944 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-08-24 18:02 . 2012-09-22 12:58 57856 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-24 18:02 . 2012-09-22 12:58 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 18:01 . 2012-09-22 12:58 247808 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 18:01 . 2012-09-22 12:58 2458624 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 18:01 . 2012-09-22 12:58 12404736 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 18:01 . 2012-09-22 12:58 256000 ----a-w- c:\windows\system32\iepeers.dll
2012-08-24 18:01 . 2012-09-22 12:58 445952 ----a-w- c:\windows\system32\iedkcs32.dll
2012-08-24 17:59 . 2012-09-22 12:58 12288 ----a-w- c:\windows\system32\msfeedssync.exe
2012-08-24 17:10 . 2012-10-10 21:59 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 17:10 . 2012-09-22 12:58 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 17:08 . 2012-09-22 12:58 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-08-24 16:45 . 2012-09-22 12:58 482816 ----a-w- c:\windows\system32\html.iec
2012-08-24 16:02 . 2012-09-22 12:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 16:01 . 2012-09-22 12:58 386048 ----a-w- c:\windows\SysWow64\html.iec
2012-08-24 15:27 . 2012-09-22 12:58 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-21 01:52 . 2012-08-21 01:52 0 ----a-w- c:\windows\SysWow64\shoD71.tmp
2012-08-19 22:45 . 2012-08-19 22:45 0 ----a-w- c:\windows\SysWow64\shoE94.tmp
2012-08-19 02:43 . 2012-08-19 02:43 0 ----a-w- c:\windows\SysWow64\sho71D6.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-09-03 4895192]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HostManager"="c:\program files (x86)\Common Files\AOL\1290214743\ee\AOLSoftware.exe" [2010-03-08 41800]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-09-03 4895192]
.
c:\users\Susan Baby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files (x86)\Common Files\aol\Launch\aollaunch.exe [2010-3-8 41800]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= "qvphook.dll" [2000-05-26 45056]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-10 40448]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
S4 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1402000.013\ccSetx64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 23:33]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-13 02:40]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-13 02:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-06-22 2098792]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 413208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5745&r=27361110c016l0463z135t4721k894
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5745&r=27361110c016l0463z135t4721k894
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-82385162.sys
Toolbar-Locked - (no file)
HKLM-Run-mwlDaemon - c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-16 19:45:48
ComboFix-quarantined-files.txt 2012-11-17 00:45
.
Pre-Run: 554,130,477,056 bytes free
Post-Run: 553,719,902,208 bytes free
.
- - End Of File - - 29FC204200223108B0C39E0C1A0CC120

 

[Broni]

Looks good

Any current issues?

============================

I don't see any AV program running.

Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
You can keep it or you have to disable it before installing another AV program. How to...

- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php


======================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Susan1112]

I am a Norton Internet Security Subscriber but uninstalled because it was not working / running at all. Will have to re-install once by computer, hopefully, will be back to normal. Can I expect my my various passwords to be compromised?

 

[Susan1112]

OTL LOG





OTL logfile created on: 11/16/2012 8:25:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Susan Baby\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 60.06% Memory free
7.36 Gb Paging File | 5.73 Gb Available in Paging File | 77.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.07 Gb Total Space | 515.47 Gb Free Space | 88.56% Space Free | Partition Type: NTFS

Computer Name: SUSANBABY-PC | User Name: Susan Baby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/16 20:24:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Susan Baby\Desktop\OTL.exe
PRC - [2012/10/09 18:33:27 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012/09/03 09:24:10 | 004,895,192 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files (x86)\Free Ride Games\GPlayer.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/03 19:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2010/06/30 23:10:26 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/06/30 23:10:22 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/06/28 17:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/06/28 17:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/06/22 01:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/06/22 01:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/06/22 01:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/03/08 02:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\aol\1290214743\ee\aolsoftware.exe
PRC - [2010/03/03 22:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 22:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/10 08:19:09 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\aol\1290214743\ee\AOLDesktop.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/16 15:55:08 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\398df77267992efc77df5ef5176a89c6\System.Web.ni.dll
MOD - [2012/11/16 15:55:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1430191d067c0f28c3a676d3ecb85b26\System.Runtime.Remoting.ni.dll
MOD - [2012/11/16 15:54:36 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\515c6ffea562bb0f03a1ed8f75279648\System.Windows.Forms.ni.dll
MOD - [2012/11/16 15:54:29 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f4be07261983040b29685575b69085e8\System.Drawing.ni.dll
MOD - [2012/11/16 15:54:17 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6a68e4c50351a220511a5dfc3e025685\WindowsBase.ni.dll
MOD - [2012/11/16 15:54:12 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2d47118e5da6db054d5676e665f2be2\System.Xml.ni.dll
MOD - [2012/11/16 15:54:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll
MOD - [2012/11/16 15:54:08 | 007,973,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll
MOD - [2012/11/16 15:54:02 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll
MOD - [2010/06/28 17:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009/05/20 01:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/03/03 19:36:16 | 006,315,664 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/11 16:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/04/22 12:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/09 18:33:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/30 23:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/06/30 23:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/06/28 17:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/06/22 01:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 22:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/29 17:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/26 00:32:22 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/09 23:57:20 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010/05/20 01:10:44 | 000,076,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/05/11 05:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/28 01:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010/04/28 01:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/04/22 04:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/20 22:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/03 21:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 03:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/02 17:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/29 17:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV - [2012/08/02 13:57:30 | 000,056,136 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.sys -- (X5XSEx_Pr143)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5745&r=27361110c016l0463z135t4721k894
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5745&r=27361110c016l0463z135t4721k894
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5745&r=27361110c016l0463z135t4721k894
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com...05931309&tb_oid=20-11-2010&tb_mrud=25-11-2010
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3319537312-2756757344-3939033949-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKU\S-1-5-21-3319537312-2756757344-3939033949-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3319537312-2756757344-3939033949-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3319537312-2756757344-3939033949-1001\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com...cationType=tb50-ie-aolTB50CL-chromesbox-en-us
IE - HKU\S-1-5-21-3319537312-2756757344-3939033949-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18
IE - HKU\S-1-5-21-3319537312-2756757344-3939033949-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3319537312-2756757344-3939033949-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@airarena/KMP: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Susan Baby\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/25 11:42:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/25 11:42:28 | 000,000,000 | ---D | M]

[2011/01/27 16:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susan Baby\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2012/11/16 19:42:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3319537312-2756757344-3939033949-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3319537312-2756757344-3939033949-1001\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe File not found
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\aol\1290214743\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-3319537312-2756757344-3939033949-1001..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-3319537312-2756757344-3939033949-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Susan Baby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOL Desktop.lnk = C:\Program Files (x86)\Common Files\aol\Launch\aollaunch.exe (AOL Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3319537312-2756757344-3939033949-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3319537312-2756757344-3939033949-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3319537312-2756757344-3939033949-1001\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3319537312-2756757344-3939033949-1001\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F50F40B-7172-4454-AA68-07923038C98E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAC13957-79C3-426D-B2D8-4F7BD9FDD302}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\Windows\qvphook.dll (Inso Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/16 20:24:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Susan Baby\Desktop\OTL.exe
[2012/11/16 19:53:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/16 19:33:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/16 19:33:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/16 19:33:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/16 19:28:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/16 19:27:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/16 19:20:08 | 005,002,404 | R--- | C] (Swearware) -- C:\Users\Susan Baby\Desktop\ComboFix.exe
[2012/11/15 22:23:25 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Susan Baby\Desktop\aswMBR.exe
[2012/11/15 22:18:45 | 000,000,000 | ---D | C] -- C:\Users\Susan Baby\Desktop\RK_Quarantine
[2012/11/15 22:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/15 22:06:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/15 22:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/15 22:05:54 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Susan Baby\Desktop\mbam-setup-1.65.1.1000.exe
[2012/11/15 19:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012/11/15 19:53:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/11/15 18:16:30 | 000,000,000 | ---D | C] -- C:\Users\Susan Baby\Desktop\tdsskiller
[2012/11/14 19:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/14 18:38:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/11/14 16:58:39 | 000,000,000 | ---D | C] -- C:\Users\Susan Baby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/11/12 19:18:32 | 000,000,000 | ---D | C] -- C:\Users\Susan Baby\AppData\Local\LogMeIn Rescue Applet
[2012/11/12 17:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/11/12 15:03:29 | 000,000,000 | ---D | C] -- C:\Users\Susan Baby\AppData\Roaming\Malwarebytes
[2012/11/12 14:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/11/12 14:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLV_Runner
[2012/11/12 13:54:38 | 000,000,000 | ---D | C] -- C:\Users\Susan Baby\AppData\Local\NPE
[2012/11/12 12:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2012/10/21 17:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\GAMEON
[2012/10/21 17:42:06 | 000,000,000 | ---D | C] -- C:\Users\Susan Baby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
[2012/10/21 17:41:50 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2012/10/21 17:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Free Ride Games
[2012/10/21 17:41:45 | 000,057,824 | ---- | C] (Exent Technologies Ltd.) -- C:\Windows\ExentInfo.exe
[2012/10/21 17:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Ride Games
[2011/01/17 14:03:33 | 001,029,000 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Susan Baby\SkypeSetup.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[179 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/16 20:24:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Susan Baby\Desktop\OTL.exe
[2012/11/16 19:45:37 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/16 19:42:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/16 19:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/16 19:20:08 | 005,002,404 | R--- | M] (Swearware) -- C:\Users\Susan Baby\Desktop\ComboFix.exe
[2012/11/16 17:52:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/16 17:52:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/16 17:45:23 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/16 17:44:23 | 000,000,440 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/11/16 17:43:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/16 17:43:27 | 2962,300,928 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/16 16:19:41 | 000,001,301 | ---- | M] () -- C:\Users\Susan Baby\Desktop\Norton Installation Files.lnk
[2012/11/16 15:48:37 | 000,419,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/16 07:50:19 | 000,741,704 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/16 07:50:19 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/16 07:50:19 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/16 06:37:02 | 000,000,512 | ---- | M] () -- C:\Users\Susan Baby\Desktop\MBR.dat
[2012/11/15 22:23:25 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Susan Baby\Desktop\aswMBR.exe
[2012/11/15 22:16:07 | 000,673,280 | ---- | M] () -- C:\Users\Susan Baby\Desktop\RogueKiller.exe
[2012/11/15 22:06:55 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/15 22:06:02 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Susan Baby\Desktop\mbam-setup-1.65.1.1000.exe
[2012/11/15 07:06:57 | 002,195,061 | ---- | M] () -- C:\Users\Susan Baby\Desktop\tdsskiller.zip
[2012/11/14 20:48:48 | 000,302,592 | ---- | M] () -- C:\Users\Susan Baby\Desktop\hcj24779.exe
[2012/11/14 19:15:51 | 000,000,173 | ---- | M] () -- C:\Windows\wininit.ini
[2012/11/14 18:09:14 | 314,152,007 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/06 22:09:12 | 000,002,710 | ---- | M] () -- C:\Users\Susan Baby\Desktop\BBG.html
[2012/11/06 22:06:13 | 000,100,484 | ---- | M] () -- C:\Users\Susan Baby\Desktop\I-90.pdf
[2012/11/05 22:18:44 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/10/27 16:16:07 | 000,001,961 | ---- | M] () -- C:\Users\Susan Baby\Desktop\Play Jewel Charm.lnk
[2012/10/22 16:14:01 | 000,835,336 | ---- | M] () -- C:\Users\Susan Baby\Desktop\OppOnFinal.pdf
[2012/10/21 17:41:57 | 000,002,038 | ---- | M] () -- C:\Users\Public\Desktop\Play Free Games.lnk
[2012/10/21 17:41:57 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\More FREE games.lnk
[2012/10/21 17:41:54 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[179 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/16 19:33:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/16 19:33:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/16 19:33:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/16 19:33:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/16 19:33:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/16 07:48:04 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/16 06:37:02 | 000,000,512 | ---- | C] () -- C:\Users\Susan Baby\Desktop\MBR.dat
[2012/11/15 22:16:06 | 000,673,280 | ---- | C] () -- C:\Users\Susan Baby\Desktop\RogueKiller.exe
[2012/11/15 22:06:55 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/15 07:06:53 | 002,195,061 | ---- | C] () -- C:\Users\Susan Baby\Desktop\tdsskiller.zip
[2012/11/14 20:48:47 | 000,302,592 | ---- | C] () -- C:\Users\Susan Baby\Desktop\hcj24779.exe
[2012/11/14 19:01:56 | 000,000,173 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/14 16:58:39 | 000,001,301 | ---- | C] () -- C:\Users\Susan Baby\Desktop\Norton Installation Files.lnk
[2012/11/06 22:09:12 | 000,002,710 | ---- | C] () -- C:\Users\Susan Baby\Desktop\BBG.html
[2012/11/06 22:06:13 | 000,100,484 | ---- | C] () -- C:\Users\Susan Baby\Desktop\I-90.pdf
[2012/11/05 22:18:43 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/10/22 16:14:00 | 000,835,336 | ---- | C] () -- C:\Users\Susan Baby\Desktop\OppOnFinal.pdf
[2012/10/21 17:42:06 | 000,001,961 | ---- | C] () -- C:\Users\Susan Baby\Desktop\Play Jewel Charm.lnk
[2012/10/21 17:41:57 | 000,002,038 | ---- | C] () -- C:\Users\Public\Desktop\Play Free Games.lnk
[2012/10/21 17:41:57 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\More FREE games.lnk
[2012/10/21 17:41:54 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/04/01 20:48:13 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2012/03/31 19:25:11 | 000,003,584 | ---- | C] () -- C:\Users\Susan Baby\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/28 21:35:35 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/02/02 22:12:34 | 000,003,285 | ---- | C] () -- C:\Users\Susan Baby\Ing08Nick.csv
[2011/02/02 22:10:45 | 000,003,289 | ---- | C] () -- C:\Users\Susan Baby\Ing08Liz.csv
[2011/01/17 14:10:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/04 00:11:10 | 000,743,994 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/25 11:39:07 | 000,226,727 | ---- | C] () -- C:\Windows\hpwins20.dat
[2010/11/25 11:39:07 | 000,001,360 | ---- | C] () -- C:\Windows\hpwmdl20.dat
[2010/11/25 11:29:10 | 331,292,744 | ---- | C] () -- C:\Users\Susan Baby\OJJ4600_Full_13.exe
[2010/11/19 19:56:35 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/11/21 15:08:32 | 000,000,000 | ---D | M] -- C:\Users\Susan Baby\AppData\Roaming\acccore
[2012/03/21 18:53:08 | 000,000,000 | ---D | M] -- C:\Users\Susan Baby\AppData\Roaming\calibre
[2011/05/29 19:13:33 | 000,000,000 | ---D | M] -- C:\Users\Susan Baby\AppData\Roaming\iWin
[2012/03/31 19:22:20 | 000,000,000 | ---D | M] -- C:\Users\Susan Baby\AppData\Roaming\MusicNet
[2011/06/05 19:06:54 | 000,000,000 | ---D | M] -- C:\Users\Susan Baby\AppData\Roaming\PowerCinema
[2012/05/08 15:20:56 | 000,000,000 | ---D | M] -- C:\Users\Susan Baby\AppData\Roaming\SoftGrid Client
[2011/01/03 00:29:24 | 000,000,000 | ---D | M] -- C:\Users\Susan Baby\AppData\Roaming\Tific
[2010/12/04 00:12:44 | 000,000,000 | ---D | M] -- C:\Users\Susan Baby\AppData\Roaming\TP
[2012/08/06 22:17:46 | 000,000,000 | ---D | M] -- C:\Users\Susan Baby\AppData\Roaming\WildTangent

========== Purity Check ==========


< End of report >

 

[Susan1112]

TEXT LOG


OTL Extras logfile created on: 11/16/2012 8:25:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Susan Baby\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 60.06% Memory free
7.36 Gb Paging File | 5.73 Gb Available in Paging File | 77.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.07 Gb Total Space | 515.47 Gb Free Space | 88.56% Space Free | Partition Type: NTFS

Computer Name: SUSANBABY-PC | User Name: Susan Baby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0290E284-CB7E-4CFA-8B8D-AAC22DA96011}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0C5F4222-6EBD-4E6B-93CC-BA85E4A04120}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1147E32A-5700-4448-A67D-EEADFCD15EE4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{14B41A51-7598-49F7-917C-340B3F7669C5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{16B449E7-712C-40F7-939E-2A733E3A8AE6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1CDF0CAB-870F-4183-A423-93FD6FA5B66D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{21A82F26-E5BA-4F39-BC98-69E11D634A33}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2348B3D2-C770-40AF-826E-02FEA09C23AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{33CF52FE-A55B-47A8-8A03-BC151639CC0D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{468E7C77-534B-489F-A64F-157E70470A5E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4D3A86B4-C9A1-402F-8F4A-627FF969F3A4}" = rport=445 | protocol=6 | dir=out | app=system |
"{4F064210-426D-4CF4-8043-4D154A1D5A71}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{536107A8-D131-4810-8EF7-0BE866F32F8A}" = lport=138 | protocol=17 | dir=in | app=system |
"{5C020AB4-C964-4CCE-910D-70D7E178BD9E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5F98D3BD-9348-46F4-BC3F-08B11088EC56}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{601CA40D-FEA9-43B6-A386-C329521C7DEB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6220621E-885F-4191-B36D-EF0751E3C654}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{62572B3C-13C2-4868-A993-E9F813494B9A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{63AEEF86-BA5F-471A-BC93-8B7C576684C2}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6C4328F6-AEF7-459C-ADF8-BD392A441515}" = rport=2869 | protocol=6 | dir=out | app=system |
"{6D5252A0-F8A5-454B-ABD7-A9F105E3F6F4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6E20FEF9-921F-4BE2-A805-F9BA9FD75DC7}" = rport=137 | protocol=17 | dir=out | app=system |
"{6FE1334C-CFA0-41FC-A017-2C7DCC43B19E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{712AC9C0-B2BF-4E1A-8879-FC6807456665}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7709FB3D-CCC4-4138-84CF-825CD058EBCC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A7056FC-584E-4A58-A983-F8A0322CBA0F}" = lport=445 | protocol=6 | dir=in | app=system |
"{7B3A964D-49F0-4044-8211-BBC87FDBA4BD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8100B5A0-6DDA-4201-B287-6EF964DEFF31}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{842013B3-B504-4D01-8863-2EB5C174F34A}" = lport=137 | protocol=17 | dir=in | app=system |
"{87A2D8D3-C868-4156-A37F-6F945BA80FFE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8E43E32E-EFED-4EAE-AC7F-112C344004F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8F96D1C6-0AB9-4FF7-A814-27F3010AC2FD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{95974973-B9BB-4220-AFE7-F4FBDDF74153}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A333E093-C6FC-4395-8398-F8A53FC1BC18}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AFB6DE79-7F89-47E2-B0AA-8E92D2792984}" = rport=139 | protocol=6 | dir=out | app=system |
"{B0CDD8CB-3D22-4948-9021-6687FDEC8A0D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B392C9B9-47A9-4B93-A05F-47831AE4A9FB}" = rport=138 | protocol=17 | dir=out | app=system |
"{B83F610C-2984-46C3-BF20-088291B291A8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D7C1673C-4E5F-4329-B7AA-1DCC31453A9A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB1AFBD1-E6C3-4F90-914E-9AB2A033A984}" = lport=139 | protocol=6 | dir=in | app=system |
"{DD5D844F-D394-4D51-9ED4-86A5CF8FA059}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DE75D33C-6B4E-478A-B283-A798491E873B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E37B1394-79B4-4288-AB31-50BA18C2D89E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E667BC9C-48C9-4694-AB38-2B1C42C5A945}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029D5407-5943-4138-8B4C-EC627BCFF399}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1290214743\ee\aolsoftware.exe |
"{02D77A05-3FA6-436A-B7E9-B526D2CA9FB6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{03058A83-2E12-4842-8289-7119CBB20417}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{03CDCA5B-344A-4BEC-ADC5-96C408DABF49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{03E80635-1279-495F-9AAE-48B624A09EE6}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{08579DDF-3AFB-4EE7-99A3-8DDA314E59CD}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe |
"{0E48FC25-2002-406C-AB26-F41A25838961}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{12EF0B0D-7CB5-4FF1-9501-FCF7A64985F3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{13514A22-B8F2-4A6D-A78A-6F4E6C1DC9BC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{17341101-E1DB-439F-991B-0277A97A8D4A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{1DE9CFBC-6C2A-426C-BDBA-601E78A19343}" = protocol=6 | dir=out | app=system |
"{1EAF7967-E24D-475D-9C2A-4177F57455C9}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe |
"{1F83518B-1348-4037-8FD2-F0541FE83E69}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{211989EA-9E79-4F06-BB20-F03F376A50E4}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{2127E6F9-CE3A-43C8-B824-6431CE2D73BB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2152207C-62BE-4892-A133-685FA2DBBF45}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{26322184-5703-42CB-9E76-E9C7F71C49CB}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{296B8AC5-E20B-4883-9F5C-C80951F9AD79}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{2B9D61DF-6E36-432F-9697-B99E0DF13BE5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{3054697F-23A1-44EF-89ED-97724E3ED41B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe |
"{36683706-7CB5-4561-96EC-67EE9CD9CC6F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{38DE2077-0D71-4DC9-8FAD-F2254C614693}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{41B16245-7FFC-4424-A6D4-275A0A2FB2C0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{469EC37B-85E7-473D-906A-08E98FF20C1F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |
"{48323E95-3F42-4C90-BAFD-0832CC4FF8F3}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1290214743\ee\aoldesktop.exe |
"{4B8A02F7-561A-47AE-AFD8-54D5FA677357}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{4F1887DE-4BA9-4EDF-AE64-AFCE6409A438}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe |
"{52BEADC6-6843-47E2-B013-0A73C4D79607}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{59A41AD8-D8C4-427F-94DA-FE1788296CC4}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{5AEC86DD-43E0-481C-8364-916B8DD34E19}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{5B2E9834-586E-49AA-8DCF-6A71F43A4D0A}" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.5\waol.exe |
"{5D584C51-D287-4D37-92A8-EC85F503ABF2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{61FEE022-F2FB-4D1E-9555-228017A7212A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe |
"{6873BA42-681C-4B1D-A601-73E26D944AFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{741889E2-54FF-4F23-9613-E8692C73F20F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{7776B154-0072-4044-AE1E-B5A3B3BC938B}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{792658C9-212A-4039-AC4A-1830FD03B126}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{7BC10563-9E29-4D00-9A31-3786D4B297A0}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.6a\waol.exe |
"{7FA9C924-8DC2-454C-BD3A-7CB81C8A80C9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7FAC2120-A068-4C58-970E-8DF39798A5AA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{83F188D9-CF11-4321-BC01-D88A39486EA2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{842710D6-0AE1-4FD0-841F-A6BB9FD22AE4}" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.5\waol.exe |
"{85222CAA-95DF-4799-B4C4-F05BD7555E9C}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe |
"{877913A8-1112-481F-8F6C-FAEB7CC657BD}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{8B5707DF-F18F-4DDA-853E-58B3AB3DA6D2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{8BECEEFD-8D13-4641-A0AB-C83FF09F1807}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{8DA66534-3B7B-4E49-9555-D622E136EC04}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{90E1DCB1-5743-436C-BF26-916C89975F10}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{9195C6EB-842E-4D2B-B425-7A225E3B3B35}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{9236C7CE-96F0-4D13-8182-31B260E5177D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9464BD91-8312-4ED2-A6BE-7B33B344087A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9BC4470D-8F54-4EA7-A1AE-8D37E9825FE3}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{9E7A8D52-1E85-4F8F-A90C-9D6828349627}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A08869CA-E5C0-45AA-B23A-6CE8EAF17164}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{A34C1ACA-AE83-4C8A-AD1B-9E5BAABB910B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{A3D0AE93-2E48-4684-84A9-98140D927D71}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{A6F4371E-F55C-4F95-AB3E-52A4615F5CEB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{A70F370B-48CC-489D-8EA0-28277FD977A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7338FD6-752E-4303-BB20-B74C7541499E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{AC46EA49-A47D-438B-B55C-E94F548B3C88}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{ACE45123-6AAF-4FAE-8E94-D3F8EA06076A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{B21D19FD-F3DC-4DBC-801E-4C4FD1850A7D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1290214743\ee\aolsoftware.exe |
"{B3010AA0-1277-4FDC-9851-B65BEFE2B7A5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B35759B4-4FA7-44DE-8D52-5C1611989241}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B56DFDEF-477A-4B44-97AB-48B2E1603E45}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{B5B315DE-DB8A-4819-8B1A-85ED69D9F53E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B6BBC284-3C53-4F22-8DB4-834FE3731D31}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B6BF5DF3-6A8A-4257-A7DF-D40AD8F2565D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |
"{B6E6BF6A-4E24-4E17-92BF-233DEC5D29EC}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1290214743\ee\aoldesktop.exe |
"{B745DB4B-8C42-4A03-A460-7E72185B4C4C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{BBA1E0D9-6DC3-4F6C-9EF8-A87D53CDC132}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BC338C25-E9B5-4006-93FE-3AE0C50050A5}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{BE4EA493-B488-4981-A66A-1462A3A5C444}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{BEBFD134-C239-4446-9E0A-AB53147232D1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C072A8D2-5572-4770-802B-8BE04B035B4F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C4277985-E849-4597-B69E-462614723B95}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{C4B86307-5E5A-4F61-92B7-C9C7B9C79027}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{C7983660-240A-40AA-9072-494BEBC0B7DC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{C8921949-CAE3-48E6-B7D1-FD08041D0E02}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.6a\aolbrowser\aolbrowser.exe |
"{CE23A7E2-08CB-45F0-8B1B-99AFA11EBE67}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE79A026-C84D-4C44-B074-D2E32A7B3F02}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CF13CE2D-2D15-4E7D-98E9-88007A7892A0}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{D151A69F-4A1F-4226-AA2C-76025CABC2A4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D349D373-2E0A-43AD-975E-B49E347CC833}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D3E5304E-9316-4E56-A89C-26A17601BA6D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{EA4E44E2-5B81-4B23-997B-0F853B021E3D}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.6a\waol.exe |
"{EAFA6418-ADE1-4C92-AA56-7F7683175E93}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EE35D3F8-39C0-4F72-9193-2B4F9AD3C4BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F21003DA-8AB3-4F9E-8CAF-9B0BB8023AD8}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F3EA59EC-DD87-4A4E-9EBB-86E0E470EA94}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{F7950C81-5F07-4211-B88E-8C1D073382DF}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.6a\aolbrowser\aolbrowser.exe |
"{F982A5EA-5AD8-474A-AE2D-619086909F8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
"{CDDE4895-E348-4230-99E7-F2FA91131D2C}" = HP OfficeJet J4600 All-In-One Series
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F3DFFAB-6DDA-42DA-A22C-F45C697B7812}" = calibre
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"8c3cfdea177ce6978a8bfab75bc5aec2" = Jewel Quest II
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Regclient" = AOL Registration
"AOL Toolbar" = AOL Toolbar
"AOL Toolbar for Firefox" = AOL Toolbar for Firefox
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Carbonite Backup" = Carbonite
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Picasa 3" = Picasa 3
"QVP" = Quick View Plus
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WT088300" = Bejeweled 2 Deluxe
"WT088318" = Diner Dash 2 Restaurant Rescue
"WT088350" = Jewel Quest Solitaire 2
"WT088413" = FATE
"WT088653" = Jewel Quest - Heritage

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3319537312-2756757344-3939033949-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AOL Toolbar" = AOL Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/12/2011 4:56:27 PM | Computer Name = SusanBaby-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 64503808

Error - 12/12/2011 4:56:27 PM | Computer Name = SusanBaby-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 64503808

Error - 12/12/2011 5:39:13 PM | Computer Name = SusanBaby-PC | Source = Application Error | ID = 1000
Description = Faulting application name: aoltbServer.exe, version: 5.74.1.6761,
time stamp: 0x4da4527c Faulting module name: aoltbServer.exe, version: 5.74.1.6761,
time stamp: 0x4da4527c Exception code: 0xc0000005 Fault offset: 0x0001decc Faulting
process id: 0x754 Faulting application start time: 0x01ccb9167b621e44 Faulting application
path: c:\program files (x86)\aol toolbar\aoltbServer.exe Faulting module path: c:\program
files (x86)\aol toolbar\aoltbServer.exe Report Id: bb798eec-2509-11e1-8737-00038a000015

Error - 12/12/2011 11:46:53 PM | Computer Name = SusanBaby-PC | Source = VSS | ID = 13
Description =

Error - 12/12/2011 11:46:53 PM | Computer Name = SusanBaby-PC | Source = VSS | ID = 13
Description =

Error - 12/12/2011 11:46:53 PM | Computer Name = SusanBaby-PC | Source = VSS | ID = 8193
Description =

Error - 12/14/2011 9:20:42 PM | Computer Name = SusanBaby-PC | Source = Application Error | ID = 1000
Description = Faulting application name: aoltbServer.exe, version: 5.74.1.6761,
time stamp: 0x4da4527c Faulting module name: aoltbServer.exe, version: 5.74.1.6761,
time stamp: 0x4da4527c Exception code: 0xc0000005 Fault offset: 0x0001decc Faulting
process id: 0x1bd0 Faulting application start time: 0x01ccbac7c09d6c7f Faulting application
path: c:\program files (x86)\aol toolbar\aoltbServer.exe Faulting module path: c:\program
files (x86)\aol toolbar\aoltbServer.exe Report Id: 00dc98fe-26bb-11e1-b2de-00038a000015

Error - 12/15/2011 5:18:23 PM | Computer Name = SusanBaby-PC | Source = Application Error | ID = 1000
Description = Faulting application name: aoltbServer.exe, version: 5.74.1.6761,
time stamp: 0x4da4527c Faulting module name: aoltbServer.exe, version: 5.74.1.6761,
time stamp: 0x4da4527c Exception code: 0xc0000005 Fault offset: 0x0001decc Faulting
process id: 0x1aac Faulting application start time: 0x01ccbb6f11ba066d Faulting application
path: c:\program files (x86)\aol toolbar\aoltbServer.exe Faulting module path: c:\program
files (x86)\aol toolbar\aoltbServer.exe Report Id: 519cab6f-2762-11e1-a023-00038a000015

Error - 12/17/2011 3:23:21 PM | Computer Name = SusanBaby-PC | Source = Application Error | ID = 1000
Description = Faulting application name: aoltbServer.exe, version: 5.74.1.6761,
time stamp: 0x4da4527c Faulting module name: aoltbServer.exe, version: 5.74.1.6761,
time stamp: 0x4da4527c Exception code: 0xc0000005 Fault offset: 0x0001decc Faulting
process id: 0x408 Faulting application start time: 0x01ccbcf153a2cca8 Faulting application
path: c:\program files (x86)\aol toolbar\aoltbServer.exe Faulting module path: c:\program
files (x86)\aol toolbar\aoltbServer.exe Report Id: 94a0675c-28e4-11e1-9ed5-00038a000015

Error - 12/18/2011 1:46:18 AM | Computer Name = SusanBaby-PC | Source = VSS | ID = 13
Description =

[ Media Center Events ]
Error - 5/17/2012 7:04:18 AM | Computer Name = SusanBaby-PC | Source = MCUpdate | ID = 0
Description = 7:03:57 AM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

Error - 5/18/2012 9:44:22 AM | Computer Name = SusanBaby-PC | Source = MCUpdate | ID = 0
Description = 9:44:21 AM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

Error - 5/19/2012 11:01:22 AM | Computer Name = SusanBaby-PC | Source = MCUpdate | ID = 0
Description = 11:00:40 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/20/2012 10:20:20 AM | Computer Name = SusanBaby-PC | Source = MCUpdate | ID = 0
Description = 10:20:20 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/20/2012 11:35:39 AM | Computer Name = SusanBaby-PC | Source = MCUpdate | ID = 0
Description = 11:34:52 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/20/2012 2:49:06 PM | Computer Name = SusanBaby-PC | Source = MCUpdate | ID = 0
Description = 2:48:48 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/21/2012 9:58:05 PM | Computer Name = SusanBaby-PC | Source = MCUpdate | ID = 0
Description = 9:58:05 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 9:15:51 PM | Computer Name = SusanBaby-PC | Source = MCUpdate | ID = 0
Description = 9:15:39 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 9/9/2012 12:15:53 AM | Computer Name = SusanBaby-PC | Source = MCUpdate | ID = 0
Description = 12:15:48 AM - Error connecting to the internet. 12:15:48 AM - Unable
to contact server..

Error - 9/15/2012 12:54:01 PM | Computer Name = SusanBaby-PC | Source = MCUpdate | ID = 0
Description = 12:54:00 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

[ OSession Events ]
Error - 9/5/2012 6:15:29 PM | Computer Name = SusanBaby-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 807
seconds with 660 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/15/2012 8:53:57 PM | Computer Name = SusanBaby-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/15/2012 8:53:57 PM | Computer Name = SusanBaby-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/15/2012 9:04:30 PM | Computer Name = SusanBaby-PC | Source = Service Control Manager | ID = 7031
Description = The CarboniteService service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 11/15/2012 9:05:30 PM | Computer Name = SusanBaby-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the CarboniteService service,
but this action failed with the following error: %%1056

Error - 11/16/2012 6:43:33 PM | Computer Name = SusanBaby-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:35:04 PM on ?11/?16/?2012 was unexpected.

Error - 11/16/2012 8:27:54 PM | Computer Name = SusanBaby-PC | Source = Service Control Manager | ID = 7034
Description = The hpqcxs08 service terminated unexpectedly. It has done this 1
time(s).

Error - 11/16/2012 8:27:54 PM | Computer Name = SusanBaby-PC | Source = Service Control Manager | ID = 7034
Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/16/2012 8:39:14 PM | Computer Name = SusanBaby-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 11/16/2012 8:42:10 PM | Computer Name = SusanBaby-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 11/16/2012 8:42:57 PM | Computer Name = SusanBaby-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >

 

[Broni]

Your passwords will have to be changed but only when we're done.

When you're done with OTL fix listed below see if Norton will install.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKU\S-1-5-21-3319537312-2756757344-3939033949-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
  O4 - HKLM..\Run: [] File not found
  O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
  O15 - HKU\S-1-5-21-3319537312-2756757344-3939033949-1001\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
  O15 - HKU\S-1-5-21-3319537312-2756757344-3939033949-1001\..Trusted Domains: localhost ([]* in Local intranet)
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=============================

Now, try to reinstall Norton.

Then...last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

• Double click on adwcleaner.exe to run the tool.
• Click on Uninstall.
• Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Susan1112]

OTL Run Fix LOG


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3319537312-2756757344-3939033949-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3319537312-2756757344-3939033949-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3319537312-2756757344-3939033949-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Die Kinder
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Die Kinder.SusanBaby-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: John
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: John.SusanBaby-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Public
->Temp folder emptied: 0 bytes

User: S Brown
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: S Brown.SusanBaby-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Susan Baby
->Temp folder emptied: 107413100 bytes
->Temporary Internet Files folder emptied: 127469346 bytes
->Java cache emptied: 12990613 bytes
->Flash cache emptied: 554 bytes

User: TEMP
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4172864 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3677 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128857893 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 100867 bytes
RecycleBin emptied: 4785376 bytes

Total Files Cleaned = 368.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Die Kinder

User: Die Kinder.SusanBaby-PC

User: John

User: John.SusanBaby-PC

User: Public

User: S Brown

User: S Brown.SusanBaby-PC

User: Susan Baby
->Java cache emptied: 0 bytes

User: TEMP

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Die Kinder
->Flash cache emptied: 0 bytes

User: Die Kinder.SusanBaby-PC
->Flash cache emptied: 0 bytes

User: John
->Flash cache emptied: 0 bytes

User: John.SusanBaby-PC
->Flash cache emptied: 0 bytes

User: Public

User: S Brown
->Flash cache emptied: 0 bytes

User: S Brown.SusanBaby-PC
->Flash cache emptied: 0 bytes

User: Susan Baby
->Flash cache emptied: 0 bytes

User: TEMP

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11162012_210001
Files\Folders moved on Reboot...
C:\Users\Susan Baby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZZ4SD4JI\page-2[1].htm moved successfully.
C:\Users\Susan Baby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6O3DHMS4\rtwie[1].htm moved successfully.
C:\Users\Susan Baby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6O3DHMS4\signin[1].htm moved successfully.
C:\Users\Susan Baby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\68ASUOVB\CashCardFormView[1].htm moved successfully.
C:\Users\Susan Baby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\68ASUOVB\MultipleShipmentOrderSummaryView[1].htm moved successfully.
C:\Users\Susan Baby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\Users\Susan Baby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{18C15C94-FF75-426E-8C16-DD32F681E9D5}.tmp not found!
File\Folder C:\Users\Susan Baby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{57CB0B26-E4CB-4F78-ABA0-640AD60FBA3D}.tmp not found!
File\Folder C:\Users\Susan Baby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6DFE8BC3-859B-422E-882C-6948A3955EB0}.tmp not found!
File\Folder C:\Users\Susan Baby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C23C0138-319D-4C47-B07E-DC2BFF408BB8}.tmp not found!
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...