Jump to content

Recurring Message: "Windows 7 Build 7601 Not a genuine version of Windows"


Recommended Posts

Hi,

I have run MAM as well as McAfee several times, both say I have no infection. However, spontaneously, after being online for awhile, the message in my title is displayed on my desktop. Once the message shows up, my computer doesn't act right, and McAfee randomly shuts off. I'm not sure if I am infected with something or not. I followed the forum directions and the reports generated are below:DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2

Run by Ann at 17:41:23 on 2012-12-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8172.5054 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

c:\PROGRA~2\mcafee\SITEAD~1\saui.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.insightbb.com/

uWindow Title = Internet Explorer, optimized for Bing and MSN

mStart Page = hxxp://acer.msn.com

mDefault_Page_URL = hxxp://acer.msn.com

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

mWinlogon: Userinit = userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120626214502.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: ReadKiddoRead Giving Assistant: {96C9D85F-79BE-2CC6-4A70-9FDBE6E83105} - C:\Program Files (x86)\ReadKiddoRead Giving Assistant\bho32.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab

DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: NameServer = 74.128.17.114 74.128.19.102

TCP: Interfaces\{15879CE4-7E4D-444A-92FC-92B6C0AD6FBB} : DHCPNameServer = 74.128.17.114 74.128.19.102

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://acer.msn.com

x64-mDefault_Page_URL = hxxp://acer.msn.com

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120626214502.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 752672]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-13 335784]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-7-20 22648]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-7-20 20520]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-7-20 62776]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-20 204288]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-17 13336]

R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-7-20 244624]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-25 201304]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-25 201304]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-25 201304]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-25 201304]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-7-20 237920]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-7-20 218320]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-7-20 177144]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-11-21 231440]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-13 69672]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-6-30 54784]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-6-30 77696]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-13 300392]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-13 513456]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-17 533096]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-17 2656280]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]

S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-4-2 173424]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-25 196440]

S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-7-20 224704]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-13 106112]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-3 1255736]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-25 201304]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-12-01 16:20:06 -------- d-----w- C:\Program Files (x86)\ReadKiddoRead Giving Assistant

2012-11-28 05:42:55 -------- d-----w- C:\Users\Ann\AppData\Roaming\Jewel Match 3

2012-11-15 08:08:53 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-11-15 08:08:53 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-11-15 08:08:53 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-11-15 08:08:53 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-15 08:03:22 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-11-15 08:03:22 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-11-15 08:03:22 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-11-15 08:03:22 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-11-15 08:03:22 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-11-15 08:03:22 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-11-15 08:03:22 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

.

==================== Find3M ====================

.

2012-11-14 01:23:33 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-14 01:23:33 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-09-25 03:16:33 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

.

============= FINISH: 17:41:48.79 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 5/1/2012 6:02:37 AM

System Uptime: 12/1/2012 4:26:51 PM (1 hours ago)

.

Motherboard: Acer | | Aspire M3970G

Processor: Intel® Core i5-2320 CPU @ 3.00GHz | CPU 1 | 3001/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 914 GiB total, 872.746 GiB free.

D: is CDROM (CDFS)

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Acer eRecovery Management

Acer Games

Acer Registration

Acer ScreenSaver

Acer Updater

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4) MUI

Adobe Shockwave Player 11.6

Agatha Christie - Death on the Nile

AMD APP SDK Runtime

AMD AVIVO64 Codecs

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

Bejeweled 2 Deluxe

Bing Bar

Build-a-lot 4 - Power Source

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chronicles of Albian

clear.fi Client

Coupon Printer for Windows

Cradle of Rome 2

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dora's World Adventure

Etron USB3.0 Host Controller

Final Drive: Nitro

Galerie de photos Windows Live

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Governor of Poker 2 Premium Edition

Hotkey Utility

HP Deskjet 1000 J110 series Basic Device Software

HP Deskjet 1000 J110 series Help

HP Deskjet 1000 J110 series Product Improvement Study

HP Photo Creations

HP Update

Identity Card

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java 7 Update 9

Java Auto Updater

Java 6 Update 31

JavaFX 2.1.1

Jewel Match 3

Junk Mail filter update

Malwarebytes Anti-Malware version 1.65.1.1000

McAfee Internet Security Suite

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery of Mortlake Mansion

MyWinLocker

MyWinLocker 4

MyWinLocker Suite

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero Express 10

Nero Express 10 Help (CHM)

Nero Multimedia Suite 10 Essentials

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Update

Penguins!

Plants vs. Zombies - Game of the Year

Polar Bowler

Polar Golfer

ReadKiddoRead Giving Assistant (remove only)

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

Shared C Run-time for x64

Shredder

Skype™ 5.10

swMSM

Times Reader

Torchlight

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Update Installer for WildTangent Games App

Virtual Villagers 5 - New Believers

Welcome Center

WildTangent Games App (Acer Games)

Windows Live

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

12/1/2012 9:48:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.

12/1/2012 4:35:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application User Notification Service service to connect.

12/1/2012 4:35:03 PM, Error: Service Control Manager [7000] - The Intel® Management and Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/1/2012 4:34:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

12/1/2012 4:33:08 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

12/1/2012 4:31:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

12/1/2012 4:31:02 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/1/2012 4:29:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Nero Update service to connect.

12/1/2012 12:05:52 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

12/1/2012 12:05:46 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

12/1/2012 12:04:55 PM, Error: Service Control Manager [7022] - The Security Center service hung on starting.

11/29/2012 5:57:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

11/29/2012 5:56:29 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

11/27/2012 7:05:03 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243

11/27/2012 6:27:40 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).

11/27/2012 6:27:40 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/27/2012 6:27:40 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/27/2012 6:27:40 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/27/2012 6:27:40 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/27/2012 6:27:40 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/27/2012 6:27:40 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

11/27/2012 6:27:40 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/27/2012 6:27:40 PM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/27/2012 6:27:40 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/27/2012 6:27:40 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/26/2012 3:44:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee McShield service to connect.

11/26/2012 3:44:59 PM, Error: Service Control Manager [7000] - The McAfee McShield service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/26/2012 3:35:06 PM, Error: Service Control Manager [7038] - The mfevtp service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

11/26/2012 3:35:06 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The service did not start due to a logon failure.

11/26/2012 3:35:06 PM, Error: Service Control Manager [7000] - The McAfee Validation Trust Protection Service service failed to start due to the following error: The service did not start due to a logon failure.

11/25/2012 1:49:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.

11/25/2012 1:49:03 PM, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Thanks in advance for help and/or advice

Link to post
Share on other sites

Hello mrbinky,

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of C:\AdwCleaner[R1].txt;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

And tell me, if this system was purchased new and if it came preloaded with Windows 7 ?

and if so, what is the brand of this computer ?

Link to post
Share on other sites

Hi Maurice,

I completed Step 1, but I am stuck on Step 2 : "Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK."

I don't have a computer icon on my desktop. I click on the Start icon in my lower toolbar, then click on Computer in the right side list, but there is no "Tools" option. How do I get to where you are wanting me to go?

In response to your final question, I bought the computer pre-loaded with Windows 7, and it is an Acer computer.

Thanks,

mrbinky88

Link to post
Share on other sites

Press Windows-key + R key to get to RUN menu.

Type in

explorer.exe

and press Enter-key to start Windows Explorer and do the items listed above -- to set view all files

and then proceed to do all the other steps I outlined.

Post all logs I requested {Copy & Paste}

Link to post
Share on other sites

Please go slow and careful. You are there in Windows Explorer, but you are looking at the wrong spot.

In Windows Explorer:

From the menu options, Select Tools, then Folder Options.

Next click the View tab.

Locate and uncheck Hide file extensions for known file types.

Locate and uncheck Hide protected operating system files (Recommended).

Locate and click Show hidden files and folders and drives.

Click Apply > OK.

Link to post
Share on other sites

AdWare:

# AdwCleaner v2.011 - Logfile created 12/05/2012 at 06:26:56

# Updated 02/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Ann - ANN-PC

# Boot Mode : Normal

# Running from : C:\Users\Ann\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\Ann\AppData\Local\TempDir

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\Cr_Installer

Key Found : HKLM\Software\Freeze.com

Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Ann\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1023 octets] - [05/12/2012 06:26:56]

########## EOF - C:\AdwCleaner[R1].txt - [1083 octets] ##########

TDSSKiller -

06:31:43.0946 3904 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

06:31:44.0367 3904 ============================================================

06:31:44.0367 3904 Current date / time: 2012/12/05 06:31:44.0367

06:31:44.0367 3904 SystemInfo:

06:31:44.0367 3904

06:31:44.0367 3904 OS Version: 6.1.7601 ServicePack: 1.0

06:31:44.0367 3904 Product type: Workstation

06:31:44.0367 3904 ComputerName: ANN-PC

06:31:44.0367 3904 UserName: Ann

06:31:44.0367 3904 Windows directory: C:\Windows

06:31:44.0367 3904 System windows directory: C:\Windows

06:31:44.0367 3904 Running under WOW64

06:31:44.0367 3904 Processor architecture: Intel x64

06:31:44.0367 3904 Number of processors: 4

06:31:44.0367 3904 Page size: 0x1000

06:31:44.0367 3904 Boot type: Normal boot

06:31:44.0367 3904 ============================================================

06:31:44.0820 3904 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

06:31:44.0851 3904 ============================================================

06:31:44.0851 3904 \Device\Harddisk0\DR0:

06:31:44.0851 3904 MBR partitions:

06:31:44.0851 3904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2200800, BlocksNum 0x32000

06:31:44.0851 3904 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2232800, BlocksNum 0x724D3800

06:31:44.0851 3904 ============================================================

06:31:44.0867 3904 C: <-> \Device\Harddisk0\DR0\Partition2

06:31:44.0867 3904 ============================================================

06:31:44.0867 3904 Initialize success

06:31:44.0867 3904 ============================================================

06:31:47.0534 1052 ============================================================

06:31:47.0534 1052 Scan started

06:31:47.0534 1052 Mode: Manual;

06:31:47.0534 1052 ============================================================

06:31:47.0815 1052 ================ Scan system memory ========================

06:31:47.0815 1052 System memory - ok

06:31:47.0815 1052 ================ Scan services =============================

06:31:47.0987 1052 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

06:31:47.0987 1052 1394ohci - ok

06:31:48.0002 1052 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

06:31:48.0002 1052 ACPI - ok

06:31:48.0033 1052 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

06:31:48.0033 1052 AcpiPmi - ok

06:31:48.0143 1052 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

06:31:48.0143 1052 AdobeARMservice - ok

06:31:48.0267 1052 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

06:31:48.0267 1052 AdobeFlashPlayerUpdateSvc - ok

06:31:48.0314 1052 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

06:31:48.0314 1052 adp94xx - ok

06:31:48.0345 1052 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

06:31:48.0345 1052 adpahci - ok

06:31:48.0377 1052 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

06:31:48.0377 1052 adpu320 - ok

06:31:48.0423 1052 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

06:31:48.0423 1052 AeLookupSvc - ok

06:31:48.0470 1052 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

06:31:48.0470 1052 AFD - ok

06:31:48.0501 1052 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

06:31:48.0501 1052 agp440 - ok

06:31:48.0517 1052 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

06:31:48.0517 1052 ALG - ok

06:31:48.0533 1052 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

06:31:48.0533 1052 aliide - ok

06:31:48.0564 1052 [ 812349D328EB406815183A5D17B49E7C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

06:31:48.0579 1052 AMD External Events Utility - ok

06:31:48.0579 1052 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

06:31:48.0579 1052 amdide - ok

06:31:48.0595 1052 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

06:31:48.0595 1052 AmdK8 - ok

06:31:48.0767 1052 [ 0415FFE1B6A6EA141FEAFCA57567F57F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

06:31:48.0813 1052 amdkmdag - ok

06:31:48.0829 1052 [ DC24D6F38F17C0D643D9AA8A6852F8D0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

06:31:48.0829 1052 amdkmdap - ok

06:31:48.0845 1052 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

06:31:48.0845 1052 AmdPPM - ok

06:31:48.0860 1052 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

06:31:48.0860 1052 amdsata - ok

06:31:48.0876 1052 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

06:31:48.0876 1052 amdsbs - ok

06:31:48.0891 1052 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

06:31:48.0891 1052 amdxata - ok

06:31:48.0923 1052 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

06:31:48.0923 1052 AppID - ok

06:31:48.0938 1052 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

06:31:48.0938 1052 AppIDSvc - ok

06:31:48.0938 1052 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

06:31:48.0938 1052 Appinfo - ok

06:31:48.0954 1052 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

06:31:48.0954 1052 arc - ok

06:31:48.0969 1052 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

06:31:48.0969 1052 arcsas - ok

06:31:48.0985 1052 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

06:31:48.0985 1052 AsyncMac - ok

06:31:49.0001 1052 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

06:31:49.0001 1052 atapi - ok

06:31:49.0032 1052 [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

06:31:49.0047 1052 AtiHDAudioService - ok

06:31:49.0047 1052 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

06:31:49.0063 1052 AudioEndpointBuilder - ok

06:31:49.0079 1052 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

06:31:49.0079 1052 AudioSrv - ok

06:31:49.0094 1052 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

06:31:49.0110 1052 AxInstSV - ok

06:31:49.0141 1052 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

06:31:49.0141 1052 b06bdrv - ok

06:31:49.0172 1052 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

06:31:49.0172 1052 b57nd60a - ok

06:31:49.0219 1052 [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

06:31:49.0219 1052 BBSvc - ok

06:31:49.0235 1052 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

06:31:49.0235 1052 BBUpdate - ok

06:31:49.0250 1052 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

06:31:49.0250 1052 BDESVC - ok

06:31:49.0266 1052 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

06:31:49.0266 1052 Beep - ok

06:31:49.0297 1052 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

06:31:49.0328 1052 BFE - ok

06:31:49.0359 1052 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

06:31:49.0359 1052 BITS - ok

06:31:49.0391 1052 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

06:31:49.0391 1052 blbdrive - ok

06:31:49.0406 1052 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

06:31:49.0406 1052 bowser - ok

06:31:49.0422 1052 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

06:31:49.0422 1052 BrFiltLo - ok

06:31:49.0437 1052 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

06:31:49.0437 1052 BrFiltUp - ok

06:31:49.0469 1052 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

06:31:49.0469 1052 Browser - ok

06:31:49.0484 1052 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

06:31:49.0484 1052 Brserid - ok

06:31:49.0500 1052 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

06:31:49.0500 1052 BrSerWdm - ok

06:31:49.0515 1052 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

06:31:49.0515 1052 BrUsbMdm - ok

06:31:49.0531 1052 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

06:31:49.0531 1052 BrUsbSer - ok

06:31:49.0547 1052 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

06:31:49.0547 1052 BTHMODEM - ok

06:31:49.0578 1052 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

06:31:49.0578 1052 bthserv - ok

06:31:49.0593 1052 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

06:31:49.0593 1052 cdfs - ok

06:31:49.0625 1052 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

06:31:49.0625 1052 cdrom - ok

06:31:49.0640 1052 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

06:31:49.0640 1052 CertPropSvc - ok

06:31:49.0687 1052 [ 7C6B5BE2696DFD2D0BF6C9EE20326EF8 ] cfwids C:\Windows\system32\drivers\cfwids.sys

06:31:49.0687 1052 cfwids - ok

06:31:49.0703 1052 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

06:31:49.0703 1052 circlass - ok

06:31:49.0718 1052 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

06:31:49.0718 1052 CLFS - ok

06:31:49.0765 1052 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

06:31:49.0765 1052 clr_optimization_v2.0.50727_32 - ok

06:31:49.0781 1052 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

06:31:49.0781 1052 clr_optimization_v2.0.50727_64 - ok

06:31:49.0827 1052 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

06:31:49.0890 1052 clr_optimization_v4.0.30319_32 - ok

06:31:49.0937 1052 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

06:31:49.0937 1052 clr_optimization_v4.0.30319_64 - ok

06:31:49.0968 1052 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

06:31:49.0968 1052 CmBatt - ok

06:31:49.0968 1052 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

06:31:49.0968 1052 cmdide - ok

06:31:50.0015 1052 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

06:31:50.0015 1052 CNG - ok

06:31:50.0030 1052 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

06:31:50.0030 1052 Compbatt - ok

06:31:50.0061 1052 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

06:31:50.0061 1052 CompositeBus - ok

06:31:50.0061 1052 COMSysApp - ok

06:31:50.0077 1052 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

06:31:50.0077 1052 crcdisk - ok

06:31:50.0108 1052 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

06:31:50.0124 1052 CryptSvc - ok

06:31:50.0186 1052 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

06:31:50.0202 1052 cvhsvc - ok

06:31:50.0233 1052 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

06:31:50.0233 1052 DcomLaunch - ok

06:31:50.0280 1052 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

06:31:50.0280 1052 defragsvc - ok

06:31:50.0295 1052 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

06:31:50.0295 1052 DfsC - ok

06:31:50.0311 1052 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

06:31:50.0327 1052 Dhcp - ok

06:31:50.0327 1052 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

06:31:50.0327 1052 discache - ok

06:31:50.0358 1052 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

06:31:50.0358 1052 Disk - ok

06:31:50.0373 1052 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

06:31:50.0373 1052 Dnscache - ok

06:31:50.0389 1052 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

06:31:50.0389 1052 dot3svc - ok

06:31:50.0389 1052 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

06:31:50.0389 1052 DPS - ok

06:31:50.0420 1052 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

06:31:50.0420 1052 drmkaud - ok

06:31:50.0436 1052 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

06:31:50.0451 1052 DXGKrnl - ok

06:31:50.0467 1052 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

06:31:50.0467 1052 EapHost - ok

06:31:50.0529 1052 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

06:31:50.0561 1052 ebdrv - ok

06:31:50.0576 1052 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

06:31:50.0576 1052 EFS - ok

06:31:50.0607 1052 [ 18DD872DD46ACB24E106DC2C9C270466 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

06:31:50.0607 1052 EgisTec Ticket Service - ok

06:31:50.0654 1052 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

06:31:50.0670 1052 ehRecvr - ok

06:31:50.0670 1052 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

06:31:50.0685 1052 ehSched - ok

06:31:50.0717 1052 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

06:31:50.0717 1052 elxstor - ok

06:31:50.0732 1052 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

06:31:50.0732 1052 ErrDev - ok

06:31:50.0748 1052 [ CFBA28FAB72E6A39ADD71D958F219648 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys

06:31:50.0748 1052 EtronHub3 - ok

06:31:50.0748 1052 [ 0241CE183139FF15CEA7234058CCF995 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys

06:31:50.0748 1052 EtronXHCI - ok

06:31:50.0779 1052 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

06:31:50.0779 1052 EventSystem - ok

06:31:50.0810 1052 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

06:31:50.0810 1052 exfat - ok

06:31:50.0826 1052 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

06:31:50.0826 1052 fastfat - ok

06:31:50.0857 1052 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

06:31:50.0873 1052 Fax - ok

06:31:50.0873 1052 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

06:31:50.0873 1052 fdc - ok

06:31:50.0888 1052 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

06:31:50.0888 1052 fdPHost - ok

06:31:50.0904 1052 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

06:31:50.0904 1052 FDResPub - ok

06:31:50.0919 1052 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

06:31:50.0919 1052 FileInfo - ok

06:31:50.0919 1052 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

06:31:50.0919 1052 Filetrace - ok

06:31:50.0951 1052 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

06:31:50.0951 1052 flpydisk - ok

06:31:50.0966 1052 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

06:31:50.0966 1052 FltMgr - ok

06:31:50.0997 1052 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

06:31:51.0013 1052 FontCache - ok

06:31:51.0044 1052 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

06:31:51.0044 1052 FontCache3.0.0.0 - ok

06:31:51.0060 1052 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

06:31:51.0060 1052 FsDepends - ok

06:31:51.0075 1052 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

06:31:51.0091 1052 Fs_Rec - ok

06:31:51.0107 1052 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

06:31:51.0107 1052 fvevol - ok

06:31:51.0107 1052 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

06:31:51.0122 1052 gagp30kx - ok

06:31:51.0169 1052 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

06:31:51.0185 1052 GamesAppService - ok

06:31:51.0200 1052 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

06:31:51.0216 1052 gpsvc - ok

06:31:51.0247 1052 [ C9B2D1D3F86FD3673EF847DEF73B6F9E ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

06:31:51.0247 1052 GREGService - ok

06:31:51.0309 1052 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

06:31:51.0309 1052 gupdate - ok

06:31:51.0325 1052 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

06:31:51.0325 1052 gupdatem - ok

06:31:51.0341 1052 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

06:31:51.0356 1052 gusvc - ok

06:31:51.0372 1052 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

06:31:51.0372 1052 hcw85cir - ok

06:31:51.0403 1052 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

06:31:51.0419 1052 HdAudAddService - ok

06:31:51.0434 1052 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

06:31:51.0434 1052 HDAudBus - ok

06:31:51.0434 1052 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

06:31:51.0450 1052 HidBatt - ok

06:31:51.0450 1052 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

06:31:51.0450 1052 HidBth - ok

06:31:51.0465 1052 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

06:31:51.0465 1052 HidIr - ok

06:31:51.0481 1052 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

06:31:51.0481 1052 hidserv - ok

06:31:51.0512 1052 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

06:31:51.0512 1052 HidUsb - ok

06:31:51.0559 1052 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys

06:31:51.0559 1052 HipShieldK - ok

06:31:51.0575 1052 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

06:31:51.0575 1052 hkmsvc - ok

06:31:51.0575 1052 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

06:31:51.0590 1052 HomeGroupListener - ok

06:31:51.0606 1052 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

06:31:51.0606 1052 HomeGroupProvider - ok

06:31:51.0621 1052 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

06:31:51.0621 1052 HpSAMD - ok

06:31:51.0653 1052 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

06:31:51.0653 1052 HTTP - ok

06:31:51.0668 1052 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

06:31:51.0668 1052 hwpolicy - ok

06:31:51.0699 1052 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

06:31:51.0699 1052 i8042prt - ok

06:31:51.0731 1052 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

06:31:51.0731 1052 iaStor - ok

06:31:51.0777 1052 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

06:31:51.0777 1052 IAStorDataMgrSvc - ok

06:31:51.0809 1052 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

06:31:51.0809 1052 iaStorV - ok

06:31:51.0840 1052 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

06:31:51.0855 1052 idsvc - ok

06:31:51.0887 1052 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

06:31:51.0887 1052 iirsp - ok

06:31:51.0918 1052 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

06:31:51.0918 1052 IKEEXT - ok

06:31:51.0996 1052 [ A0C2C3D4C03C4FB896CFC53873784178 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

06:31:52.0011 1052 IntcAzAudAddService - ok

06:31:52.0027 1052 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

06:31:52.0027 1052 intelide - ok

06:31:52.0058 1052 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

06:31:52.0058 1052 intelppm - ok

06:31:52.0058 1052 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

06:31:52.0074 1052 IPBusEnum - ok

06:31:52.0074 1052 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

06:31:52.0074 1052 IpFilterDriver - ok

06:31:52.0105 1052 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

06:31:52.0121 1052 iphlpsvc - ok

06:31:52.0121 1052 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

06:31:52.0136 1052 IPMIDRV - ok

06:31:52.0136 1052 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

06:31:52.0136 1052 IPNAT - ok

06:31:52.0167 1052 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

06:31:52.0167 1052 IRENUM - ok

06:31:52.0199 1052 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

06:31:52.0199 1052 isapnp - ok

06:31:52.0214 1052 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

06:31:52.0214 1052 iScsiPrt - ok

06:31:52.0230 1052 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

06:31:52.0230 1052 kbdclass - ok

06:31:52.0261 1052 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

06:31:52.0261 1052 kbdhid - ok

06:31:52.0277 1052 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

06:31:52.0277 1052 KeyIso - ok

06:31:52.0308 1052 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

06:31:52.0308 1052 KSecDD - ok

06:31:52.0323 1052 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

06:31:52.0323 1052 KSecPkg - ok

06:31:52.0323 1052 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

06:31:52.0323 1052 ksthunk - ok

06:31:52.0355 1052 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

06:31:52.0355 1052 KtmRm - ok

06:31:52.0386 1052 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

06:31:52.0386 1052 LanmanServer - ok

06:31:52.0417 1052 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

06:31:52.0417 1052 LanmanWorkstation - ok

06:31:52.0464 1052 [ B705C7097F9A0EC941D02DCE7C7D426C ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe

06:31:52.0479 1052 Live Updater Service - ok

06:31:52.0495 1052 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

06:31:52.0495 1052 lltdio - ok

06:31:52.0526 1052 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

06:31:52.0526 1052 lltdsvc - ok

06:31:52.0542 1052 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

06:31:52.0542 1052 lmhosts - ok

06:31:52.0557 1052 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

06:31:52.0557 1052 LMS - ok

06:31:52.0589 1052 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

06:31:52.0589 1052 LSI_FC - ok

06:31:52.0604 1052 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

06:31:52.0604 1052 LSI_SAS - ok

06:31:52.0620 1052 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

06:31:52.0620 1052 LSI_SAS2 - ok

06:31:52.0635 1052 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

06:31:52.0635 1052 LSI_SCSI - ok

06:31:52.0651 1052 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

06:31:52.0651 1052 luafv - ok

06:31:52.0713 1052 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

06:31:52.0713 1052 McAfee SiteAdvisor Service - ok

06:31:52.0745 1052 [ 9504F1DDA1B67FB8D526FD4F8CC882F3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe

06:31:52.0760 1052 McAWFwk - ok

06:31:52.0760 1052 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

06:31:52.0760 1052 McMPFSvc - ok

06:31:52.0776 1052 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

06:31:52.0776 1052 mcmscsvc - ok

06:31:52.0791 1052 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

06:31:52.0791 1052 McNaiAnn - ok

06:31:52.0807 1052 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

06:31:52.0807 1052 McNASvc - ok

06:31:52.0854 1052 [ BE7C8C3F8FE52D8F7826E14CF11DE949 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe

06:31:52.0854 1052 McODS - ok

06:31:52.0854 1052 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

06:31:52.0854 1052 McOobeSv - ok

06:31:52.0869 1052 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

06:31:52.0869 1052 McProxy - ok

06:31:52.0885 1052 [ D4F9C8CE2D7D5B9A1F739AADEBFFCA6F ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

06:31:52.0885 1052 McShield - ok

06:31:52.0901 1052 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

06:31:52.0901 1052 Mcx2Svc - ok

06:31:52.0916 1052 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

06:31:52.0932 1052 megasas - ok

06:31:52.0947 1052 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

06:31:52.0963 1052 MegaSR - ok

06:31:52.0979 1052 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

06:31:52.0979 1052 MEIx64 - ok

06:31:52.0994 1052 [ C73B93FED17829F11273459DA05E1976 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys

06:31:52.0994 1052 mfeapfk - ok

06:31:53.0010 1052 [ 298C065BB9E09D5F14CCD9E8244DE4A0 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys

06:31:53.0010 1052 mfeavfk - ok

06:31:53.0025 1052 mfeavfk01 - ok

06:31:53.0041 1052 [ AB66AF840EF1667AA73DDA6CE987D0E1 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

06:31:53.0041 1052 mfefire - ok

06:31:53.0072 1052 [ 4D604F0B85E98C5AD99B89AF72A4E28A ] mfefirek C:\Windows\system32\drivers\mfefirek.sys

06:31:53.0088 1052 mfefirek - ok

06:31:53.0135 1052 [ 85AFDEAD1366BED11A84A5C6FC0A65D2 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys

06:31:53.0150 1052 mfehidk - ok

06:31:53.0150 1052 [ 1B08579938FD72626D92F3C2219903EA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys

06:31:53.0150 1052 mferkdet - ok

06:31:53.0166 1052 [ 984BBBB9BE02EF838DABDF3F3126A91B ] mfevtp C:\Windows\system32\mfevtps.exe

06:31:53.0181 1052 mfevtp - ok

06:31:53.0181 1052 [ 6251BE428073704FF1002231520C8F16 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys

06:31:53.0197 1052 mfewfpk - ok

06:31:53.0213 1052 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

06:31:53.0213 1052 MMCSS - ok

06:31:53.0228 1052 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

06:31:53.0228 1052 Modem - ok

06:31:53.0259 1052 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

06:31:53.0259 1052 monitor - ok

06:31:53.0291 1052 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

06:31:53.0291 1052 mouclass - ok

06:31:53.0291 1052 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

06:31:53.0291 1052 mouhid - ok

06:31:53.0322 1052 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

06:31:53.0322 1052 mountmgr - ok

06:31:53.0337 1052 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

06:31:53.0337 1052 mpio - ok

06:31:53.0337 1052 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

06:31:53.0353 1052 mpsdrv - ok

06:31:53.0369 1052 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

06:31:53.0369 1052 MpsSvc - ok

06:31:53.0384 1052 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

06:31:53.0384 1052 MRxDAV - ok

06:31:53.0415 1052 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

06:31:53.0415 1052 mrxsmb - ok

06:31:53.0431 1052 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

06:31:53.0447 1052 mrxsmb10 - ok

06:31:53.0462 1052 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

06:31:53.0462 1052 mrxsmb20 - ok

06:31:53.0478 1052 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

06:31:53.0478 1052 msahci - ok

06:31:53.0493 1052 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

06:31:53.0493 1052 msdsm - ok

06:31:53.0509 1052 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

06:31:53.0509 1052 MSDTC - ok

06:31:53.0540 1052 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

06:31:53.0540 1052 Msfs - ok

06:31:53.0540 1052 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

06:31:53.0540 1052 mshidkmdf - ok

06:31:53.0556 1052 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

06:31:53.0556 1052 msisadrv - ok

06:31:53.0587 1052 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

06:31:53.0587 1052 MSiSCSI - ok

06:31:53.0587 1052 msiserver - ok

06:31:53.0603 1052 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

06:31:53.0603 1052 MSK80Service - ok

06:31:53.0634 1052 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

06:31:53.0634 1052 MSKSSRV - ok

06:31:53.0634 1052 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

06:31:53.0634 1052 MSPCLOCK - ok

06:31:53.0649 1052 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

06:31:53.0649 1052 MSPQM - ok

06:31:53.0665 1052 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

06:31:53.0665 1052 MsRPC - ok

06:31:53.0681 1052 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

06:31:53.0681 1052 mssmbios - ok

06:31:53.0696 1052 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

06:31:53.0696 1052 MSTEE - ok

06:31:53.0712 1052 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

06:31:53.0712 1052 MTConfig - ok

06:31:53.0712 1052 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

06:31:53.0727 1052 Mup - ok

06:31:53.0743 1052 [ C009123B206C56854F4E88596035231D ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

06:31:53.0743 1052 mwlPSDFilter - ok

06:31:53.0743 1052 [ BF3739EEB9F008B1DEBAC115089A53F8 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

06:31:53.0743 1052 mwlPSDNServ - ok

06:31:53.0759 1052 [ 38DD143D95E7A01B86F219DDA9C28779 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

06:31:53.0759 1052 mwlPSDVDisk - ok

06:31:53.0774 1052 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

06:31:53.0790 1052 napagent - ok

06:31:53.0821 1052 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

06:31:53.0837 1052 NativeWifiP - ok

06:31:53.0868 1052 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe

06:31:53.0868 1052 NAUpdate - ok

06:31:53.0915 1052 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

06:31:53.0930 1052 NDIS - ok

06:31:53.0946 1052 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

06:31:53.0946 1052 NdisCap - ok

06:31:53.0961 1052 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

06:31:53.0961 1052 NdisTapi - ok

06:31:53.0961 1052 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

06:31:53.0977 1052 Ndisuio - ok

06:31:53.0993 1052 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

06:31:53.0993 1052 NdisWan - ok

06:31:54.0008 1052 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

06:31:54.0008 1052 NDProxy - ok

06:31:54.0024 1052 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

06:31:54.0024 1052 NetBIOS - ok

06:31:54.0024 1052 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

06:31:54.0024 1052 NetBT - ok

06:31:54.0039 1052 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

06:31:54.0055 1052 Netlogon - ok

06:31:54.0086 1052 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

06:31:54.0086 1052 Netman - ok

06:31:54.0102 1052 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

06:31:54.0102 1052 netprofm - ok

06:31:54.0117 1052 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

06:31:54.0117 1052 NetTcpPortSharing - ok

06:31:54.0149 1052 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

06:31:54.0149 1052 nfrd960 - ok

06:31:54.0164 1052 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

06:31:54.0164 1052 NlaSvc - ok

06:31:54.0180 1052 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

06:31:54.0180 1052 Npfs - ok

06:31:54.0195 1052 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

06:31:54.0195 1052 nsi - ok

06:31:54.0211 1052 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

06:31:54.0211 1052 nsiproxy - ok

06:31:54.0258 1052 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

06:31:54.0289 1052 Ntfs - ok

06:31:54.0305 1052 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

06:31:54.0305 1052 Null - ok

06:31:54.0320 1052 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

06:31:54.0320 1052 nvraid - ok

06:31:54.0351 1052 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

06:31:54.0351 1052 nvstor - ok

06:31:54.0383 1052 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

06:31:54.0383 1052 nv_agp - ok

06:31:54.0414 1052 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

06:31:54.0414 1052 ohci1394 - ok

06:31:54.0429 1052 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

06:31:54.0429 1052 ose - ok

06:31:54.0539 1052 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

06:31:54.0585 1052 osppsvc - ok

06:31:54.0601 1052 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

06:31:54.0601 1052 p2pimsvc - ok

06:31:54.0617 1052 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

06:31:54.0617 1052 p2psvc - ok

06:31:54.0632 1052 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

06:31:54.0632 1052 Parport - ok

06:31:54.0663 1052 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

06:31:54.0663 1052 partmgr - ok

06:31:54.0663 1052 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

06:31:54.0679 1052 PcaSvc - ok

06:31:54.0695 1052 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

06:31:54.0695 1052 pci - ok

06:31:54.0710 1052 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

06:31:54.0710 1052 pciide - ok

06:31:54.0726 1052 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

06:31:54.0726 1052 pcmcia - ok

06:31:54.0741 1052 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

06:31:54.0741 1052 pcw - ok

06:31:54.0757 1052 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

06:31:54.0757 1052 PEAUTH - ok

06:31:54.0835 1052 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

06:31:54.0835 1052 PerfHost - ok

06:31:54.0882 1052 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

06:31:54.0897 1052 pla - ok

06:31:54.0929 1052 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

06:31:54.0929 1052 PlugPlay - ok

06:31:54.0944 1052 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

06:31:54.0944 1052 PNRPAutoReg - ok

06:31:54.0944 1052 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

06:31:54.0960 1052 PNRPsvc - ok

06:31:54.0975 1052 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

06:31:54.0975 1052 PolicyAgent - ok

06:31:55.0007 1052 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

06:31:55.0007 1052 Power - ok

06:31:55.0038 1052 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

06:31:55.0038 1052 PptpMiniport - ok

06:31:55.0053 1052 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

06:31:55.0053 1052 Processor - ok

06:31:55.0085 1052 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

06:31:55.0085 1052 ProfSvc - ok

06:31:55.0085 1052 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

06:31:55.0085 1052 ProtectedStorage - ok

06:31:55.0100 1052 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

06:31:55.0116 1052 Psched - ok

06:31:55.0163 1052 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

06:31:55.0178 1052 ql2300 - ok

06:31:55.0194 1052 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

06:31:55.0194 1052 ql40xx - ok

06:31:55.0209 1052 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

06:31:55.0225 1052 QWAVE - ok

06:31:55.0225 1052 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

06:31:55.0225 1052 QWAVEdrv - ok

06:31:55.0256 1052 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

06:31:55.0256 1052 RasAcd - ok

06:31:55.0287 1052 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

06:31:55.0287 1052 RasAgileVpn - ok

06:31:55.0287 1052 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

06:31:55.0303 1052 RasAuto - ok

06:31:55.0303 1052 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

06:31:55.0319 1052 Rasl2tp - ok

06:31:55.0319 1052 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

06:31:55.0334 1052 RasMan - ok

06:31:55.0350 1052 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

06:31:55.0350 1052 RasPppoe - ok

06:31:55.0365 1052 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

06:31:55.0365 1052 RasSstp - ok

06:31:55.0381 1052 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

06:31:55.0381 1052 rdbss - ok

06:31:55.0397 1052 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

06:31:55.0397 1052 rdpbus - ok

06:31:55.0397 1052 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

06:31:55.0397 1052 RDPCDD - ok

06:31:55.0428 1052 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

06:31:55.0428 1052 RDPENCDD - ok

06:31:55.0428 1052 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

06:31:55.0428 1052 RDPREFMP - ok

06:31:55.0459 1052 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

06:31:55.0459 1052 RDPWD - ok

06:31:55.0490 1052 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

06:31:55.0490 1052 rdyboost - ok

06:31:55.0521 1052 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

06:31:55.0521 1052 RemoteAccess - ok

06:31:55.0537 1052 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

06:31:55.0537 1052 RemoteRegistry - ok

06:31:55.0553 1052 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

06:31:55.0553 1052 RpcEptMapper - ok

06:31:55.0553 1052 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

06:31:55.0553 1052 RpcLocator - ok

06:31:55.0584 1052 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

06:31:55.0584 1052 RpcSs - ok

06:31:55.0599 1052 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

06:31:55.0599 1052 rspndr - ok

06:31:55.0631 1052 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

06:31:55.0631 1052 RTL8167 - ok

06:31:55.0646 1052 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

06:31:55.0646 1052 SamSs - ok

06:31:55.0662 1052 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

06:31:55.0662 1052 sbp2port - ok

06:31:55.0677 1052 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

06:31:55.0677 1052 SCardSvr - ok

06:31:55.0693 1052 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

06:31:55.0693 1052 scfilter - ok

06:31:55.0724 1052 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

06:31:55.0740 1052 Schedule - ok

06:31:55.0755 1052 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

06:31:55.0755 1052 SCPolicySvc - ok

06:31:55.0771 1052 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

06:31:55.0771 1052 SDRSVC - ok

06:31:55.0818 1052 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

06:31:55.0818 1052 secdrv - ok

06:31:55.0818 1052 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

06:31:55.0818 1052 seclogon - ok

06:31:55.0833 1052 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

06:31:55.0833 1052 SENS - ok

06:31:55.0865 1052 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

06:31:55.0865 1052 SensrSvc - ok

06:31:55.0880 1052 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

06:31:55.0880 1052 Serenum - ok

06:31:55.0911 1052 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

06:31:55.0911 1052 Serial - ok

06:31:55.0927 1052 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

06:31:55.0927 1052 sermouse - ok

06:31:55.0943 1052 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

06:31:55.0943 1052 SessionEnv - ok

06:31:55.0958 1052 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

06:31:55.0958 1052 sffdisk - ok

06:31:55.0974 1052 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

06:31:55.0974 1052 sffp_mmc - ok

06:31:55.0989 1052 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

06:31:55.0989 1052 sffp_sd - ok

06:31:56.0005 1052 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

06:31:56.0005 1052 sfloppy - ok

06:31:56.0036 1052 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys

06:31:56.0052 1052 Sftfs - ok

06:31:56.0083 1052 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

06:31:56.0083 1052 sftlist - ok

06:31:56.0099 1052 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys

06:31:56.0114 1052 Sftplay - ok

06:31:56.0130 1052 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

06:31:56.0130 1052 Sftredir - ok

06:31:56.0130 1052 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys

06:31:56.0145 1052 Sftvol - ok

06:31:56.0161 1052 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

06:31:56.0161 1052 sftvsa - ok

06:31:56.0177 1052 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

06:31:56.0192 1052 SharedAccess - ok

06:31:56.0208 1052 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

06:31:56.0223 1052 ShellHWDetection - ok

06:31:56.0239 1052 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

06:31:56.0239 1052 SiSRaid2 - ok

06:31:56.0255 1052 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

06:31:56.0255 1052 SiSRaid4 - ok

06:31:56.0286 1052 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

06:31:56.0286 1052 SkypeUpdate - ok

06:31:56.0301 1052 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

06:31:56.0301 1052 Smb - ok

06:31:56.0333 1052 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

06:31:56.0333 1052 SNMPTRAP - ok

06:31:56.0348 1052 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

06:31:56.0348 1052 spldr - ok

06:31:56.0395 1052 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

06:31:56.0395 1052 Spooler - ok

06:31:56.0457 1052 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

06:31:56.0489 1052 sppsvc - ok

06:31:56.0504 1052 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

06:31:56.0504 1052 sppuinotify - ok

06:31:56.0520 1052 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

06:31:56.0520 1052 srv - ok

06:31:56.0535 1052 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

06:31:56.0535 1052 srv2 - ok

06:31:56.0551 1052 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

06:31:56.0551 1052 srvnet - ok

06:31:56.0598 1052 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

06:31:56.0598 1052 SSDPSRV - ok

06:31:56.0598 1052 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

06:31:56.0613 1052 SstpSvc - ok

06:31:56.0629 1052 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

06:31:56.0629 1052 stexstor - ok

06:31:56.0645 1052 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

06:31:56.0660 1052 stisvc - ok

06:31:56.0660 1052 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

06:31:56.0660 1052 swenum - ok

06:31:56.0691 1052 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

06:31:56.0691 1052 swprv - ok

06:31:56.0723 1052 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

06:31:56.0754 1052 SysMain - ok

06:31:56.0754 1052 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

06:31:56.0754 1052 TabletInputService - ok

06:31:56.0754 1052 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

06:31:56.0769 1052 TapiSrv - ok

06:31:56.0769 1052 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

06:31:56.0769 1052 TBS - ok

06:31:56.0816 1052 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

06:31:56.0832 1052 Tcpip - ok

06:31:56.0863 1052 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

06:31:56.0863 1052 TCPIP6 - ok

06:31:56.0879 1052 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

06:31:56.0879 1052 tcpipreg - ok

06:31:56.0894 1052 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

06:31:56.0894 1052 TDPIPE - ok

06:31:56.0925 1052 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

06:31:56.0925 1052 TDTCP - ok

06:31:56.0925 1052 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

06:31:56.0925 1052 tdx - ok

06:31:56.0941 1052 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

06:31:56.0941 1052 TermDD - ok

06:31:56.0972 1052 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

06:31:56.0988 1052 TermService - ok

06:31:57.0003 1052 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

06:31:57.0003 1052 Themes - ok

06:31:57.0003 1052 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

06:31:57.0019 1052 THREADORDER - ok

06:31:57.0019 1052 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

06:31:57.0035 1052 TrkWks - ok

06:31:57.0066 1052 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

06:31:57.0081 1052 TrustedInstaller - ok

06:31:57.0097 1052 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

06:31:57.0097 1052 tssecsrv - ok

06:31:57.0113 1052 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

06:31:57.0113 1052 TsUsbFlt - ok

06:31:57.0128 1052 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

06:31:57.0144 1052 TsUsbGD - ok

06:31:57.0159 1052 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

06:31:57.0159 1052 tunnel - ok

06:31:57.0175 1052 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

06:31:57.0175 1052 uagp35 - ok

06:31:57.0191 1052 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

06:31:57.0206 1052 udfs - ok

06:31:57.0222 1052 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

06:31:57.0222 1052 UI0Detect - ok

06:31:57.0237 1052 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

06:31:57.0253 1052 uliagpkx - ok

06:31:57.0269 1052 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

06:31:57.0269 1052 umbus - ok

06:31:57.0284 1052 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

06:31:57.0284 1052 UmPass - ok

06:31:57.0347 1052 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

06:31:57.0378 1052 UNS - ok

06:31:57.0393 1052 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

06:31:57.0393 1052 upnphost - ok

06:31:57.0409 1052 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

06:31:57.0425 1052 usbccgp - ok

06:31:57.0440 1052 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

06:31:57.0440 1052 usbcir - ok

06:31:57.0456 1052 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

06:31:57.0456 1052 usbehci - ok

06:31:57.0456 1052 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

06:31:57.0471 1052 usbhub - ok

06:31:57.0487 1052 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

06:31:57.0487 1052 usbohci - ok

06:31:57.0487 1052 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys

06:31:57.0487 1052 usbprint - ok

06:31:57.0503 1052 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

06:31:57.0503 1052 USBSTOR - ok

06:31:57.0518 1052 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

06:31:57.0518 1052 usbuhci - ok

06:31:57.0534 1052 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

06:31:57.0534 1052 UxSms - ok

06:31:57.0549 1052 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

06:31:57.0549 1052 VaultSvc - ok

06:31:57.0581 1052 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

06:31:57.0581 1052 vdrvroot - ok

06:31:57.0596 1052 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

06:31:57.0596 1052 vds - ok

06:31:57.0612 1052 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

06:31:57.0612 1052 vga - ok

06:31:57.0627 1052 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

06:31:57.0627 1052 VgaSave - ok

06:31:57.0643 1052 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

06:31:57.0643 1052 vhdmp - ok

06:31:57.0659 1052 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

06:31:57.0659 1052 viaide - ok

06:31:57.0690 1052 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

06:31:57.0690 1052 volmgr - ok

06:31:57.0705 1052 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

06:31:57.0705 1052 volmgrx - ok

06:31:57.0705 1052 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

06:31:57.0721 1052 volsnap - ok

06:31:57.0737 1052 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

06:31:57.0737 1052 vsmraid - ok

06:31:57.0768 1052 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

06:31:57.0799 1052 VSS - ok

06:31:57.0799 1052 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

06:31:57.0815 1052 vwifibus - ok

06:31:57.0815 1052 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

06:31:57.0815 1052 W32Time - ok

06:31:57.0830 1052 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

06:31:57.0830 1052 WacomPen - ok

06:31:57.0861 1052 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

06:31:57.0861 1052 WANARP - ok

06:31:57.0877 1052 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

06:31:57.0877 1052 Wanarpv6 - ok

06:31:57.0924 1052 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

06:31:57.0939 1052 WatAdminSvc - ok

06:31:57.0971 1052 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

06:31:58.0002 1052 wbengine - ok

06:31:58.0002 1052 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

06:31:58.0017 1052 WbioSrvc - ok

06:31:58.0017 1052 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

06:31:58.0017 1052 wcncsvc - ok

06:31:58.0033 1052 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

06:31:58.0033 1052 WcsPlugInService - ok

06:31:58.0049 1052 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

06:31:58.0049 1052 Wd - ok

06:31:58.0080 1052 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

06:31:58.0095 1052 Wdf01000 - ok

06:31:58.0095 1052 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

06:31:58.0095 1052 WdiServiceHost - ok

06:31:58.0095 1052 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

06:31:58.0111 1052 WdiSystemHost - ok

06:31:58.0111 1052 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

06:31:58.0111 1052 WebClient - ok

06:31:58.0111 1052 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

06:31:58.0127 1052 Wecsvc - ok

06:31:58.0127 1052 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

06:31:58.0127 1052 wercplsupport - ok

06:31:58.0158 1052 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

06:31:58.0158 1052 WerSvc - ok

06:31:58.0173 1052 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

06:31:58.0173 1052 WfpLwf - ok

06:31:58.0205 1052 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

06:31:58.0205 1052 WIMMount - ok

06:31:58.0205 1052 WinDefend - ok

06:31:58.0220 1052 WinHttpAutoProxySvc - ok

06:31:58.0267 1052 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

06:31:58.0267 1052 Winmgmt - ok

06:31:58.0329 1052 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

06:31:58.0345 1052 WinRM - ok

06:31:58.0407 1052 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

06:31:58.0423 1052 Wlansvc - ok

06:31:58.0470 1052 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

06:31:58.0470 1052 wlcrasvc - ok

06:31:58.0532 1052 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

06:31:58.0548 1052 wlidsvc - ok

06:31:58.0563 1052 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

06:31:58.0563 1052 WmiAcpi - ok

06:31:58.0579 1052 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

06:31:58.0579 1052 wmiApSrv - ok

06:31:58.0600 1052 WMPNetworkSvc - ok

06:31:58.0631 1052 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

06:31:58.0631 1052 WPCSvc - ok

06:31:58.0646 1052 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

06:31:58.0646 1052 WPDBusEnum - ok

06:31:58.0662 1052 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

06:31:58.0662 1052 ws2ifsl - ok

06:31:58.0678 1052 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

06:31:58.0678 1052 wscsvc - ok

06:31:58.0693 1052 WSearch - ok

06:31:58.0756 1052 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

06:31:58.0771 1052 wuauserv - ok

06:31:58.0802 1052 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

06:31:58.0802 1052 WudfPf - ok

06:31:58.0818 1052 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

06:31:58.0818 1052 WUDFRd - ok

06:31:58.0865 1052 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

06:31:58.0865 1052 wudfsvc - ok

06:31:58.0880 1052 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

06:31:58.0896 1052 WwanSvc - ok

06:31:58.0912 1052 ================ Scan global ===============================

06:31:58.0927 1052 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

06:31:58.0958 1052 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

06:31:58.0974 1052 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

06:31:58.0990 1052 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

06:31:58.0990 1052 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

06:31:59.0005 1052 [Global] - ok

06:31:59.0005 1052 ================ Scan MBR ==================================

06:31:59.0005 1052 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

06:31:59.0224 1052 \Device\Harddisk0\DR0 - ok

06:31:59.0224 1052 ================ Scan VBR ==================================

06:31:59.0224 1052 [ 666DB5D4C473294D7E98D3D8C270DA8E ] \Device\Harddisk0\DR0\Partition1

06:31:59.0224 1052 \Device\Harddisk0\DR0\Partition1 - ok

06:31:59.0239 1052 [ 4B7CBDBD6D68398718FBC988A825725E ] \Device\Harddisk0\DR0\Partition2

06:31:59.0239 1052 \Device\Harddisk0\DR0\Partition2 - ok

06:31:59.0239 1052 ============================================================

06:31:59.0239 1052 Scan finished

06:31:59.0239 1052 ============================================================

06:31:59.0255 6100 Detected object count: 0

06:31:59.0255 6100 Actual detected object count: 0

06:35:54.0659 1280 Deinitialize success

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Ann [Admin rights]

Mode : Scan -- Date : 12/05/2012 07:06:49

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721010CLA332 +++++

--- User ---

[MBR] 7aa4213f974f2cb375bd1eca7eeb4d0c

[bSP] aa906253d323b0f50c7d83b119aeaadf : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 17408 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 35653632 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 35858432 | Size: 936359 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_12052012_02d0706.txt >>

RKreport[1]_S_12052012_02d0706.txt

Link to post
Share on other sites

  • Close any open documents/programs & all internet browsers you have running.
  • Please start AdwCleaner
  • Click on Delete button.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
  • Note: You can find the logfile at C:\AdwCleaner[s1]

Step 2

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Please close any of your open windows/programs and exit; saving any open work you have.

Go slow and careful. This is a Custom scan. Have infinite patience while it runs.

Temporarily turn OFF your antivirus program so that it does not interfere. Leave the firewall on

For a how-to-reference, see this How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %ALLUSERSPROFILE%\Application Data\*.dll /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    c:|crossride;true;true;true; /FP
    c:|conduit;true;true;true; /FP
    c:|Fun4IM;true;true;true; /FP
    c:|Bandoo;true;true;true; /FP
    c:|Searchn;true;true;true; /FP
    c:|Searchq;true;true;true; /FP
    c:|datamngr;true;true;true; /FP
    c:|iLivid;true;true;true; /FP
    c:|whitesmoke;true;true;true; /FP
    c:|services.ex;true;true;true; /FP
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %systemroot%\*. /mp /s
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • :excl: Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please Copy & Paste the contents OTL log(s) .

Link to post
Share on other sites

# AdwCleaner v2.011 - Logfile created 12/06/2012 at 16:36:15

# Updated 02/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Ann - ANN-PC

# Boot Mode : Normal

# Running from : C:\Users\Ann\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Ann\AppData\Local\TempDir

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKLM\Software\Freeze.com

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Ann\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1152 octets] - [05/12/2012 06:26:56]

AdwCleaner[s1].txt - [1095 octets] - [06/12/2012 16:36:15]

########## EOF - C:\AdwCleaner[s1].txt - [1155 octets] ##########

OTL.Txt

OTL logfile created on: 12/6/2012 4:52:19 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ann\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.16 Gb Available Physical Memory | 77.13% Memory free

15.96 Gb Paging File | 13.87 Gb Available in Paging File | 86.90% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 914.41 Gb Total Space | 872.62 Gb Free Space | 95.43% Space Free | Partition Type: NTFS

Drive D: | 148.16 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ANN-PC | User Name: Ann | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/06 16:49:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ann\Desktop\OTL.exe

PRC - [2012/11/13 20:23:33 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe

PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/08/10 22:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

PRC - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

PRC - [2011/05/12 19:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe

PRC - [2011/04/02 16:34:42 | 000,340,848 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

PRC - [2011/03/28 21:49:06 | 000,408,432 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

PRC - [2011/03/28 21:48:54 | 000,202,608 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

PRC - [2010/12/20 05:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/11/06 02:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/10 22:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

MOD - [2011/08/10 22:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/09/10 16:47:50 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)

SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)

SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)

SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)

SRV:64bit: - [2012/07/17 13:52:28 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2012/07/17 13:49:24 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV:64bit: - [2012/07/17 13:47:42 | 000,237,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV:64bit: - [2011/10/25 21:01:00 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)

SRV:64bit: - [2011/03/08 19:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)

SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/11/13 20:23:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/06/07 15:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)

SRV - [2011/05/12 19:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011/04/02 16:09:38 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)

SRV - [2010/12/20 05:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/12/20 05:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/11/06 02:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/05/04 14:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/17 13:55:40 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)

DRV:64bit: - [2012/07/17 13:52:38 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2012/07/17 13:51:16 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2012/07/17 13:50:36 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2012/07/17 13:49:36 | 000,513,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)

DRV:64bit: - [2012/07/17 13:48:54 | 000,300,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2012/07/17 13:48:34 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2012/04/20 15:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/10/25 22:05:12 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/10/25 20:22:00 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/07/20 07:13:49 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2011/07/20 07:13:49 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2011/07/20 07:13:49 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2011/06/30 01:03:04 | 000,054,784 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)

DRV:64bit: - [2011/06/30 01:03:02 | 000,077,696 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)

DRV:64bit: - [2011/06/06 17:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2011/05/16 09:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/06 02:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/10/19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com/

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{59341C84-B1DF-4EB7-A361-F6C051A03289}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120518,17118,0,18,0

IE - HKCU\..\SearchScopes\{93275085-64E3-48A1-8957-B5AE35C771FC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/25 07:43:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/10/25 15:18:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/10/25 17:52:47 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll

CHR - Extension: SiteAdvisor = C:\Users\Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120626214502.dll (McAfee, Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120626214502.dll (McAfee, Inc.)

O2 - BHO: (ReadKiddoRead Giving Assistant) - {96C9D85F-79BE-2CC6-4A70-9FDBE6E83105} - C:\Program Files (x86)\ReadKiddoRead Giving Assistant\bho32.dll (trigger.io)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} http://www.worldwinner.com/games/v47/skillgam/skillgam.cab (SkillGam Control)

O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} http://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab (WWHearts Control)

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.17.114 74.128.19.102

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15879CE4-7E4D-444A-92FC-92B6C0AD6FBB}: DhcpNameServer = 74.128.17.114 74.128.19.102

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/11/16 19:53:50 | 000,000,131 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\{c68a1b4d-40dc-11e1-aeec-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{c68a1b4d-40dc-11e1-aeec-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2010/11/16 19:53:50 | 000,297,832 | R--- | M] (Hewlett-Packard Co.)

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - File not found

MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SafeBootMin:64bit: MCODS - C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SafeBootNet:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SafeBootNet:64bit: MCODS - C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()

SafeBootNet:64bit: mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)

SafeBootNet:64bit: mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)

SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)

SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)

SafeBootNet:64bit: mfevtp - C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{aafa5c78-3f99-4996-b6c5-2521f0ad7120} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/06 16:49:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ann\Desktop\OTL.exe

[2012/12/06 16:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2012/12/05 06:37:33 | 000,000,000 | ---D | C] -- C:\Users\Ann\Desktop\RK_Quarantine

[2012/12/05 06:28:46 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ann\Desktop\tdsskiller.exe

[2012/12/03 20:58:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/12/03 20:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/12/03 20:57:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2012/12/01 11:20:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReadKiddoRead Giving Assistant

[2012/11/28 00:42:55 | 000,000,000 | ---D | C] -- C:\Users\Ann\AppData\Roaming\Jewel Match 3

[2012/11/15 03:08:53 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys

[2012/11/15 03:08:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll

[2012/11/15 03:06:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/11/15 03:06:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/11/15 03:06:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/11/15 03:06:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/11/15 03:06:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/11/15 03:06:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/11/15 03:06:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/11/15 03:06:09 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/11/15 03:06:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/11/15 03:06:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/11/15 03:06:09 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/11/15 03:06:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/11/15 03:06:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/11/15 03:06:08 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/11/15 03:06:08 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/11/15 03:06:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012/11/15 03:03:22 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll

[2012/11/15 03:03:22 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe

[2012/11/15 03:03:22 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll

[2012/11/15 03:03:22 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll

[2012/11/14 21:59:57 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll

[2012/11/14 21:59:57 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll

[2012/11/14 21:59:57 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll

[2012/11/14 21:59:52 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll

[2012/11/14 21:59:52 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll

[2012/11/14 21:59:51 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll

[2012/11/14 21:59:51 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll

[2012/11/14 21:59:51 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll

[2012/11/14 21:59:51 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll

[2012/11/14 21:59:38 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll

[2012/11/14 21:59:38 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/06 16:49:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ann\Desktop\OTL.exe

[2012/12/06 16:47:47 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/12/06 16:47:47 | 000,624,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/12/06 16:47:47 | 000,106,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/12/06 16:46:27 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk

[2012/12/06 16:46:23 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/12/06 16:37:29 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/12/06 16:37:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/12/06 16:37:19 | 2131,955,711 | -HS- | M] () -- C:\hiberfil.sys

[2012/12/06 16:11:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/12/05 20:20:06 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/12/05 20:20:06 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/12/05 06:37:31 | 000,752,128 | ---- | M] () -- C:\Users\Ann\Desktop\RogueKiller.exe

[2012/12/05 06:28:52 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ann\Desktop\tdsskiller.exe

[2012/12/05 06:25:36 | 000,540,743 | ---- | M] () -- C:\Users\Ann\Desktop\adwcleaner.exe

[2012/12/03 20:57:30 | 000,000,932 | ---- | M] () -- C:\Users\Ann\Desktop\NTREGOPT.lnk

[2012/12/03 20:57:30 | 000,000,913 | ---- | M] () -- C:\Users\Ann\Desktop\ERUNT.lnk

[2012/12/01 21:15:57 | 000,002,622 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk

[2012/11/29 17:12:44 | 000,002,382 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/11/15 03:27:10 | 000,342,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/11/13 20:53:49 | 000,017,833 | ---- | M] () -- C:\Users\Ann\Desktop\baby.jpg

[2012/11/13 20:23:33 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/11/13 20:23:33 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/11/12 21:59:23 | 000,051,944 | ---- | M] () -- C:\Users\Ann\Documents\Facebook photo.jpg

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/05 06:37:28 | 000,752,128 | ---- | C] () -- C:\Users\Ann\Desktop\RogueKiller.exe

[2012/12/05 06:25:33 | 000,540,743 | ---- | C] () -- C:\Users\Ann\Desktop\adwcleaner.exe

[2012/12/04 15:24:47 | 000,001,832 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk

[2012/12/03 20:57:30 | 000,000,932 | ---- | C] () -- C:\Users\Ann\Desktop\NTREGOPT.lnk

[2012/12/03 20:57:30 | 000,000,913 | ---- | C] () -- C:\Users\Ann\Desktop\ERUNT.lnk

[2012/11/15 03:08:54 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2012/11/15 03:03:22 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2012/11/13 20:54:21 | 000,017,833 | ---- | C] () -- C:\Users\Ann\Desktop\baby.jpg

[2012/11/12 21:59:23 | 000,051,944 | ---- | C] () -- C:\Users\Ann\Documents\Facebook photo.jpg

[2012/05/01 16:23:16 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/01/17 02:35:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/11/21 00:00:01 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2011/11/21 00:00:01 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2011/11/20 23:59:59 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/10/26 00:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll

[2011/10/26 00:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %ALLUSERSPROFILE%\Application Data\*.dll /s >

< %APPDATA%\*. >

[2012/05/01 16:16:01 | 000,000,000 | ---D | M] -- C:\Users\Ann\AppData\Roaming\Adobe

[2012/05/12 12:37:36 | 000,000,000 | ---D | M] -- C:\Users\Ann\AppData\Roaming\Apple Computer

[2012/05/02 22:06:07 | 000,000,000 | ---D | M] -- C:\Users\Ann\AppData\Roaming\ATI

[2012/05/01 05:03:06 | 000,000,000 | ---D | M] -- C:\Users\Ann\AppData\Roaming\CyberLink

[2012/05/24 11:13:31 | 000,000,000 | ---D | M] -- C:\Users\Ann\AppData\Roaming\HpUpdate

[2012/05/01 05:06:55 | 000,000,000 | ---D | M] -- C:\Users\Ann\AppData\Roaming\Identities

[2012/12/01 23:46:44 | 000,000,000 | ---D | M] -- C:\Users\Ann\AppData\Roaming\Jewel Match 3

[2012/01/17 02:52:33 | 000,000,000 | ---D | M] -- C:\Users\Ann\AppData\Roaming\Macromedia

[2012/06/26 08:05:13 | 000,000,000 | ---D | M] -- C:\Users\Ann\AppData\Roaming\Malwarebytes

[2010/11/21 02:16:41 | 000,000,000 | ---D | M] -- C:\Users\Ann\AppData\Roaming\Media Center Programs

[2012/12/04 13:02:53 | 000,000,000 | --SD | M] -- C:\Users\Ann\AppData\Roaming\Microsoft

[2012/05/01 05:07:08 | 000,000,000 | ---D | M] -- C:\Users\Ann\AppData\Roaming\OEM

[2012/09/13 02:01:23 | 000,000,000 | ---D | M] -- C:\Users\Ann\AppData\Roaming\Skype

[2012/05/16 17:06:15 | 000,000,000 | ---D | M] -- C:\Users\Ann\AppData\Roaming\SoftGrid Client

[2012/05/01 16:23:42 | 000,000,000 | ---D | M] -- C:\Users\Ann\AppData\Roaming\TP

[2012/09/10 18:17:45 | 000,000,000 | ---D | M] -- C:\Users\Ann\AppData\Roaming\WildTangent

< %APPDATA%\*.exe /s >

[2012/01/17 02:52:30 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Ann\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2012/12/01 21:15:54 | 001,007,576 | ---- | M] (WildTangent) -- C:\Users\Ann\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe

[2012/12/01 21:15:54 | 000,000,179 | ---- | M] () -- C:\Users\Ann\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe_filedata

[2012/05/21 20:34:34 | 000,571,040 | ---- | M] (WildTangent, Inc.) -- C:\Users\Ann\AppData\Roaming\WildTangent\WildTangent Games\App\Update\Updater.exe

< %SYSTEMDRIVE%\*.exe >

< c:|crossride;true;true;true; /FP >

< c:|conduit;true;true;true; /FP >

< c:|Fun4IM;true;true;true; /FP >

< c:|Bandoo;true;true;true; /FP >

< c:|Searchn;true;true;true; /FP >

< c:|Searchq;true;true;true; /FP >

< c:|datamngr;true;true;true; /FP >

< c:|iLivid;true;true;true; /FP >

< c:|whitesmoke;true;true;true; /FP >

< c:|services.ex;true;true;true; /FP >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %systemroot%\*. /mp /s >

< >

< End of report >

Link to post
Share on other sites

Extras.Txt

OTL Extras logfile created on: 12/6/2012 4:52:19 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ann\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.16 Gb Available Physical Memory | 77.13% Memory free

15.96 Gb Paging File | 13.87 Gb Available in Paging File | 86.90% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 914.41 Gb Total Space | 872.62 Gb Free Space | 95.43% Space Free | Partition Type: NTFS

Drive D: | 148.16 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ANN-PC | User Name: Ann | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03DD76BF-2722-4B44-9F37-7A4B646DB80B}" = lport=445 | protocol=6 | dir=in | app=system |

"{12DAD40E-E93A-475E-8073-1B87CD0E6CCA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{18AA6BA9-9E7E-44FA-B71F-2A0D68164FE4}" = rport=139 | protocol=6 | dir=out | app=system |

"{1ED66BDC-0BA5-4F3B-BB99-009E60901F68}" = lport=138 | protocol=17 | dir=in | app=system |

"{2D614339-91B0-455D-BB30-980C15C667F1}" = lport=137 | protocol=17 | dir=in | app=system |

"{30FD5AE7-CCCD-485F-BE24-8E30D5BA7931}" = lport=2869 | protocol=6 | dir=in | app=system |

"{313E6DCF-F9CC-4E34-8C57-1FEE26DB3C8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{38B43A79-DA31-4281-8033-9B3B4C21F473}" = lport=139 | protocol=6 | dir=in | app=system |

"{3FE63241-3D85-4170-AD03-E1018C98C02E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{52B697BB-E1B7-42AB-99FC-A97895994556}" = rport=137 | protocol=17 | dir=out | app=system |

"{5FA326C7-6189-4C0B-A816-AD2D02858595}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{63E3D08F-4589-4880-9A6B-16A6E2471AF1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7A856773-89FB-49FC-BA59-8D47F6E28E44}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9441E43E-100A-42B7-A537-E82A31297126}" = lport=10243 | protocol=6 | dir=in | app=system |

"{98F9914F-996A-4CA2-94A2-2AA4D712C47B}" = rport=445 | protocol=6 | dir=out | app=system |

"{BD6EF95D-3605-47D4-B81B-A63347024058}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{C213B077-2DA5-40ED-BBCD-F3AA35381B16}" = rport=10243 | protocol=6 | dir=out | app=system |

"{D178B2D6-105C-4314-906C-84747FEF4CD3}" = rport=138 | protocol=17 | dir=out | app=system |

"{E3EA0410-7516-4936-8E40-43E85FCD0895}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{E8A9451B-17B1-40B9-95E0-121C21E77FBF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{ECE36354-D6CF-4FA6-821C-EA492F7590A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F4C44EB4-5639-4531-9283-61243D9550F3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{FD0C0173-C9C0-4C2E-89BA-E04AAD7B9E7F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0A779F4B-02D5-43E5-AB9F-E8DD5E1700C3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{0D1A7EE2-CF0D-41F3-9F52-9BFBB99BB2CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{1A614889-B357-418A-93C1-8CF7C5A48D13}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{1E8CCDD3-695D-49C2-B31A-19B005FF331D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{2A37A321-6E6C-4F8F-A823-B4D7F4D74EEE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{349936E4-5931-4008-9CA6-671893C76BA7}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\playmovie.exe |

"{3DBB6CB5-B5C0-4443-BC64-142BEED5F6B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{3F9C143F-9856-444F-B2D2-D273810ED623}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{51957934-A893-41FE-A472-A18DD1CC57C8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{692E9B7E-A9AB-4BFB-9C47-423BF9554DB5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{6BBF95E3-82DE-46B2-A395-BFA7B95D54F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6BD52674-7F2F-4DBD-8DF3-9CD74C431054}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{7199DDE4-FE8C-4E44-91CE-7DDC2C968989}" = protocol=6 | dir=out | app=system |

"{7A1FD750-8672-4D22-B427-0EE39E012234}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{7E273BA0-BFA0-41B9-8C40-795AEB971B78}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{823D2E32-EF4A-432D-BA4A-F8D1B2273051}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{8C270DFF-E312-4131-B5A0-6F74A8BE7B84}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{8F49A705-1957-4F72-88CE-44EC88B57D02}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{97258D0A-94A7-437C-86EE-3D67AED73743}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |

"{99498A1D-C468-4E2F-B567-BE4596EBEEB5}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{A31040BD-8D5E-48B7-B9D2-AA5E9ABA9AFE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A323F125-296F-423E-970A-E68D9EE81234}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A507B5D7-D903-4A8F-BD7B-4EB29ADFD52F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{A9203854-F878-402F-B173-5E440830B40E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A9DE6043-4C78-4B9F-B6AE-0F33DF9FFF8D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{AEEF59E8-4EDA-4B2F-8E47-CB60D7B0FCDE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{B4C50D4F-C442-4120-A228-8828CD21048B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{B4D0FD09-8C00-4D0C-BC01-7249BB74F464}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{BC1BB76B-BF3E-45FD-AF04-E5D3E68C46FD}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |

"{C19E401B-9B64-4591-A188-C8309BE7AD47}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{E9A0E8E3-F081-44BD-A0F0-896B0C01470E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{FE3048FA-3506-4D86-B48D-0EE8914B2066}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker

"{1A570BFA-D775-47EE-8071-06E9559C14F5}" = HP Deskjet 1000 J110 series Product Improvement Study

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder

"{41F41196-D050-A938-B1E4-7478160C091F}" = AMD Drag and Drop Transcoding

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{66B57223-522B-F018-CB82-04478543A9A9}" = AMD Media Foundation Decoders

"{682EBE5A-58A4-37ED-7D1B-5AB6182BF8D5}" = AMD Catalyst Install Manager

"{7C4EEB43-480E-2A06-2E06-3EABFE6CD68E}" = ccc-utility64

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{883B114D-BD3E-498F-9DAD-5E4A8E1C43BA}" = HP Deskjet 1000 J110 series Basic Device Software

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DEDB22C7-C2A6-FE67-8EE8-F68419CE2351}" = AMD AVIVO64 Codecs

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1BAAC418-61ED-A9BF-88B4-4150905E077D}" = CCC Help Czech

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2354721E-EDA1-66BB-B755-19F647013B9A}" = CCC Help Polish

"{23561A29-1FCA-7797-4E4F-77DB769DBBC7}" = CCC Help Chinese Traditional

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9

"{2D562EE1-26F5-A195-3F22-742F1E8E19C1}" = CCC Help Spanish

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10

"{3465C127-18FF-6B5F-859A-B0535E6222A8}" = CCC Help Thai

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3748B706-ED0E-2E00-3C2E-1EEC3C4AADF5}" = CCC Help Greek

"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{403C4540-234F-C4BB-8E55-FAD4B99D0885}" = CCC Help Chinese Standard

"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A53FD99-30A3-7B82-5182-4E9721CE9B4C}" = CCC Help Russian

"{4A8A9C55-1A58-4E41-F8B6-129C2FFAC1BB}" = CCC Help Danish

"{4C3F221A-10AF-8DDE-B0CB-4F24A0B072A7}" = CCC Help Portuguese

"{4D5610C3-0F08-14CF-5E1A-D50951181DFF}" = CCC Help Norwegian

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5FC83AC7-99AA-47B4-4BB7-251F6030DCD4}" = CCC Help English

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{62157F8A-7815-5745-F908-C094A621B24F}" = CCC Help Japanese

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{88E5DC49-1610-947E-B789-756DEE8C103C}" = CCC Help French

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{93D105DA-8BA8-CBE0-584D-768F70AE3A37}" = CCC Help Finnish

"{9640032F-BC7A-5091-4DCC-999AB125865B}" = Catalyst Control Center

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A8F4FBA-1E55-927F-5AE5-77117DC8101D}" = CCC Help German

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{9FB97172-79F4-EC7B-E923-1610B0780321}" = CCC Help Korean

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA4E0D1D-0983-DBCA-E1D0-3C7D0B3CBD5F}" = CCC Help Hungarian

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI

"{ADB118EC-3B73-41A1-8D07-0AC162C75958}" = Catalyst Control Center - Branding

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)

"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder

"{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{C90E6406-258E-0F5B-79DC-518AD28B0550}" = CCC Help Italian

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0F8E88A-F8B0-BF0F-A392-68D1AAB1F1C3}" = Catalyst Control Center InstallProxy

"{E8CCAEA7-A3BE-F0CF-0730-28FC67FD1CFE}" = Catalyst Control Center Localization All

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{EE73EE5D-AD14-C6C6-3600-0109091B24A0}" = CCC Help Turkish

"{F03F836B-95B8-7900-25F5-EB897B27869D}" = CCC Help Dutch

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)

"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE18CE47-FC66-A80E-EC14-5EA4D78652B4}" = CCC Help Swedish

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"ERUNT_is1" = ERUNT 1.1j

"Google Chrome" = Google Chrome

"Hotkey Utility" = Hotkey Utility

"HP Photo Creations" = HP Photo Creations

"Identity Card" = Identity Card

"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"MSC" = McAfee Internet Security Suite

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"ReadKiddoRead Giving Assistant" = ReadKiddoRead Giving Assistant (remove only)

"WildTangent acer Master Uninstall" = Acer Games

"WinLiveSuite" = Windows Live Essentials

"WTA-04dd55f8-e0ba-401b-978d-7b98bf877a16" = Mystery of Mortlake Mansion

"WTA-0a375ba2-5b00-4071-9603-598af0dd50c0" = Chronicles of Albian

"WTA-28a40607-988a-43cd-bfa1-50fc0827ec8b" = Agatha Christie - Death on the Nile

"WTA-2da92596-353c-4bc3-9e4c-ecbe089f98c7" = Bejeweled 2 Deluxe

"WTA-3b892dc9-8f08-4d63-af22-181c17eda3f5" = Polar Golfer

"WTA-5837a942-b718-4c5e-aaf2-74d1524a9efa" = Penguins!

"WTA-588e09d1-7dc7-4d9f-8956-47bff8f6ecee" = Cradle of Rome 2

"WTA-6a076e3f-86bc-4c18-9c14-121e584803c3" = Torchlight

"WTA-7167e2b5-8d39-4593-97b8-d49a38da0b27" = Jewel Match 3

"WTA-7b73d7be-aab8-4aae-8132-2199cda9b0eb" = Zuma's Revenge

"WTA-be6712a9-bd84-40e2-ba57-57ef848bdefa" = Build-a-lot 4 - Power Source

"WTA-c6e54f9f-4eae-498e-8ea1-b3b838885899" = Virtual Villagers 5 - New Believers

"WTA-d8508b40-164d-46c8-b746-e4b75c61ad6f" = Plants vs. Zombies - Game of the Year

"WTA-ec2649b3-787a-4810-8c83-f6f9b48ad0a0" = Polar Bowler

"WTA-f1c5d98a-a0d2-4f95-85f0-cd9069b43701" = Final Drive: Nitro

"WTA-f4010569-d235-4588-86c7-7150e3216c0e" = Dora's World Adventure

"WTA-fefdba0f-13d6-4108-b877-677e5705e3d7" = Governor of Poker 2 Premium Edition

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 11/24/2012 4:40:28 PM | Computer Name = Ann-PC | Source = Application Hang | ID = 1002

Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 8e4 Start

Time: 01cdca4c2912cf29 Termination Time: 0 Application Path: C:\Windows\Explorer.EXE

Report

Id: 0c94c8b0-3677-11e2-a632-e06995fa3a58

Error - 11/24/2012 4:43:03 PM | Computer Name = Ann-PC | Source = WinMgmt | ID = 10

Description =

Error - 11/24/2012 4:49:23 PM | Computer Name = Ann-PC | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request. The process will be terminated.

Thread

id : 4564 (0x11d4) Thread address : 0x00000000694187D6 Thread message : Build VSCORE.15.1.0.461

/ 5500.1093 Object being scanned = \Device\HarddiskVolume3\Windows\system32\wups.dll

by C:\Windows\System32\svchost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 11/25/2012 3:14:23 AM | Computer Name = Ann-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16455,

time stamp: 0x507284ba Faulting module name: Flash32_11_5_502_110.ocx, version: 11.5.502.110,

time stamp: 0x508de0c5 Exception code: 0xc0000005 Fault offset: 0x001a80fe Faulting

process id: 0x10b8 Faulting application start time: 0x01cdcaa6b9eb8e0b Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_5_502_110.ocx Report Id: bc60c8fc-36cf-11e2-9eb4-e06995fa3a58

Error - 11/25/2012 2:27:15 PM | Computer Name = Ann-PC | Source = WinMgmt | ID = 10

Description =

Error - 11/25/2012 2:39:36 PM | Computer Name = Ann-PC | Source = WinMgmt | ID = 10

Description =

Error - 11/25/2012 2:49:58 PM | Computer Name = Ann-PC | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request. The process will be terminated.

Thread

id : 3280 (0xcd0) Thread address : 0x0000000077B8135A Thread message : Build VSCORE.15.1.0.461

/ 5500.1093 Object being scanned = \Device\HarddiskVolume3\Windows\system32\sppsvc.exe

by C:\Windows\system32\services.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 11/25/2012 4:21:18 PM | Computer Name = Ann-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16455,

time stamp: 0x507284ba Faulting module name: Flash32_11_5_502_110.ocx, version: 11.5.502.110,

time stamp: 0x508de0c5 Exception code: 0xc0000005 Fault offset: 0x001a80fe Faulting

process id: 0x7f8 Faulting application start time: 0x01cdcb487542c6d3 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_5_502_110.ocx Report Id: aadc57c7-373d-11e2-9972-e06995fa3a58

Error - 11/25/2012 9:44:29 PM | Computer Name = Ann-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16455,

time stamp: 0x507284ba Faulting module name: Flash32_11_5_502_110.ocx, version: 11.5.502.110,

time stamp: 0x508de0c5 Exception code: 0xc0000005 Fault offset: 0x001a80fe Faulting

process id: 0xa28 Faulting application start time: 0x01cdcb4a91ec4d79 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_5_502_110.ocx Report Id: d0bef8fb-376a-11e2-9972-e06995fa3a58

Error - 11/26/2012 9:52:07 AM | Computer Name = Ann-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16455,

time stamp: 0x507284ba Faulting module name: Flash32_11_5_502_110.ocx, version: 11.5.502.110,

time stamp: 0x508de0c5 Exception code: 0xc0000005 Fault offset: 0x001a80fe Faulting

process id: 0x1434 Faulting application start time: 0x01cdcbc8a459757f Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_5_502_110.ocx Report Id: 772d34d3-37d0-11e2-9972-e06995fa3a58

[ Media Center Events ]

Error - 5/19/2012 2:28:15 PM | Computer Name = Ann-PC | Source = MCUpdate | ID = 0

Description = 2:28:15 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/20/2012 12:48:05 AM | Computer Name = Ann-PC | Source = MCUpdate | ID = 0

Description = 12:48:04 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/20/2012 12:28:15 PM | Computer Name = Ann-PC | Source = MCUpdate | ID = 0

Description = 12:28:15 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/21/2012 12:34:56 AM | Computer Name = Ann-PC | Source = MCUpdate | ID = 0

Description = 12:34:55 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/21/2012 12:04:40 PM | Computer Name = Ann-PC | Source = MCUpdate | ID = 0

Description = 12:04:40 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/22/2012 12:19:48 AM | Computer Name = Ann-PC | Source = MCUpdate | ID = 0

Description = 12:19:44 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/22/2012 11:30:02 AM | Computer Name = Ann-PC | Source = MCUpdate | ID = 0

Description = 11:30:02 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/22/2012 12:30:27 PM | Computer Name = Ann-PC | Source = MCUpdate | ID = 0

Description = 12:30:27 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/23/2012 9:14:44 AM | Computer Name = Ann-PC | Source = MCUpdate | ID = 0

Description = 9:14:41 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/23/2012 12:02:55 PM | Computer Name = Ann-PC | Source = MCUpdate | ID = 0

Description = 12:02:55 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

[ System Events ]

Error - 11/20/2012 3:18:50 AM | Computer Name = Ann-PC | Source = volsnap | ID = 393230

Description = The shadow copies of volume C: were aborted because of an IO failure

on volume C:.

Error - 11/21/2012 9:19:14 PM | Computer Name = Ann-PC | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 11/21/2012 9:19:15 PM | Computer Name = Ann-PC | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 11/21/2012 9:19:16 PM | Computer Name = Ann-PC | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 11/21/2012 9:37:08 PM | Computer Name = Ann-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Nero

Update service to connect.

Error - 11/21/2012 9:37:50 PM | Computer Name = Ann-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Software

Protection service to connect.

Error - 11/21/2012 9:37:50 PM | Computer Name = Ann-PC | Source = Service Control Manager | ID = 7000

Description = The Software Protection service failed to start due to the following

error: %%1053

Error - 11/21/2012 9:40:17 PM | Computer Name = Ann-PC | Source = Service Control Manager | ID = 7022

Description = The Windows Update service hung on starting.

Error - 11/21/2012 9:41:48 PM | Computer Name = Ann-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Intel®

Management and Security Application User Notification Service service to connect.

Error - 11/21/2012 9:41:48 PM | Computer Name = Ann-PC | Source = Service Control Manager | ID = 7000

Description = The Intel® Management and Security Application User Notification

Service service failed to start due to the following error: %%1053

< End of report >

Link to post
Share on other sites

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :OTL
    O4 - HKLM..\Run: [] File not found
    :files
    recycler /alldrives
    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c68a1b4d-40dc-11e1-aeec-806e6f6e6963}]
    :Commands
    [purity]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [emptyjava]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button runFixbutton.png.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 3

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

NEXT:

Please give this a try.

Go into Control Panel >> click on Windows Update item

Click on Change settings (at top left)

under Important updates, click on the down-arrow pull-down

Click on Never check for updates

press OK

Close the Control Panel window

Then Logoff and restart Windows fresh.

When ready, go back into Control Panel >> click on Windows Update item

Click on Change settings (at top left)

under Important updates, click on the down-arrow pull-down

Now make the selection that you need for automatic updates

press OK when done

Close the Control Panel window

Next, do a fresh visit to Windows Update. Kindly advise on results.

Link to post
Share on other sites

1) OTL log

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

========== FILES ==========

recycler not found in C:\

recycler not found in D:\

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c68a1b4d-40dc-11e1-aeec-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c68a1b4d-40dc-11e1-aeec-806e6f6e6963}\ not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Ann

->Temp folder emptied: 319809204 bytes

->Temporary Internet Files folder emptied: 353382020 bytes

->Java cache emptied: 425069185 bytes

->Google Chrome cache emptied: 126641262 bytes

->Flash cache emptied: 56991 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56468 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 220854908 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,379.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Ann

->Flash cache emptied: 0 bytes

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Ann

->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12082012_131056

Files\Folders moved on Reboot...

C:\Users\Ann\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

2) Checkup.txt

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

McAfee Anti-Virus and Anti-Spyware

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

JavaFX 2.1.1

Java 6 Update 31

Java 7 Update 9

Adobe Flash Player 11.4.402.287 Flash Player out of Date!

Adobe Reader 10.1.4 Adobe Reader out of Date!

Google Chrome 20.0.1132.57

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.95

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

3) FSS

Farbar Service Scanner Version: 07-12-2012

Ran by Ann (administrator) on 08-12-2012 at 13:28:55

Running from "C:\Users\Ann\Desktop"

Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

4) Windows Update

Only 5 optional updates were listed:

1) Advanced Micro Devices, Inc. - Display, Other hardware - AMD Radeon HD 7350

Download size: 39.7 MB

You may need to restart your computer for this update to take effect.

Update type: Optional

Advanced Micro Devices, Inc. Display, Other hardware software update released in November, 2011

More information:

http://winqual.microsoft.com/support/?driverid=20460901

Help and Support:

http://support.microsoft.com/select/?target=hub

2) Update for Windows 7 for x64-based Systems (KB2574819)

Download size: 2.0 MB

You may need to restart your computer for this update to take effect.

Update type: Optional

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

More information:

http://support.microsoft.com/kb/2574819

Help and Support:

http://support.microsoft.com

3) Update for Windows 7 for x64-based Systems (KB2592687)

Download size: 2.0 MB - 8.7 MB

You may need to restart your computer for this update to take effect.

Update type: Optional

The Remote Desktop Protocol 8.0 update enables you to use the new Remote Desktop Services features. These features are introduced in Windows 8 and in Windows Server 2012 and are available for computers that are running Windows 7 Service Pack 1 or Windows Server 2008 R2 Service Pack 1. After you install this item, you may have to restart your computer.

More information:

http://support.microsoft.com/kb/2592687

Help and Support:

http://support.microsoft.com

4) Update for Windows 7 for x64-based Systems (KB2709981)

Download size: 413 KB

You may need to restart your computer for this update to take effect.

Update type: Optional

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

More information:

http://support.microsoft.com/kb/2709981

Help and Support:

http://support.microsoft.com

5) Bing Desktop

Download size: 1.4 MB

Update type: Optional

Bing Desktop delivers the beauty of the Bing homepage to your Windows desktop each day. Plus, get easy access to the Bing search box right from your desktop. Turn your searching into doing with Bing.

More information:

http://support.microsoft.com/kb/2694771

Help and Support:

http://g.msn.com/2ewbingdesktop/downloadenus

It should be noted that on the final restart, the computer was extremely slow to respond, and once again the McAfee was curiously turned off. Once I manually turn it back on, then the computer starts responding better.

Link to post
Share on other sites

You have 1 Java runtime that is out-of-date and needing Uninstall.

Go to Control Panel >> Programs and Features & locate & Unistall

Java 6 Update 31

There are 2 utility programs that need removal & updating:

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Program and Features, Un-install Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

To de-install Flash Player

Use Programs and Features (Windows 7 & Vista) or Add-or-Remove Programs (Windows XP) to de-install older versions of Flash Player.

For stubborn cases,

Download and save the Flash Player uninstaller >> uninstall Flash Player for 32-bit Windows<<

If you have Windows 64-bit, use this Flash Player uninstaller >> uninstall Flash Player for 64-bit Windows<<

Close all browsers and instant messenger (IM) programs.

Run the uninstaller.

To get latest Flash Player

Go to http://www.adobe.com/go/getflash

and get the latest Flash Player

Un-Check any checkbox for Google Chrome, or McAfee Security Scan Plus, or any other widget or toolbar or add-on!!!

Reference: How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

http://support.microsoft.com/kb/827218

The FSS log-report is good.

What did you decide to do at Windows Update?

I would suggest you do not take any AMD hardware update from MS.

The remaining updates are Optional. Look them over and take those that you consider apply to your case.

As to the Bing Desktop, if you are not a heavy Bing user, skip that one.

Advise me if your main issue of "not geniune version" is now gone.

The slow startup (so called) after a run of OTL is not unusual. Your system will re-adjust as more time passes over next few days.

Link to post
Share on other sites

ok, completed the uninstalls and downloaded latest versions suggested....

as for the updates, as a general rule, I never download the updates that are listed as "optional", mainly because I don't know or understand what they are or why I may or may not need them.

The "not genuine version" is gone for now, but it always disappeared after a restart and reappeared after I was online for awhile, so I will see how things go today and let you know whether or not it comes back.

Also, is it now safe for me to delete/uninstall all of the various programs I have since we started this process?

Thanks so much Maurice for all the time you have spent with me on this, I truly appreciate it! :)

Link to post
Share on other sites

The "not genuine version" is back. I've had my computer online all day since I posted my last message, and it appeared at some point while I was online. When I shut down, I clear out my cache before getting off the internet, then shut the comp down. When I bring it back up, the message will be gone again until I get back online and stay connected for awhile.

Link to post
Share on other sites

I will guide you (later) to remove the downloads we'd done. Do not do that by yourself. All the tools are "not" active, so do not pose an issue.

Give me more detail on what you mean by

I get back online and stay connected for awhile.

Do you mean online websurfing?

If so, which browser is used ?

and what websites do you go to?

"where" does the message appear? in a browser window? or a message-box by the Windows taskbar ?

Do this for me, so I can do a review:

Using Internet Explorer (only), go to http://www.fiddlertool.com/ua.aspx

Highlight/select ONLY the red text at the very top of the page and copy it to your clipboard. Paste the contents of your clipboard into your next reply so I can review your current User Agent string.

AND tell me, If Internet Explorer is set as the default browser on this system?

Link to post
Share on other sites

1) yes, I mean online websurfing

2) Internet Explorer 9

3) facebook is what one of us is on when the message reappears (my kids also use this computer)

4) the message shows up on my desktop in white just above the lower right hand corner of the taskbar - that's why I don't see it until the internet is shut down

5) I have no clue what you mean by "copy it to your clipboard", but here is what was in the red text: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)

6) yes, Internet Explorer is the default browser

Link to post
Share on other sites

Your IE user agent string appears to have some odd info "BOIE9".

Did you get Internet Explorer 9 from microsoft ?

Do this next:

Use Internet Explorer only, and go to this link http://go.microsoft.com/?linkid=9646978

In the File Download dialog box, click Run, and then follow the steps in the wizard.

In the Reset Internet Explorer Settings dialog box, click Reset.

Click to select the Delete personal settings check box if you would also like to remove browsing history, search providers, Accelerators, home pages, Tracking Protection, and ActiveX Filtering data.

When Internet Explorer finishes applying default settings, click Close, and then click Close again.

Close Internet Explorer, and then restart it.

Step 2

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member mrbinky88 only. If you are a casual viewer, do NOT try this on your system!

If you are not mrbinky88 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Link to post
Share on other sites

In answer to your IE question, everything was preloaded on the computer, I did not have to get anything directly from Microsoft. Same with McAfee. I started with a preloaded free trial, then signed up for a year online.

ok, things went a little weird, let me explain:

First, I did what you said with Internet Explorer, except I did not:

Click to select the Delete personal settings check box if you would also like to remove browsing history, search providers, Accelerators, home pages, Tracking Protection, and ActiveX Filtering data.

Then, I came back here to follow your Combofix instructions. I clicked on Link 1, and clicked on Save As, to save to my desktop, I got a McAfee popup saying the publisher couldn't be verified, and clicked to download anyway, but then Combofix just started running. It closed IE automatically, and when I checked McAfee, it was already turned off as well. I didn't want to touch anything else because of all the warnings about stalling or stopping Combofix as it ran, so I let it go. It ran very quickly, finished in under 5 minutes. I got the popup file, clicked to save it. There was never a prompt to restart the computer, so I went ahead and did that. I never got any of the other prompts or popups you mentioned.

Then, when the computer came back up, I clicked on IE to get online, then on malwarebytes forums from my favorites list to get here. Then the computer stalled. It said the site wasn't responding, and did I want to recover the page. I tried to do that and it didn't work. So, I closed out IE in order to start all over again. This time, when I went to click on IE, it wouldn't come up. I also tried to click on the McAfee icon to make sure the antivirus was turned back on, and it wouldn't open. I waited it out, about 3-5 minutes, then both IE and McAfee opened, and things began to run as expected. Not sure if this is normal sluggishness after running Combofix or not.

Here is the Combofix log:

ComboFix 12-12-10.01 - Ann 12/10/2012 20:39:49.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8172.6929 [GMT -5:00]

Running from: c:\users\Ann\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Ann\AppData\Local\Temp\{FB10E1DA-473E-49D4-AB96-B26A09395E74}\fpb.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-11-11 to 2012-12-11 )))))))))))))))))))))))))))))))

.

.

2012-12-11 01:42 . 2012-12-11 01:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-04 01:57 . 2012-12-04 01:57 -------- d-----w- c:\program files (x86)\ERUNT

2012-12-01 16:20 . 2012-12-01 16:20 -------- d-----w- c:\program files (x86)\ReadKiddoRead Giving Assistant

2012-11-28 05:42 . 2012-12-02 04:46 -------- d-----w- c:\users\Ann\AppData\Roaming\Jewel Match 3

2012-11-15 08:08 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-15 08:08 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-15 08:08 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-15 08:08 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-15 08:03 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-15 08:03 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-15 08:03 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-15 08:03 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-15 08:03 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-15 08:03 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-15 08:03 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-15 08:03 . 2012-05-04 10:10 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-16 08:38 . 2012-11-28 20:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 20:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 20:00 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-09-29 23:54 . 2012-06-26 13:05 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-25 03:16 . 2012-10-20 04:24 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-14 19:19 . 2012-10-10 18:23 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 18:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]

"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]

R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]

R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-09 224704]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-03 1255736]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-07-20 22648]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-07-20 20520]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-07-20 62776]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-13 249648]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]

S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-06-30 54784]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-06-30 77696]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-08 19:36]

.

2012-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-04 03:28]

.

2012-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-04 03:28]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.insightbb.com/

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://acer.msn.com

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 74.128.17.114 74.128.19.102

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-10 20:44:24

ComboFix-quarantined-files.txt 2012-12-11 01:44

.

Pre-Run: 938,395,742,208 bytes free

Post-Run: 938,246,467,584 bytes free

.

- - End Of File - - 367DEBD5F8BDF546CC72956CAE0229C9

Link to post
Share on other sites

These steps are for mrbinky88 only. If you are a casual viewer, do NOT try this on your system!

If you are not mrbinky88 and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other system!

You will want to print out or copy these instructions to Notepad for offline reference!

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Remember: Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

For help reference, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

2. Open notepad and copy/paste the text in the quotebox below into it:


KILLALL::

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

3. Close any (all) open browsers.

4:

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log into a new reply.

Task 2

Go into Control Panel >> click on Windows Update item

Click on Change settings (at top left)

under Important updates, click on the down-arrow pull-down

Click on Never check for updates

press OK

Close the Control Panel window

Then Logoff and restart Windows fresh.

Task 3

When ready, go back into Control Panel >> click on Windows Update item

Click on Change settings (at top left)

under Important updates, click on the down-arrow pull-down

Now make the selection for "Download updates for me, but let me choose when to install them"

press OK when done

Close the Control Panel window

Task 4

download this tool from Microsoft (MGADiag.exe).

http://go.microsoft.com/fwlink/?linkid=52012

Double click on MGADiag.exe to run it.

Click Continue.

The program will run. It takes a while to finish the diagnosis, please be patient.

Once done, click on Copy.

Open Notepad and paste the contents in.

Save this file and post it in your next reply.

and tell me, How is the system now ?

and tell me, Is the McAfee subscription still current? When does it expire?

I'd want to make sure your antivirus subscription is still valid and getting updates.

Re-enable your antivirus program.

Link to post
Share on other sites

ComboFix 12-12-10.01 - Ann 12/11/2012 11:13:27.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8172.6867 [GMT -5:00]

Running from: c:\users\Ann\Desktop\ComboFix.exe

Command switches used :: c:\users\Ann\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-11-11 to 2012-12-11 )))))))))))))))))))))))))))))))

.

.

2012-12-11 16:16 . 2012-12-11 16:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-11 09:31 . 2012-12-11 09:31 -------- d-----w- c:\users\Ann\AppData\Local\Windows Live Writer

2012-12-11 09:31 . 2012-12-11 09:31 -------- d-----w- c:\users\Ann\AppData\Roaming\Windows Live Writer

2012-12-08 19:36 . 2012-12-08 19:36 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-08 19:36 . 2012-12-08 19:36 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-08 19:35 . 2012-12-08 19:35 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2012-12-08 18:10 . 2012-12-08 18:10 -------- d-----w- C:\_OTL

2012-12-04 01:57 . 2012-12-04 01:57 -------- d-----w- c:\program files (x86)\ERUNT

2012-12-01 16:20 . 2012-12-01 16:20 -------- d-----w- c:\program files (x86)\ReadKiddoRead Giving Assistant

2012-11-28 05:42 . 2012-12-02 04:46 -------- d-----w- c:\users\Ann\AppData\Roaming\Jewel Match 3

2012-11-15 08:08 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-15 08:08 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-15 08:08 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-15 08:08 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-15 08:03 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-15 08:03 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-15 08:03 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-15 08:03 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-15 08:03 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-15 08:03 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-15 08:03 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-15 08:03 . 2012-05-04 10:10 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-16 08:38 . 2012-11-28 20:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 20:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 20:00 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-09-29 23:54 . 2012-06-26 13:05 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-25 03:16 . 2012-10-20 04:24 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-14 19:19 . 2012-10-10 18:23 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 18:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]

"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]

R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]

R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-09 224704]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-03 1255736]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-07-20 22648]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-07-20 20520]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-07-20 62776]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-13 249648]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]

S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-06-30 54784]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-06-30 77696]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-08 19:36]

.

2012-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-04 03:28]

.

2012-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-04 03:28]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.insightbb.com/

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://acer.msn.com

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 74.128.17.114 74.128.19.102

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe

.

**************************************************************************

.

Completion time: 2012-12-11 11:19:35 - machine was rebooted

ComboFix-quarantined-files.txt 2012-12-11 16:19

ComboFix2.txt 2012-12-11 01:44

.

Pre-Run: 938,230,489,088 bytes free

Post-Run: 938,145,452,032 bytes free

.

- - End Of File - - A9325A287A14961CBEDD561977D51CD3

MGADiag

Spsys.log Content: 0x80070002

Licensing Data-->

Software licensing service version: 6.1.7601.17514

Name: Windows® 7, HomePremium edition

Description: Windows Operating System - Windows® 7, OEM_SLP channel

Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64

Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

Extended PID: 00359-00178-926-800006-02-1033-7601.0000-2012011

Installation ID: 008745662524482975310020132046831990465985417193427760

Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338

Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339

Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341

Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340

Partial Product Key: 7QJB7

License Status: Licensed

Remaining Windows rearm count: 2

Trusted time: 12/11/2012 11:46:11 AM

Windows Activation Technologies-->

HrOffline: 0x00000000

HrOnline: 0x00000000

HealthStatus: 0x0000000000000000

Event Time Stamp: 11:11:2012 21:34

ActiveX: Registered, Version: 7.1.7600.16395

Admin Service: Registered, Version: 7.1.7600.16395

HealthStatus Bitmask Output:

HWID Data-->

HWID Hash Current: LAAAAAEAAAABAAEAAQACAAAAAQABAAEAln3KSbLr6kL20Oi2Yj0IThKuLnM=

OEM Activation 1.0 Data-->

N/A

OEM Activation 2.0 Data-->

BIOS valid for OA 2.0: yes

Windows marker version: 0x20001

OEMID and OEMTableID Consistent: yes

BIOS Information:

ACPI Table Name OEMID Value OEMTableID Value

APIC ACRSYS ACRPRDCT

FACP ACRSYS ACRPRDCT

HPET ACRSYS ACRPRDCT

MCFG ACRSYS ACRPRDCT

SSDT ACRSYS ACRPRDCT

SLIC ACRSYS ACRPRDCT

No more "not genuine version" messages. Things are running SUPER slowly though... I'll give it a bit after all of the restarts and scans. My McAfee subscription is Active and doesn't expire until 6/30/13

Link to post
Share on other sites

The Combofix run is not like what I expected or what I had outlined.

Please confirm IF you ran the CFSCRIPT and drag & dropped it onto Combofix (red lion icon) like I asked for ??

As to slowness --- we may look at some point at really trimming down on your Windows auto-start applications.

Keep an ear and eyes out over the next day or two about the "not genuine" windows message.

Link to post
Share on other sites

Yes, I did exactly as you said. I still have the Directions notepad on my desktop and followed everything to the letter.

The slowness seems to have improved , and so far, no more "not genuine" messages. Keeping fingers crossed. Let me know when you would like another response, and what specifically you are looking for. Thank you! :)

Link to post
Share on other sites

Simply trying to determine why you'd been getting those "not genuine" prompts.

Yes, hopefully the slowness will dissipate over time.

At your next opportunity, do the following.

Please download Windows Repair (all in one) from here.

  • Install the program.
  • Please proceed to run it. On Vista, Windows 7 or 8, Right-click the executable and select Run as Administrator.
  • Go to Step 2 and allow it to run CheckDisk by clicking on the Do It button:
    p22001645.gif
  • Once that is done please go to Step 3 and allow it to run the System File Check by clicking on the Do It button:
    p22001646.gif
  • Go to Step 4 and under System Restore click on the Create button:
    p22001644.gif
  • Next, go to the Start Repairs tab and click the Start button.
    p22001166.gif
  • Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
    p22001647.gif
  • Click on the box next to the Restart System when Finished. Then click on Start.

Link to post
Share on other sites

Ok, I came here originally to tell you that the "not genuine" message was back. Then I received your message and responded. Next, I came here and followed all of your instructions above.

When I came back from the restart, I couldn't get online or even open something as simple as Games on my computer from the Start menu. I got a message saying that Windows explorer was not responding. Then it said Windows was searching for a solution, and I waited it out. Not sure what happened, but it seems to be responding ok now.

Two things I wanted to mention:

First, I actually received a phone call from someone saying that they were receiving Windows error messages from my computer. But the guy had such a heavy accent that I honestly could not understand what he was saying, and I tried really hard to comprehend because the whole phone call was so out of the blue given everything we've been working on here, I assumed it was legit. However, I haven't gotten another call.

Second, I notice that the computer has been locking up (should have mentioned this earlier) with a message of "> insert IE or webpage< not responding" then "Windows (or INternet Explorer) is searching for a solution to the problem" on a routine basis right before I would shut the internet down only to find the "not genuine" message on the desktop. Usually when this happens, I get off the internet, then restart the computer. But, about 1/3 of the time, I get the message that a program running is keeping the shut down from occurring. That program is: AMD:CCC-AEMCapturingWindow I bring this up because all of this happened again today right before I followed the steps in your last post.

The message is gone, again, hopefully for good.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.